btusb.c (112761B)
1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * 4 * Generic Bluetooth USB driver 5 * 6 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org> 7 */ 8 9#include <linux/dmi.h> 10#include <linux/module.h> 11#include <linux/usb.h> 12#include <linux/usb/quirks.h> 13#include <linux/firmware.h> 14#include <linux/iopoll.h> 15#include <linux/of_device.h> 16#include <linux/of_irq.h> 17#include <linux/suspend.h> 18#include <linux/gpio/consumer.h> 19#include <linux/debugfs.h> 20#include <asm/unaligned.h> 21 22#include <net/bluetooth/bluetooth.h> 23#include <net/bluetooth/hci_core.h> 24 25#include "btintel.h" 26#include "btbcm.h" 27#include "btrtl.h" 28#include "btmtk.h" 29 30#define VERSION "0.8" 31 32static bool disable_scofix; 33static bool force_scofix; 34static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND); 35static bool reset = true; 36 37static struct usb_driver btusb_driver; 38 39#define BTUSB_IGNORE BIT(0) 40#define BTUSB_DIGIANSWER BIT(1) 41#define BTUSB_CSR BIT(2) 42#define BTUSB_SNIFFER BIT(3) 43#define BTUSB_BCM92035 BIT(4) 44#define BTUSB_BROKEN_ISOC BIT(5) 45#define BTUSB_WRONG_SCO_MTU BIT(6) 46#define BTUSB_ATH3012 BIT(7) 47#define BTUSB_INTEL_COMBINED BIT(8) 48#define BTUSB_INTEL_BOOT BIT(9) 49#define BTUSB_BCM_PATCHRAM BIT(10) 50#define BTUSB_MARVELL BIT(11) 51#define BTUSB_SWAVE BIT(12) 52#define BTUSB_AMP BIT(13) 53#define BTUSB_QCA_ROME BIT(14) 54#define BTUSB_BCM_APPLE BIT(15) 55#define BTUSB_REALTEK BIT(16) 56#define BTUSB_BCM2045 BIT(17) 57#define BTUSB_IFNUM_2 BIT(18) 58#define BTUSB_CW6622 BIT(19) 59#define BTUSB_MEDIATEK BIT(20) 60#define BTUSB_WIDEBAND_SPEECH BIT(21) 61#define BTUSB_VALID_LE_STATES BIT(22) 62#define BTUSB_QCA_WCN6855 BIT(23) 63#define BTUSB_INTEL_BROKEN_SHUTDOWN_LED BIT(24) 64#define BTUSB_INTEL_BROKEN_INITIAL_NCMD BIT(25) 65#define BTUSB_INTEL_NO_WBS_SUPPORT BIT(26) 66 67static const struct usb_device_id btusb_table[] = { 68 /* Generic Bluetooth USB device */ 69 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) }, 70 71 /* Generic Bluetooth AMP device */ 72 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP }, 73 74 /* Generic Bluetooth USB interface */ 75 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) }, 76 77 /* Apple-specific (Broadcom) devices */ 78 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01), 79 .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 }, 80 81 /* MediaTek MT76x0E */ 82 { USB_DEVICE(0x0e8d, 0x763f) }, 83 84 /* Broadcom SoftSailing reporting vendor specific */ 85 { USB_DEVICE(0x0a5c, 0x21e1) }, 86 87 /* Apple MacBookPro 7,1 */ 88 { USB_DEVICE(0x05ac, 0x8213) }, 89 90 /* Apple iMac11,1 */ 91 { USB_DEVICE(0x05ac, 0x8215) }, 92 93 /* Apple MacBookPro6,2 */ 94 { USB_DEVICE(0x05ac, 0x8218) }, 95 96 /* Apple MacBookAir3,1, MacBookAir3,2 */ 97 { USB_DEVICE(0x05ac, 0x821b) }, 98 99 /* Apple MacBookAir4,1 */ 100 { USB_DEVICE(0x05ac, 0x821f) }, 101 102 /* Apple MacBookPro8,2 */ 103 { USB_DEVICE(0x05ac, 0x821a) }, 104 105 /* Apple MacMini5,1 */ 106 { USB_DEVICE(0x05ac, 0x8281) }, 107 108 /* AVM BlueFRITZ! USB v2.0 */ 109 { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE }, 110 111 /* Bluetooth Ultraport Module from IBM */ 112 { USB_DEVICE(0x04bf, 0x030a) }, 113 114 /* ALPS Modules with non-standard id */ 115 { USB_DEVICE(0x044e, 0x3001) }, 116 { USB_DEVICE(0x044e, 0x3002) }, 117 118 /* Ericsson with non-standard id */ 119 { USB_DEVICE(0x0bdb, 0x1002) }, 120 121 /* Canyon CN-BTU1 with HID interfaces */ 122 { USB_DEVICE(0x0c10, 0x0000) }, 123 124 /* Broadcom BCM20702B0 (Dynex/Insignia) */ 125 { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM }, 126 127 /* Broadcom BCM43142A0 (Foxconn/Lenovo) */ 128 { USB_VENDOR_AND_INTERFACE_INFO(0x105b, 0xff, 0x01, 0x01), 129 .driver_info = BTUSB_BCM_PATCHRAM }, 130 131 /* Broadcom BCM920703 (HTC Vive) */ 132 { USB_VENDOR_AND_INTERFACE_INFO(0x0bb4, 0xff, 0x01, 0x01), 133 .driver_info = BTUSB_BCM_PATCHRAM }, 134 135 /* Foxconn - Hon Hai */ 136 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01), 137 .driver_info = BTUSB_BCM_PATCHRAM }, 138 139 /* Lite-On Technology - Broadcom based */ 140 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01), 141 .driver_info = BTUSB_BCM_PATCHRAM }, 142 143 /* Broadcom devices with vendor specific id */ 144 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), 145 .driver_info = BTUSB_BCM_PATCHRAM }, 146 147 /* ASUSTek Computer - Broadcom based */ 148 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01), 149 .driver_info = BTUSB_BCM_PATCHRAM }, 150 151 /* Belkin F8065bf - Broadcom based */ 152 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01), 153 .driver_info = BTUSB_BCM_PATCHRAM }, 154 155 /* IMC Networks - Broadcom based */ 156 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01), 157 .driver_info = BTUSB_BCM_PATCHRAM }, 158 159 /* Dell Computer - Broadcom based */ 160 { USB_VENDOR_AND_INTERFACE_INFO(0x413c, 0xff, 0x01, 0x01), 161 .driver_info = BTUSB_BCM_PATCHRAM }, 162 163 /* Toshiba Corp - Broadcom based */ 164 { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01), 165 .driver_info = BTUSB_BCM_PATCHRAM }, 166 167 /* Intel Bluetooth USB Bootloader (RAM module) */ 168 { USB_DEVICE(0x8087, 0x0a5a), 169 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC }, 170 171 { } /* Terminating entry */ 172}; 173 174MODULE_DEVICE_TABLE(usb, btusb_table); 175 176static const struct usb_device_id blacklist_table[] = { 177 /* CSR BlueCore devices */ 178 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR }, 179 180 /* Broadcom BCM2033 without firmware */ 181 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE }, 182 183 /* Broadcom BCM2045 devices */ 184 { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 }, 185 186 /* Atheros 3011 with sflash firmware */ 187 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, 188 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, 189 { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE }, 190 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, 191 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE }, 192 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE }, 193 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, 194 195 /* Atheros AR9285 Malbec with sflash firmware */ 196 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, 197 198 /* Atheros 3012 with sflash firmware */ 199 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, 200 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, 201 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, 202 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, 203 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, 204 { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, 205 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, 206 { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 }, 207 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, 208 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, 209 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, 210 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, 211 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, 212 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, 213 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, 214 { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 }, 215 { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 }, 216 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, 217 { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 }, 218 { USB_DEVICE(0x04ca, 0x3018), .driver_info = BTUSB_ATH3012 }, 219 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, 220 { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 }, 221 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, 222 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, 223 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, 224 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, 225 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, 226 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, 227 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, 228 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, 229 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 }, 230 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, 231 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, 232 { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 }, 233 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, 234 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 235 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, 236 { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 }, 237 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 238 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, 239 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, 240 { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 }, 241 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, 242 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, 243 { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 }, 244 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, 245 { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 }, 246 { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, 247 { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 }, 248 { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 }, 249 250 /* Atheros AR5BBU12 with sflash firmware */ 251 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, 252 253 /* Atheros AR5BBU12 with sflash firmware */ 254 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 }, 255 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, 256 257 /* QCA ROME chipset */ 258 { USB_DEVICE(0x0cf3, 0x535b), .driver_info = BTUSB_QCA_ROME | 259 BTUSB_WIDEBAND_SPEECH }, 260 { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME | 261 BTUSB_WIDEBAND_SPEECH }, 262 { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME | 263 BTUSB_WIDEBAND_SPEECH }, 264 { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME | 265 BTUSB_WIDEBAND_SPEECH }, 266 { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME | 267 BTUSB_WIDEBAND_SPEECH }, 268 { USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME | 269 BTUSB_WIDEBAND_SPEECH }, 270 { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME | 271 BTUSB_WIDEBAND_SPEECH }, 272 { USB_DEVICE(0x0cf3, 0xe500), .driver_info = BTUSB_QCA_ROME | 273 BTUSB_WIDEBAND_SPEECH }, 274 { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME | 275 BTUSB_WIDEBAND_SPEECH }, 276 { USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME | 277 BTUSB_WIDEBAND_SPEECH }, 278 { USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME | 279 BTUSB_WIDEBAND_SPEECH }, 280 { USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME | 281 BTUSB_WIDEBAND_SPEECH }, 282 { USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME | 283 BTUSB_WIDEBAND_SPEECH }, 284 { USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME | 285 BTUSB_WIDEBAND_SPEECH }, 286 { USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME | 287 BTUSB_WIDEBAND_SPEECH }, 288 { USB_DEVICE(0x04ca, 0x3021), .driver_info = BTUSB_QCA_ROME | 289 BTUSB_WIDEBAND_SPEECH }, 290 { USB_DEVICE(0x13d3, 0x3491), .driver_info = BTUSB_QCA_ROME | 291 BTUSB_WIDEBAND_SPEECH }, 292 { USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME | 293 BTUSB_WIDEBAND_SPEECH }, 294 { USB_DEVICE(0x13d3, 0x3501), .driver_info = BTUSB_QCA_ROME | 295 BTUSB_WIDEBAND_SPEECH }, 296 297 /* QCA WCN6855 chipset */ 298 { USB_DEVICE(0x0cf3, 0xe600), .driver_info = BTUSB_QCA_WCN6855 | 299 BTUSB_WIDEBAND_SPEECH | 300 BTUSB_VALID_LE_STATES }, 301 { USB_DEVICE(0x0489, 0xe0cc), .driver_info = BTUSB_QCA_WCN6855 | 302 BTUSB_WIDEBAND_SPEECH | 303 BTUSB_VALID_LE_STATES }, 304 { USB_DEVICE(0x0489, 0xe0d6), .driver_info = BTUSB_QCA_WCN6855 | 305 BTUSB_WIDEBAND_SPEECH | 306 BTUSB_VALID_LE_STATES }, 307 { USB_DEVICE(0x0489, 0xe0e3), .driver_info = BTUSB_QCA_WCN6855 | 308 BTUSB_WIDEBAND_SPEECH | 309 BTUSB_VALID_LE_STATES }, 310 { USB_DEVICE(0x10ab, 0x9309), .driver_info = BTUSB_QCA_WCN6855 | 311 BTUSB_WIDEBAND_SPEECH | 312 BTUSB_VALID_LE_STATES }, 313 { USB_DEVICE(0x10ab, 0x9409), .driver_info = BTUSB_QCA_WCN6855 | 314 BTUSB_WIDEBAND_SPEECH | 315 BTUSB_VALID_LE_STATES }, 316 { USB_DEVICE(0x0489, 0xe0d0), .driver_info = BTUSB_QCA_WCN6855 | 317 BTUSB_WIDEBAND_SPEECH | 318 BTUSB_VALID_LE_STATES }, 319 320 /* QCA WCN785x chipset */ 321 { USB_DEVICE(0x0cf3, 0xe700), .driver_info = BTUSB_QCA_WCN6855 | 322 BTUSB_WIDEBAND_SPEECH | 323 BTUSB_VALID_LE_STATES }, 324 325 /* Broadcom BCM2035 */ 326 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 }, 327 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, 328 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, 329 330 /* Broadcom BCM2045 */ 331 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU }, 332 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU }, 333 334 /* IBM/Lenovo ThinkPad with Broadcom chip */ 335 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU }, 336 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU }, 337 338 /* HP laptop with Broadcom chip */ 339 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU }, 340 341 /* Dell laptop with Broadcom chip */ 342 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU }, 343 344 /* Dell Wireless 370 and 410 devices */ 345 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU }, 346 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU }, 347 348 /* Belkin F8T012 and F8T013 devices */ 349 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU }, 350 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU }, 351 352 /* Asus WL-BTD202 device */ 353 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU }, 354 355 /* Kensington Bluetooth USB adapter */ 356 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU }, 357 358 /* RTX Telecom based adapters with buggy SCO support */ 359 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC }, 360 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC }, 361 362 /* CONWISE Technology based adapters with buggy SCO support */ 363 { USB_DEVICE(0x0e5e, 0x6622), 364 .driver_info = BTUSB_BROKEN_ISOC | BTUSB_CW6622}, 365 366 /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */ 367 { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE }, 368 369 /* Digianswer devices */ 370 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER }, 371 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE }, 372 373 /* CSR BlueCore Bluetooth Sniffer */ 374 { USB_DEVICE(0x0a12, 0x0002), 375 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 376 377 /* Frontline ComProbe Bluetooth Sniffer */ 378 { USB_DEVICE(0x16d3, 0x0002), 379 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 380 381 /* Marvell Bluetooth devices */ 382 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL }, 383 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL }, 384 { USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL }, 385 386 /* Intel Bluetooth devices */ 387 { USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_COMBINED }, 388 { USB_DEVICE(0x8087, 0x0026), .driver_info = BTUSB_INTEL_COMBINED }, 389 { USB_DEVICE(0x8087, 0x0029), .driver_info = BTUSB_INTEL_COMBINED }, 390 { USB_DEVICE(0x8087, 0x0032), .driver_info = BTUSB_INTEL_COMBINED }, 391 { USB_DEVICE(0x8087, 0x0033), .driver_info = BTUSB_INTEL_COMBINED }, 392 { USB_DEVICE(0x8087, 0x0035), .driver_info = BTUSB_INTEL_COMBINED }, 393 { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR }, 394 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL_COMBINED | 395 BTUSB_INTEL_NO_WBS_SUPPORT | 396 BTUSB_INTEL_BROKEN_INITIAL_NCMD | 397 BTUSB_INTEL_BROKEN_SHUTDOWN_LED }, 398 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL_COMBINED | 399 BTUSB_INTEL_NO_WBS_SUPPORT | 400 BTUSB_INTEL_BROKEN_SHUTDOWN_LED }, 401 { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_COMBINED }, 402 { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL_COMBINED | 403 BTUSB_INTEL_BROKEN_SHUTDOWN_LED }, 404 { USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_COMBINED }, 405 406 /* Other Intel Bluetooth devices */ 407 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01), 408 .driver_info = BTUSB_IGNORE }, 409 410 /* Realtek 8822CE Bluetooth devices */ 411 { USB_DEVICE(0x0bda, 0xb00c), .driver_info = BTUSB_REALTEK | 412 BTUSB_WIDEBAND_SPEECH }, 413 { USB_DEVICE(0x0bda, 0xc822), .driver_info = BTUSB_REALTEK | 414 BTUSB_WIDEBAND_SPEECH }, 415 416 /* Realtek 8852AE Bluetooth devices */ 417 { USB_DEVICE(0x0bda, 0x2852), .driver_info = BTUSB_REALTEK | 418 BTUSB_WIDEBAND_SPEECH }, 419 { USB_DEVICE(0x0bda, 0xc852), .driver_info = BTUSB_REALTEK | 420 BTUSB_WIDEBAND_SPEECH }, 421 { USB_DEVICE(0x0bda, 0x385a), .driver_info = BTUSB_REALTEK | 422 BTUSB_WIDEBAND_SPEECH }, 423 { USB_DEVICE(0x0bda, 0x4852), .driver_info = BTUSB_REALTEK | 424 BTUSB_WIDEBAND_SPEECH }, 425 { USB_DEVICE(0x04c5, 0x165c), .driver_info = BTUSB_REALTEK | 426 BTUSB_WIDEBAND_SPEECH }, 427 { USB_DEVICE(0x04ca, 0x4006), .driver_info = BTUSB_REALTEK | 428 BTUSB_WIDEBAND_SPEECH }, 429 430 /* Realtek Bluetooth devices */ 431 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01), 432 .driver_info = BTUSB_REALTEK }, 433 434 /* MediaTek Bluetooth devices */ 435 { USB_VENDOR_AND_INTERFACE_INFO(0x0e8d, 0xe0, 0x01, 0x01), 436 .driver_info = BTUSB_MEDIATEK | 437 BTUSB_WIDEBAND_SPEECH | 438 BTUSB_VALID_LE_STATES }, 439 440 /* Additional MediaTek MT7615E Bluetooth devices */ 441 { USB_DEVICE(0x13d3, 0x3560), .driver_info = BTUSB_MEDIATEK}, 442 443 /* Additional MediaTek MT7663 Bluetooth devices */ 444 { USB_DEVICE(0x043e, 0x310c), .driver_info = BTUSB_MEDIATEK | 445 BTUSB_WIDEBAND_SPEECH | 446 BTUSB_VALID_LE_STATES }, 447 448 /* Additional MediaTek MT7668 Bluetooth devices */ 449 { USB_DEVICE(0x043e, 0x3109), .driver_info = BTUSB_MEDIATEK | 450 BTUSB_WIDEBAND_SPEECH | 451 BTUSB_VALID_LE_STATES }, 452 453 /* Additional MediaTek MT7921 Bluetooth devices */ 454 { USB_DEVICE(0x0489, 0xe0c8), .driver_info = BTUSB_MEDIATEK | 455 BTUSB_WIDEBAND_SPEECH | 456 BTUSB_VALID_LE_STATES }, 457 { USB_DEVICE(0x04ca, 0x3802), .driver_info = BTUSB_MEDIATEK | 458 BTUSB_WIDEBAND_SPEECH | 459 BTUSB_VALID_LE_STATES }, 460 { USB_DEVICE(0x13d3, 0x3563), .driver_info = BTUSB_MEDIATEK | 461 BTUSB_WIDEBAND_SPEECH | 462 BTUSB_VALID_LE_STATES }, 463 { USB_DEVICE(0x13d3, 0x3564), .driver_info = BTUSB_MEDIATEK | 464 BTUSB_WIDEBAND_SPEECH | 465 BTUSB_VALID_LE_STATES }, 466 { USB_DEVICE(0x13d3, 0x3567), .driver_info = BTUSB_MEDIATEK | 467 BTUSB_WIDEBAND_SPEECH | 468 BTUSB_VALID_LE_STATES }, 469 { USB_DEVICE(0x0489, 0xe0cd), .driver_info = BTUSB_MEDIATEK | 470 BTUSB_WIDEBAND_SPEECH | 471 BTUSB_VALID_LE_STATES }, 472 473 /* MediaTek MT7922A Bluetooth devices */ 474 { USB_DEVICE(0x0489, 0xe0d8), .driver_info = BTUSB_MEDIATEK | 475 BTUSB_WIDEBAND_SPEECH | 476 BTUSB_VALID_LE_STATES }, 477 { USB_DEVICE(0x0489, 0xe0d9), .driver_info = BTUSB_MEDIATEK | 478 BTUSB_WIDEBAND_SPEECH | 479 BTUSB_VALID_LE_STATES }, 480 481 /* Additional Realtek 8723AE Bluetooth devices */ 482 { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK }, 483 { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK }, 484 485 /* Additional Realtek 8723BE Bluetooth devices */ 486 { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK }, 487 { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK }, 488 { USB_DEVICE(0x04f2, 0xb49f), .driver_info = BTUSB_REALTEK }, 489 { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK }, 490 { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK }, 491 { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK }, 492 { USB_DEVICE(0x13d3, 0x3494), .driver_info = BTUSB_REALTEK }, 493 494 /* Additional Realtek 8723BU Bluetooth devices */ 495 { USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK }, 496 497 /* Additional Realtek 8723DE Bluetooth devices */ 498 { USB_DEVICE(0x0bda, 0xb009), .driver_info = BTUSB_REALTEK }, 499 { USB_DEVICE(0x2ff8, 0xb011), .driver_info = BTUSB_REALTEK }, 500 501 /* Additional Realtek 8761B Bluetooth devices */ 502 { USB_DEVICE(0x2357, 0x0604), .driver_info = BTUSB_REALTEK | 503 BTUSB_WIDEBAND_SPEECH }, 504 505 /* Additional Realtek 8761BU Bluetooth devices */ 506 { USB_DEVICE(0x0b05, 0x190e), .driver_info = BTUSB_REALTEK | 507 BTUSB_WIDEBAND_SPEECH }, 508 { USB_DEVICE(0x2550, 0x8761), .driver_info = BTUSB_REALTEK | 509 BTUSB_WIDEBAND_SPEECH }, 510 511 /* Additional Realtek 8761BUV Bluetooth devices */ 512 { USB_DEVICE(0x0bda, 0x8771), .driver_info = BTUSB_REALTEK | 513 BTUSB_WIDEBAND_SPEECH }, 514 515 /* Additional Realtek 8821AE Bluetooth devices */ 516 { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK }, 517 { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK }, 518 { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK }, 519 { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK }, 520 { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK }, 521 522 /* Additional Realtek 8822BE Bluetooth devices */ 523 { USB_DEVICE(0x13d3, 0x3526), .driver_info = BTUSB_REALTEK }, 524 { USB_DEVICE(0x0b05, 0x185c), .driver_info = BTUSB_REALTEK }, 525 526 /* Additional Realtek 8822CE Bluetooth devices */ 527 { USB_DEVICE(0x04ca, 0x4005), .driver_info = BTUSB_REALTEK | 528 BTUSB_WIDEBAND_SPEECH }, 529 { USB_DEVICE(0x04c5, 0x161f), .driver_info = BTUSB_REALTEK | 530 BTUSB_WIDEBAND_SPEECH }, 531 { USB_DEVICE(0x0b05, 0x18ef), .driver_info = BTUSB_REALTEK | 532 BTUSB_WIDEBAND_SPEECH }, 533 { USB_DEVICE(0x13d3, 0x3548), .driver_info = BTUSB_REALTEK | 534 BTUSB_WIDEBAND_SPEECH }, 535 { USB_DEVICE(0x13d3, 0x3549), .driver_info = BTUSB_REALTEK | 536 BTUSB_WIDEBAND_SPEECH }, 537 { USB_DEVICE(0x13d3, 0x3553), .driver_info = BTUSB_REALTEK | 538 BTUSB_WIDEBAND_SPEECH }, 539 { USB_DEVICE(0x13d3, 0x3555), .driver_info = BTUSB_REALTEK | 540 BTUSB_WIDEBAND_SPEECH }, 541 { USB_DEVICE(0x2ff8, 0x3051), .driver_info = BTUSB_REALTEK | 542 BTUSB_WIDEBAND_SPEECH }, 543 { USB_DEVICE(0x1358, 0xc123), .driver_info = BTUSB_REALTEK | 544 BTUSB_WIDEBAND_SPEECH }, 545 { USB_DEVICE(0x0bda, 0xc123), .driver_info = BTUSB_REALTEK | 546 BTUSB_WIDEBAND_SPEECH }, 547 { USB_DEVICE(0x0cb5, 0xc547), .driver_info = BTUSB_REALTEK | 548 BTUSB_WIDEBAND_SPEECH }, 549 550 /* Silicon Wave based devices */ 551 { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE }, 552 553 { } /* Terminating entry */ 554}; 555 556/* The Bluetooth USB module build into some devices needs to be reset on resume, 557 * this is a problem with the platform (likely shutting off all power) not with 558 * the module itself. So we use a DMI list to match known broken platforms. 559 */ 560static const struct dmi_system_id btusb_needs_reset_resume_table[] = { 561 { 562 /* Dell OptiPlex 3060 (QCA ROME device 0cf3:e007) */ 563 .matches = { 564 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 565 DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 3060"), 566 }, 567 }, 568 { 569 /* Dell XPS 9360 (QCA ROME device 0cf3:e300) */ 570 .matches = { 571 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 572 DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9360"), 573 }, 574 }, 575 { 576 /* Dell Inspiron 5565 (QCA ROME device 0cf3:e009) */ 577 .matches = { 578 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 579 DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5565"), 580 }, 581 }, 582 {} 583}; 584 585#define BTUSB_MAX_ISOC_FRAMES 10 586 587#define BTUSB_INTR_RUNNING 0 588#define BTUSB_BULK_RUNNING 1 589#define BTUSB_ISOC_RUNNING 2 590#define BTUSB_SUSPENDING 3 591#define BTUSB_DID_ISO_RESUME 4 592#define BTUSB_BOOTLOADER 5 593#define BTUSB_DOWNLOADING 6 594#define BTUSB_FIRMWARE_LOADED 7 595#define BTUSB_FIRMWARE_FAILED 8 596#define BTUSB_BOOTING 9 597#define BTUSB_DIAG_RUNNING 10 598#define BTUSB_OOB_WAKE_ENABLED 11 599#define BTUSB_HW_RESET_ACTIVE 12 600#define BTUSB_TX_WAIT_VND_EVT 13 601#define BTUSB_WAKEUP_AUTOSUSPEND 14 602#define BTUSB_USE_ALT3_FOR_WBS 15 603 604struct btusb_data { 605 struct hci_dev *hdev; 606 struct usb_device *udev; 607 struct usb_interface *intf; 608 struct usb_interface *isoc; 609 struct usb_interface *diag; 610 unsigned isoc_ifnum; 611 612 unsigned long flags; 613 614 bool poll_sync; 615 int intr_interval; 616 struct work_struct work; 617 struct work_struct waker; 618 struct delayed_work rx_work; 619 620 struct sk_buff_head acl_q; 621 622 struct usb_anchor deferred; 623 struct usb_anchor tx_anchor; 624 int tx_in_flight; 625 spinlock_t txlock; 626 627 struct usb_anchor intr_anchor; 628 struct usb_anchor bulk_anchor; 629 struct usb_anchor isoc_anchor; 630 struct usb_anchor diag_anchor; 631 struct usb_anchor ctrl_anchor; 632 spinlock_t rxlock; 633 634 struct sk_buff *evt_skb; 635 struct sk_buff *acl_skb; 636 struct sk_buff *sco_skb; 637 638 struct usb_endpoint_descriptor *intr_ep; 639 struct usb_endpoint_descriptor *bulk_tx_ep; 640 struct usb_endpoint_descriptor *bulk_rx_ep; 641 struct usb_endpoint_descriptor *isoc_tx_ep; 642 struct usb_endpoint_descriptor *isoc_rx_ep; 643 struct usb_endpoint_descriptor *diag_tx_ep; 644 struct usb_endpoint_descriptor *diag_rx_ep; 645 646 struct gpio_desc *reset_gpio; 647 648 __u8 cmdreq_type; 649 __u8 cmdreq; 650 651 unsigned int sco_num; 652 unsigned int air_mode; 653 bool usb_alt6_packet_flow; 654 int isoc_altsetting; 655 int suspend_count; 656 657 int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb); 658 int (*recv_acl)(struct hci_dev *hdev, struct sk_buff *skb); 659 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count); 660 661 int (*setup_on_usb)(struct hci_dev *hdev); 662 663 int oob_wake_irq; /* irq for out-of-band wake-on-bt */ 664 unsigned cmd_timeout_cnt; 665}; 666 667static void btusb_intel_cmd_timeout(struct hci_dev *hdev) 668{ 669 struct btusb_data *data = hci_get_drvdata(hdev); 670 struct gpio_desc *reset_gpio = data->reset_gpio; 671 672 if (++data->cmd_timeout_cnt < 5) 673 return; 674 675 if (!reset_gpio) { 676 bt_dev_err(hdev, "No way to reset. Ignoring and continuing"); 677 return; 678 } 679 680 /* 681 * Toggle the hard reset line if the platform provides one. The reset 682 * is going to yank the device off the USB and then replug. So doing 683 * once is enough. The cleanup is handled correctly on the way out 684 * (standard USB disconnect), and the new device is detected cleanly 685 * and bound to the driver again like it should be. 686 */ 687 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) { 688 bt_dev_err(hdev, "last reset failed? Not resetting again"); 689 return; 690 } 691 692 bt_dev_err(hdev, "Initiating HW reset via gpio"); 693 gpiod_set_value_cansleep(reset_gpio, 1); 694 msleep(100); 695 gpiod_set_value_cansleep(reset_gpio, 0); 696} 697 698static void btusb_rtl_cmd_timeout(struct hci_dev *hdev) 699{ 700 struct btusb_data *data = hci_get_drvdata(hdev); 701 struct gpio_desc *reset_gpio = data->reset_gpio; 702 703 if (++data->cmd_timeout_cnt < 5) 704 return; 705 706 if (!reset_gpio) { 707 bt_dev_err(hdev, "No gpio to reset Realtek device, ignoring"); 708 return; 709 } 710 711 /* Toggle the hard reset line. The Realtek device is going to 712 * yank itself off the USB and then replug. The cleanup is handled 713 * correctly on the way out (standard USB disconnect), and the new 714 * device is detected cleanly and bound to the driver again like 715 * it should be. 716 */ 717 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) { 718 bt_dev_err(hdev, "last reset failed? Not resetting again"); 719 return; 720 } 721 722 bt_dev_err(hdev, "Reset Realtek device via gpio"); 723 gpiod_set_value_cansleep(reset_gpio, 1); 724 msleep(200); 725 gpiod_set_value_cansleep(reset_gpio, 0); 726} 727 728static void btusb_qca_cmd_timeout(struct hci_dev *hdev) 729{ 730 struct btusb_data *data = hci_get_drvdata(hdev); 731 struct gpio_desc *reset_gpio = data->reset_gpio; 732 int err; 733 734 if (++data->cmd_timeout_cnt < 5) 735 return; 736 737 if (reset_gpio) { 738 bt_dev_err(hdev, "Reset qca device via bt_en gpio"); 739 740 /* Toggle the hard reset line. The qca bt device is going to 741 * yank itself off the USB and then replug. The cleanup is handled 742 * correctly on the way out (standard USB disconnect), and the new 743 * device is detected cleanly and bound to the driver again like 744 * it should be. 745 */ 746 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) { 747 bt_dev_err(hdev, "last reset failed? Not resetting again"); 748 return; 749 } 750 751 gpiod_set_value_cansleep(reset_gpio, 0); 752 msleep(200); 753 gpiod_set_value_cansleep(reset_gpio, 1); 754 755 return; 756 } 757 758 bt_dev_err(hdev, "Multiple cmd timeouts seen. Resetting usb device."); 759 /* This is not an unbalanced PM reference since the device will reset */ 760 err = usb_autopm_get_interface(data->intf); 761 if (!err) 762 usb_queue_reset_device(data->intf); 763 else 764 bt_dev_err(hdev, "Failed usb_autopm_get_interface with %d", err); 765} 766 767static inline void btusb_free_frags(struct btusb_data *data) 768{ 769 unsigned long flags; 770 771 spin_lock_irqsave(&data->rxlock, flags); 772 773 kfree_skb(data->evt_skb); 774 data->evt_skb = NULL; 775 776 kfree_skb(data->acl_skb); 777 data->acl_skb = NULL; 778 779 kfree_skb(data->sco_skb); 780 data->sco_skb = NULL; 781 782 spin_unlock_irqrestore(&data->rxlock, flags); 783} 784 785static int btusb_recv_event(struct btusb_data *data, struct sk_buff *skb) 786{ 787 if (data->intr_interval) { 788 /* Trigger dequeue immediatelly if an event is received */ 789 schedule_delayed_work(&data->rx_work, 0); 790 } 791 792 return data->recv_event(data->hdev, skb); 793} 794 795static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count) 796{ 797 struct sk_buff *skb; 798 unsigned long flags; 799 int err = 0; 800 801 spin_lock_irqsave(&data->rxlock, flags); 802 skb = data->evt_skb; 803 804 while (count) { 805 int len; 806 807 if (!skb) { 808 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC); 809 if (!skb) { 810 err = -ENOMEM; 811 break; 812 } 813 814 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 815 hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE; 816 } 817 818 len = min_t(uint, hci_skb_expect(skb), count); 819 skb_put_data(skb, buffer, len); 820 821 count -= len; 822 buffer += len; 823 hci_skb_expect(skb) -= len; 824 825 if (skb->len == HCI_EVENT_HDR_SIZE) { 826 /* Complete event header */ 827 hci_skb_expect(skb) = hci_event_hdr(skb)->plen; 828 829 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 830 kfree_skb(skb); 831 skb = NULL; 832 833 err = -EILSEQ; 834 break; 835 } 836 } 837 838 if (!hci_skb_expect(skb)) { 839 /* Complete frame */ 840 btusb_recv_event(data, skb); 841 skb = NULL; 842 } 843 } 844 845 data->evt_skb = skb; 846 spin_unlock_irqrestore(&data->rxlock, flags); 847 848 return err; 849} 850 851static int btusb_recv_acl(struct btusb_data *data, struct sk_buff *skb) 852{ 853 /* Only queue ACL packet if intr_interval is set as it means 854 * force_poll_sync has been enabled. 855 */ 856 if (!data->intr_interval) 857 return data->recv_acl(data->hdev, skb); 858 859 skb_queue_tail(&data->acl_q, skb); 860 schedule_delayed_work(&data->rx_work, data->intr_interval); 861 862 return 0; 863} 864 865static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count) 866{ 867 struct sk_buff *skb; 868 unsigned long flags; 869 int err = 0; 870 871 spin_lock_irqsave(&data->rxlock, flags); 872 skb = data->acl_skb; 873 874 while (count) { 875 int len; 876 877 if (!skb) { 878 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC); 879 if (!skb) { 880 err = -ENOMEM; 881 break; 882 } 883 884 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT; 885 hci_skb_expect(skb) = HCI_ACL_HDR_SIZE; 886 } 887 888 len = min_t(uint, hci_skb_expect(skb), count); 889 skb_put_data(skb, buffer, len); 890 891 count -= len; 892 buffer += len; 893 hci_skb_expect(skb) -= len; 894 895 if (skb->len == HCI_ACL_HDR_SIZE) { 896 __le16 dlen = hci_acl_hdr(skb)->dlen; 897 898 /* Complete ACL header */ 899 hci_skb_expect(skb) = __le16_to_cpu(dlen); 900 901 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 902 kfree_skb(skb); 903 skb = NULL; 904 905 err = -EILSEQ; 906 break; 907 } 908 } 909 910 if (!hci_skb_expect(skb)) { 911 /* Complete frame */ 912 btusb_recv_acl(data, skb); 913 skb = NULL; 914 } 915 } 916 917 data->acl_skb = skb; 918 spin_unlock_irqrestore(&data->rxlock, flags); 919 920 return err; 921} 922 923static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count) 924{ 925 struct sk_buff *skb; 926 unsigned long flags; 927 int err = 0; 928 929 spin_lock_irqsave(&data->rxlock, flags); 930 skb = data->sco_skb; 931 932 while (count) { 933 int len; 934 935 if (!skb) { 936 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC); 937 if (!skb) { 938 err = -ENOMEM; 939 break; 940 } 941 942 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT; 943 hci_skb_expect(skb) = HCI_SCO_HDR_SIZE; 944 } 945 946 len = min_t(uint, hci_skb_expect(skb), count); 947 skb_put_data(skb, buffer, len); 948 949 count -= len; 950 buffer += len; 951 hci_skb_expect(skb) -= len; 952 953 if (skb->len == HCI_SCO_HDR_SIZE) { 954 /* Complete SCO header */ 955 hci_skb_expect(skb) = hci_sco_hdr(skb)->dlen; 956 957 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 958 kfree_skb(skb); 959 skb = NULL; 960 961 err = -EILSEQ; 962 break; 963 } 964 } 965 966 if (!hci_skb_expect(skb)) { 967 /* Complete frame */ 968 hci_recv_frame(data->hdev, skb); 969 skb = NULL; 970 } 971 } 972 973 data->sco_skb = skb; 974 spin_unlock_irqrestore(&data->rxlock, flags); 975 976 return err; 977} 978 979static void btusb_intr_complete(struct urb *urb) 980{ 981 struct hci_dev *hdev = urb->context; 982 struct btusb_data *data = hci_get_drvdata(hdev); 983 int err; 984 985 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 986 urb->actual_length); 987 988 if (!test_bit(HCI_RUNNING, &hdev->flags)) 989 return; 990 991 if (urb->status == 0) { 992 hdev->stat.byte_rx += urb->actual_length; 993 994 if (btusb_recv_intr(data, urb->transfer_buffer, 995 urb->actual_length) < 0) { 996 bt_dev_err(hdev, "corrupted event packet"); 997 hdev->stat.err_rx++; 998 } 999 } else if (urb->status == -ENOENT) { 1000 /* Avoid suspend failed when usb_kill_urb */ 1001 return; 1002 } 1003 1004 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags)) 1005 return; 1006 1007 usb_mark_last_busy(data->udev); 1008 usb_anchor_urb(urb, &data->intr_anchor); 1009 1010 err = usb_submit_urb(urb, GFP_ATOMIC); 1011 if (err < 0) { 1012 /* -EPERM: urb is being killed; 1013 * -ENODEV: device got disconnected 1014 */ 1015 if (err != -EPERM && err != -ENODEV) 1016 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1017 urb, -err); 1018 if (err != -EPERM) 1019 hci_cmd_sync_cancel(hdev, -err); 1020 usb_unanchor_urb(urb); 1021 } 1022} 1023 1024static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 1025{ 1026 struct btusb_data *data = hci_get_drvdata(hdev); 1027 struct urb *urb; 1028 unsigned char *buf; 1029 unsigned int pipe; 1030 int err, size; 1031 1032 BT_DBG("%s", hdev->name); 1033 1034 if (!data->intr_ep) 1035 return -ENODEV; 1036 1037 urb = usb_alloc_urb(0, mem_flags); 1038 if (!urb) 1039 return -ENOMEM; 1040 1041 size = le16_to_cpu(data->intr_ep->wMaxPacketSize); 1042 1043 buf = kmalloc(size, mem_flags); 1044 if (!buf) { 1045 usb_free_urb(urb); 1046 return -ENOMEM; 1047 } 1048 1049 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress); 1050 1051 usb_fill_int_urb(urb, data->udev, pipe, buf, size, 1052 btusb_intr_complete, hdev, data->intr_ep->bInterval); 1053 1054 urb->transfer_flags |= URB_FREE_BUFFER; 1055 1056 usb_anchor_urb(urb, &data->intr_anchor); 1057 1058 err = usb_submit_urb(urb, mem_flags); 1059 if (err < 0) { 1060 if (err != -EPERM && err != -ENODEV) 1061 bt_dev_err(hdev, "urb %p submission failed (%d)", 1062 urb, -err); 1063 if (err != -EPERM) 1064 hci_cmd_sync_cancel(hdev, -err); 1065 usb_unanchor_urb(urb); 1066 } 1067 1068 /* Only initialize intr_interval if URB poll sync is enabled */ 1069 if (!data->poll_sync) 1070 goto done; 1071 1072 /* The units are frames (milliseconds) for full and low speed devices, 1073 * and microframes (1/8 millisecond) for highspeed and SuperSpeed 1074 * devices. 1075 * 1076 * This is done once on open/resume so it shouldn't change even if 1077 * force_poll_sync changes. 1078 */ 1079 switch (urb->dev->speed) { 1080 case USB_SPEED_SUPER_PLUS: 1081 case USB_SPEED_SUPER: /* units are 125us */ 1082 data->intr_interval = usecs_to_jiffies(urb->interval * 125); 1083 break; 1084 default: 1085 data->intr_interval = msecs_to_jiffies(urb->interval); 1086 break; 1087 } 1088 1089done: 1090 usb_free_urb(urb); 1091 1092 return err; 1093} 1094 1095static void btusb_bulk_complete(struct urb *urb) 1096{ 1097 struct hci_dev *hdev = urb->context; 1098 struct btusb_data *data = hci_get_drvdata(hdev); 1099 int err; 1100 1101 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1102 urb->actual_length); 1103 1104 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1105 return; 1106 1107 if (urb->status == 0) { 1108 hdev->stat.byte_rx += urb->actual_length; 1109 1110 if (data->recv_bulk(data, urb->transfer_buffer, 1111 urb->actual_length) < 0) { 1112 bt_dev_err(hdev, "corrupted ACL packet"); 1113 hdev->stat.err_rx++; 1114 } 1115 } else if (urb->status == -ENOENT) { 1116 /* Avoid suspend failed when usb_kill_urb */ 1117 return; 1118 } 1119 1120 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags)) 1121 return; 1122 1123 usb_anchor_urb(urb, &data->bulk_anchor); 1124 usb_mark_last_busy(data->udev); 1125 1126 err = usb_submit_urb(urb, GFP_ATOMIC); 1127 if (err < 0) { 1128 /* -EPERM: urb is being killed; 1129 * -ENODEV: device got disconnected 1130 */ 1131 if (err != -EPERM && err != -ENODEV) 1132 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1133 urb, -err); 1134 usb_unanchor_urb(urb); 1135 } 1136} 1137 1138static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags) 1139{ 1140 struct btusb_data *data = hci_get_drvdata(hdev); 1141 struct urb *urb; 1142 unsigned char *buf; 1143 unsigned int pipe; 1144 int err, size = HCI_MAX_FRAME_SIZE; 1145 1146 BT_DBG("%s", hdev->name); 1147 1148 if (!data->bulk_rx_ep) 1149 return -ENODEV; 1150 1151 urb = usb_alloc_urb(0, mem_flags); 1152 if (!urb) 1153 return -ENOMEM; 1154 1155 buf = kmalloc(size, mem_flags); 1156 if (!buf) { 1157 usb_free_urb(urb); 1158 return -ENOMEM; 1159 } 1160 1161 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress); 1162 1163 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 1164 btusb_bulk_complete, hdev); 1165 1166 urb->transfer_flags |= URB_FREE_BUFFER; 1167 1168 usb_mark_last_busy(data->udev); 1169 usb_anchor_urb(urb, &data->bulk_anchor); 1170 1171 err = usb_submit_urb(urb, mem_flags); 1172 if (err < 0) { 1173 if (err != -EPERM && err != -ENODEV) 1174 bt_dev_err(hdev, "urb %p submission failed (%d)", 1175 urb, -err); 1176 usb_unanchor_urb(urb); 1177 } 1178 1179 usb_free_urb(urb); 1180 1181 return err; 1182} 1183 1184static void btusb_isoc_complete(struct urb *urb) 1185{ 1186 struct hci_dev *hdev = urb->context; 1187 struct btusb_data *data = hci_get_drvdata(hdev); 1188 int i, err; 1189 1190 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1191 urb->actual_length); 1192 1193 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1194 return; 1195 1196 if (urb->status == 0) { 1197 for (i = 0; i < urb->number_of_packets; i++) { 1198 unsigned int offset = urb->iso_frame_desc[i].offset; 1199 unsigned int length = urb->iso_frame_desc[i].actual_length; 1200 1201 if (urb->iso_frame_desc[i].status) 1202 continue; 1203 1204 hdev->stat.byte_rx += length; 1205 1206 if (btusb_recv_isoc(data, urb->transfer_buffer + offset, 1207 length) < 0) { 1208 bt_dev_err(hdev, "corrupted SCO packet"); 1209 hdev->stat.err_rx++; 1210 } 1211 } 1212 } else if (urb->status == -ENOENT) { 1213 /* Avoid suspend failed when usb_kill_urb */ 1214 return; 1215 } 1216 1217 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags)) 1218 return; 1219 1220 usb_anchor_urb(urb, &data->isoc_anchor); 1221 1222 err = usb_submit_urb(urb, GFP_ATOMIC); 1223 if (err < 0) { 1224 /* -EPERM: urb is being killed; 1225 * -ENODEV: device got disconnected 1226 */ 1227 if (err != -EPERM && err != -ENODEV) 1228 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1229 urb, -err); 1230 usb_unanchor_urb(urb); 1231 } 1232} 1233 1234static inline void __fill_isoc_descriptor_msbc(struct urb *urb, int len, 1235 int mtu, struct btusb_data *data) 1236{ 1237 int i, offset = 0; 1238 unsigned int interval; 1239 1240 BT_DBG("len %d mtu %d", len, mtu); 1241 1242 /* For mSBC ALT 6 setting the host will send the packet at continuous 1243 * flow. As per core spec 5, vol 4, part B, table 2.1. For ALT setting 1244 * 6 the HCI PACKET INTERVAL should be 7.5ms for every usb packets. 1245 * To maintain the rate we send 63bytes of usb packets alternatively for 1246 * 7ms and 8ms to maintain the rate as 7.5ms. 1247 */ 1248 if (data->usb_alt6_packet_flow) { 1249 interval = 7; 1250 data->usb_alt6_packet_flow = false; 1251 } else { 1252 interval = 6; 1253 data->usb_alt6_packet_flow = true; 1254 } 1255 1256 for (i = 0; i < interval; i++) { 1257 urb->iso_frame_desc[i].offset = offset; 1258 urb->iso_frame_desc[i].length = offset; 1259 } 1260 1261 if (len && i < BTUSB_MAX_ISOC_FRAMES) { 1262 urb->iso_frame_desc[i].offset = offset; 1263 urb->iso_frame_desc[i].length = len; 1264 i++; 1265 } 1266 1267 urb->number_of_packets = i; 1268} 1269 1270static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu) 1271{ 1272 int i, offset = 0; 1273 1274 BT_DBG("len %d mtu %d", len, mtu); 1275 1276 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu; 1277 i++, offset += mtu, len -= mtu) { 1278 urb->iso_frame_desc[i].offset = offset; 1279 urb->iso_frame_desc[i].length = mtu; 1280 } 1281 1282 if (len && i < BTUSB_MAX_ISOC_FRAMES) { 1283 urb->iso_frame_desc[i].offset = offset; 1284 urb->iso_frame_desc[i].length = len; 1285 i++; 1286 } 1287 1288 urb->number_of_packets = i; 1289} 1290 1291static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags) 1292{ 1293 struct btusb_data *data = hci_get_drvdata(hdev); 1294 struct urb *urb; 1295 unsigned char *buf; 1296 unsigned int pipe; 1297 int err, size; 1298 1299 BT_DBG("%s", hdev->name); 1300 1301 if (!data->isoc_rx_ep) 1302 return -ENODEV; 1303 1304 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags); 1305 if (!urb) 1306 return -ENOMEM; 1307 1308 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) * 1309 BTUSB_MAX_ISOC_FRAMES; 1310 1311 buf = kmalloc(size, mem_flags); 1312 if (!buf) { 1313 usb_free_urb(urb); 1314 return -ENOMEM; 1315 } 1316 1317 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress); 1318 1319 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete, 1320 hdev, data->isoc_rx_ep->bInterval); 1321 1322 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP; 1323 1324 __fill_isoc_descriptor(urb, size, 1325 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize)); 1326 1327 usb_anchor_urb(urb, &data->isoc_anchor); 1328 1329 err = usb_submit_urb(urb, mem_flags); 1330 if (err < 0) { 1331 if (err != -EPERM && err != -ENODEV) 1332 bt_dev_err(hdev, "urb %p submission failed (%d)", 1333 urb, -err); 1334 usb_unanchor_urb(urb); 1335 } 1336 1337 usb_free_urb(urb); 1338 1339 return err; 1340} 1341 1342static void btusb_diag_complete(struct urb *urb) 1343{ 1344 struct hci_dev *hdev = urb->context; 1345 struct btusb_data *data = hci_get_drvdata(hdev); 1346 int err; 1347 1348 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1349 urb->actual_length); 1350 1351 if (urb->status == 0) { 1352 struct sk_buff *skb; 1353 1354 skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC); 1355 if (skb) { 1356 skb_put_data(skb, urb->transfer_buffer, 1357 urb->actual_length); 1358 hci_recv_diag(hdev, skb); 1359 } 1360 } else if (urb->status == -ENOENT) { 1361 /* Avoid suspend failed when usb_kill_urb */ 1362 return; 1363 } 1364 1365 if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags)) 1366 return; 1367 1368 usb_anchor_urb(urb, &data->diag_anchor); 1369 usb_mark_last_busy(data->udev); 1370 1371 err = usb_submit_urb(urb, GFP_ATOMIC); 1372 if (err < 0) { 1373 /* -EPERM: urb is being killed; 1374 * -ENODEV: device got disconnected 1375 */ 1376 if (err != -EPERM && err != -ENODEV) 1377 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1378 urb, -err); 1379 usb_unanchor_urb(urb); 1380 } 1381} 1382 1383static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags) 1384{ 1385 struct btusb_data *data = hci_get_drvdata(hdev); 1386 struct urb *urb; 1387 unsigned char *buf; 1388 unsigned int pipe; 1389 int err, size = HCI_MAX_FRAME_SIZE; 1390 1391 BT_DBG("%s", hdev->name); 1392 1393 if (!data->diag_rx_ep) 1394 return -ENODEV; 1395 1396 urb = usb_alloc_urb(0, mem_flags); 1397 if (!urb) 1398 return -ENOMEM; 1399 1400 buf = kmalloc(size, mem_flags); 1401 if (!buf) { 1402 usb_free_urb(urb); 1403 return -ENOMEM; 1404 } 1405 1406 pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress); 1407 1408 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 1409 btusb_diag_complete, hdev); 1410 1411 urb->transfer_flags |= URB_FREE_BUFFER; 1412 1413 usb_mark_last_busy(data->udev); 1414 usb_anchor_urb(urb, &data->diag_anchor); 1415 1416 err = usb_submit_urb(urb, mem_flags); 1417 if (err < 0) { 1418 if (err != -EPERM && err != -ENODEV) 1419 bt_dev_err(hdev, "urb %p submission failed (%d)", 1420 urb, -err); 1421 usb_unanchor_urb(urb); 1422 } 1423 1424 usb_free_urb(urb); 1425 1426 return err; 1427} 1428 1429static void btusb_tx_complete(struct urb *urb) 1430{ 1431 struct sk_buff *skb = urb->context; 1432 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 1433 struct btusb_data *data = hci_get_drvdata(hdev); 1434 unsigned long flags; 1435 1436 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1437 urb->actual_length); 1438 1439 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1440 goto done; 1441 1442 if (!urb->status) { 1443 hdev->stat.byte_tx += urb->transfer_buffer_length; 1444 } else { 1445 if (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT) 1446 hci_cmd_sync_cancel(hdev, -urb->status); 1447 hdev->stat.err_tx++; 1448 } 1449 1450done: 1451 spin_lock_irqsave(&data->txlock, flags); 1452 data->tx_in_flight--; 1453 spin_unlock_irqrestore(&data->txlock, flags); 1454 1455 kfree(urb->setup_packet); 1456 1457 kfree_skb(skb); 1458} 1459 1460static void btusb_isoc_tx_complete(struct urb *urb) 1461{ 1462 struct sk_buff *skb = urb->context; 1463 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 1464 1465 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1466 urb->actual_length); 1467 1468 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1469 goto done; 1470 1471 if (!urb->status) 1472 hdev->stat.byte_tx += urb->transfer_buffer_length; 1473 else 1474 hdev->stat.err_tx++; 1475 1476done: 1477 kfree(urb->setup_packet); 1478 1479 kfree_skb(skb); 1480} 1481 1482static int btusb_open(struct hci_dev *hdev) 1483{ 1484 struct btusb_data *data = hci_get_drvdata(hdev); 1485 int err; 1486 1487 BT_DBG("%s", hdev->name); 1488 1489 err = usb_autopm_get_interface(data->intf); 1490 if (err < 0) 1491 return err; 1492 1493 /* Patching USB firmware files prior to starting any URBs of HCI path 1494 * It is more safe to use USB bulk channel for downloading USB patch 1495 */ 1496 if (data->setup_on_usb) { 1497 err = data->setup_on_usb(hdev); 1498 if (err < 0) 1499 goto setup_fail; 1500 } 1501 1502 data->intf->needs_remote_wakeup = 1; 1503 1504 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) 1505 goto done; 1506 1507 err = btusb_submit_intr_urb(hdev, GFP_KERNEL); 1508 if (err < 0) 1509 goto failed; 1510 1511 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL); 1512 if (err < 0) { 1513 usb_kill_anchored_urbs(&data->intr_anchor); 1514 goto failed; 1515 } 1516 1517 set_bit(BTUSB_BULK_RUNNING, &data->flags); 1518 btusb_submit_bulk_urb(hdev, GFP_KERNEL); 1519 1520 if (data->diag) { 1521 if (!btusb_submit_diag_urb(hdev, GFP_KERNEL)) 1522 set_bit(BTUSB_DIAG_RUNNING, &data->flags); 1523 } 1524 1525done: 1526 usb_autopm_put_interface(data->intf); 1527 return 0; 1528 1529failed: 1530 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 1531setup_fail: 1532 usb_autopm_put_interface(data->intf); 1533 return err; 1534} 1535 1536static void btusb_stop_traffic(struct btusb_data *data) 1537{ 1538 usb_kill_anchored_urbs(&data->intr_anchor); 1539 usb_kill_anchored_urbs(&data->bulk_anchor); 1540 usb_kill_anchored_urbs(&data->isoc_anchor); 1541 usb_kill_anchored_urbs(&data->diag_anchor); 1542 usb_kill_anchored_urbs(&data->ctrl_anchor); 1543} 1544 1545static int btusb_close(struct hci_dev *hdev) 1546{ 1547 struct btusb_data *data = hci_get_drvdata(hdev); 1548 int err; 1549 1550 BT_DBG("%s", hdev->name); 1551 1552 cancel_delayed_work(&data->rx_work); 1553 cancel_work_sync(&data->work); 1554 cancel_work_sync(&data->waker); 1555 1556 skb_queue_purge(&data->acl_q); 1557 1558 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1559 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 1560 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 1561 clear_bit(BTUSB_DIAG_RUNNING, &data->flags); 1562 1563 btusb_stop_traffic(data); 1564 btusb_free_frags(data); 1565 1566 err = usb_autopm_get_interface(data->intf); 1567 if (err < 0) 1568 goto failed; 1569 1570 data->intf->needs_remote_wakeup = 0; 1571 1572 /* Enable remote wake up for auto-suspend */ 1573 if (test_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags)) 1574 data->intf->needs_remote_wakeup = 1; 1575 1576 usb_autopm_put_interface(data->intf); 1577 1578failed: 1579 usb_scuttle_anchored_urbs(&data->deferred); 1580 return 0; 1581} 1582 1583static int btusb_flush(struct hci_dev *hdev) 1584{ 1585 struct btusb_data *data = hci_get_drvdata(hdev); 1586 1587 BT_DBG("%s", hdev->name); 1588 1589 cancel_delayed_work(&data->rx_work); 1590 1591 skb_queue_purge(&data->acl_q); 1592 1593 usb_kill_anchored_urbs(&data->tx_anchor); 1594 btusb_free_frags(data); 1595 1596 return 0; 1597} 1598 1599static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb) 1600{ 1601 struct btusb_data *data = hci_get_drvdata(hdev); 1602 struct usb_ctrlrequest *dr; 1603 struct urb *urb; 1604 unsigned int pipe; 1605 1606 urb = usb_alloc_urb(0, GFP_KERNEL); 1607 if (!urb) 1608 return ERR_PTR(-ENOMEM); 1609 1610 dr = kmalloc(sizeof(*dr), GFP_KERNEL); 1611 if (!dr) { 1612 usb_free_urb(urb); 1613 return ERR_PTR(-ENOMEM); 1614 } 1615 1616 dr->bRequestType = data->cmdreq_type; 1617 dr->bRequest = data->cmdreq; 1618 dr->wIndex = 0; 1619 dr->wValue = 0; 1620 dr->wLength = __cpu_to_le16(skb->len); 1621 1622 pipe = usb_sndctrlpipe(data->udev, 0x00); 1623 1624 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 1625 skb->data, skb->len, btusb_tx_complete, skb); 1626 1627 skb->dev = (void *)hdev; 1628 1629 return urb; 1630} 1631 1632static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb) 1633{ 1634 struct btusb_data *data = hci_get_drvdata(hdev); 1635 struct urb *urb; 1636 unsigned int pipe; 1637 1638 if (!data->bulk_tx_ep) 1639 return ERR_PTR(-ENODEV); 1640 1641 urb = usb_alloc_urb(0, GFP_KERNEL); 1642 if (!urb) 1643 return ERR_PTR(-ENOMEM); 1644 1645 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress); 1646 1647 usb_fill_bulk_urb(urb, data->udev, pipe, 1648 skb->data, skb->len, btusb_tx_complete, skb); 1649 1650 skb->dev = (void *)hdev; 1651 1652 return urb; 1653} 1654 1655static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb) 1656{ 1657 struct btusb_data *data = hci_get_drvdata(hdev); 1658 struct urb *urb; 1659 unsigned int pipe; 1660 1661 if (!data->isoc_tx_ep) 1662 return ERR_PTR(-ENODEV); 1663 1664 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL); 1665 if (!urb) 1666 return ERR_PTR(-ENOMEM); 1667 1668 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress); 1669 1670 usb_fill_int_urb(urb, data->udev, pipe, 1671 skb->data, skb->len, btusb_isoc_tx_complete, 1672 skb, data->isoc_tx_ep->bInterval); 1673 1674 urb->transfer_flags = URB_ISO_ASAP; 1675 1676 if (data->isoc_altsetting == 6) 1677 __fill_isoc_descriptor_msbc(urb, skb->len, 1678 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize), 1679 data); 1680 else 1681 __fill_isoc_descriptor(urb, skb->len, 1682 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize)); 1683 skb->dev = (void *)hdev; 1684 1685 return urb; 1686} 1687 1688static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb) 1689{ 1690 struct btusb_data *data = hci_get_drvdata(hdev); 1691 int err; 1692 1693 usb_anchor_urb(urb, &data->tx_anchor); 1694 1695 err = usb_submit_urb(urb, GFP_KERNEL); 1696 if (err < 0) { 1697 if (err != -EPERM && err != -ENODEV) 1698 bt_dev_err(hdev, "urb %p submission failed (%d)", 1699 urb, -err); 1700 kfree(urb->setup_packet); 1701 usb_unanchor_urb(urb); 1702 } else { 1703 usb_mark_last_busy(data->udev); 1704 } 1705 1706 usb_free_urb(urb); 1707 return err; 1708} 1709 1710static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb) 1711{ 1712 struct btusb_data *data = hci_get_drvdata(hdev); 1713 unsigned long flags; 1714 bool suspending; 1715 1716 spin_lock_irqsave(&data->txlock, flags); 1717 suspending = test_bit(BTUSB_SUSPENDING, &data->flags); 1718 if (!suspending) 1719 data->tx_in_flight++; 1720 spin_unlock_irqrestore(&data->txlock, flags); 1721 1722 if (!suspending) 1723 return submit_tx_urb(hdev, urb); 1724 1725 usb_anchor_urb(urb, &data->deferred); 1726 schedule_work(&data->waker); 1727 1728 usb_free_urb(urb); 1729 return 0; 1730} 1731 1732static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 1733{ 1734 struct urb *urb; 1735 1736 BT_DBG("%s", hdev->name); 1737 1738 switch (hci_skb_pkt_type(skb)) { 1739 case HCI_COMMAND_PKT: 1740 urb = alloc_ctrl_urb(hdev, skb); 1741 if (IS_ERR(urb)) 1742 return PTR_ERR(urb); 1743 1744 hdev->stat.cmd_tx++; 1745 return submit_or_queue_tx_urb(hdev, urb); 1746 1747 case HCI_ACLDATA_PKT: 1748 urb = alloc_bulk_urb(hdev, skb); 1749 if (IS_ERR(urb)) 1750 return PTR_ERR(urb); 1751 1752 hdev->stat.acl_tx++; 1753 return submit_or_queue_tx_urb(hdev, urb); 1754 1755 case HCI_SCODATA_PKT: 1756 if (hci_conn_num(hdev, SCO_LINK) < 1) 1757 return -ENODEV; 1758 1759 urb = alloc_isoc_urb(hdev, skb); 1760 if (IS_ERR(urb)) 1761 return PTR_ERR(urb); 1762 1763 hdev->stat.sco_tx++; 1764 return submit_tx_urb(hdev, urb); 1765 } 1766 1767 return -EILSEQ; 1768} 1769 1770static void btusb_notify(struct hci_dev *hdev, unsigned int evt) 1771{ 1772 struct btusb_data *data = hci_get_drvdata(hdev); 1773 1774 BT_DBG("%s evt %d", hdev->name, evt); 1775 1776 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) { 1777 data->sco_num = hci_conn_num(hdev, SCO_LINK); 1778 data->air_mode = evt; 1779 schedule_work(&data->work); 1780 } 1781} 1782 1783static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting) 1784{ 1785 struct btusb_data *data = hci_get_drvdata(hdev); 1786 struct usb_interface *intf = data->isoc; 1787 struct usb_endpoint_descriptor *ep_desc; 1788 int i, err; 1789 1790 if (!data->isoc) 1791 return -ENODEV; 1792 1793 err = usb_set_interface(data->udev, data->isoc_ifnum, altsetting); 1794 if (err < 0) { 1795 bt_dev_err(hdev, "setting interface failed (%d)", -err); 1796 return err; 1797 } 1798 1799 data->isoc_altsetting = altsetting; 1800 1801 data->isoc_tx_ep = NULL; 1802 data->isoc_rx_ep = NULL; 1803 1804 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 1805 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 1806 1807 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) { 1808 data->isoc_tx_ep = ep_desc; 1809 continue; 1810 } 1811 1812 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) { 1813 data->isoc_rx_ep = ep_desc; 1814 continue; 1815 } 1816 } 1817 1818 if (!data->isoc_tx_ep || !data->isoc_rx_ep) { 1819 bt_dev_err(hdev, "invalid SCO descriptors"); 1820 return -ENODEV; 1821 } 1822 1823 return 0; 1824} 1825 1826static int btusb_switch_alt_setting(struct hci_dev *hdev, int new_alts) 1827{ 1828 struct btusb_data *data = hci_get_drvdata(hdev); 1829 int err; 1830 1831 if (data->isoc_altsetting != new_alts) { 1832 unsigned long flags; 1833 1834 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1835 usb_kill_anchored_urbs(&data->isoc_anchor); 1836 1837 /* When isochronous alternate setting needs to be 1838 * changed, because SCO connection has been added 1839 * or removed, a packet fragment may be left in the 1840 * reassembling state. This could lead to wrongly 1841 * assembled fragments. 1842 * 1843 * Clear outstanding fragment when selecting a new 1844 * alternate setting. 1845 */ 1846 spin_lock_irqsave(&data->rxlock, flags); 1847 kfree_skb(data->sco_skb); 1848 data->sco_skb = NULL; 1849 spin_unlock_irqrestore(&data->rxlock, flags); 1850 1851 err = __set_isoc_interface(hdev, new_alts); 1852 if (err < 0) 1853 return err; 1854 } 1855 1856 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 1857 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0) 1858 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1859 else 1860 btusb_submit_isoc_urb(hdev, GFP_KERNEL); 1861 } 1862 1863 return 0; 1864} 1865 1866static struct usb_host_interface *btusb_find_altsetting(struct btusb_data *data, 1867 int alt) 1868{ 1869 struct usb_interface *intf = data->isoc; 1870 int i; 1871 1872 BT_DBG("Looking for Alt no :%d", alt); 1873 1874 if (!intf) 1875 return NULL; 1876 1877 for (i = 0; i < intf->num_altsetting; i++) { 1878 if (intf->altsetting[i].desc.bAlternateSetting == alt) 1879 return &intf->altsetting[i]; 1880 } 1881 1882 return NULL; 1883} 1884 1885static void btusb_work(struct work_struct *work) 1886{ 1887 struct btusb_data *data = container_of(work, struct btusb_data, work); 1888 struct hci_dev *hdev = data->hdev; 1889 int new_alts = 0; 1890 int err; 1891 1892 if (data->sco_num > 0) { 1893 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) { 1894 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf); 1895 if (err < 0) { 1896 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1897 usb_kill_anchored_urbs(&data->isoc_anchor); 1898 return; 1899 } 1900 1901 set_bit(BTUSB_DID_ISO_RESUME, &data->flags); 1902 } 1903 1904 if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_CVSD) { 1905 if (hdev->voice_setting & 0x0020) { 1906 static const int alts[3] = { 2, 4, 5 }; 1907 1908 new_alts = alts[data->sco_num - 1]; 1909 } else { 1910 new_alts = data->sco_num; 1911 } 1912 } else if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_TRANSP) { 1913 /* Bluetooth USB spec recommends alt 6 (63 bytes), but 1914 * many adapters do not support it. Alt 1 appears to 1915 * work for all adapters that do not have alt 6, and 1916 * which work with WBS at all. Some devices prefer 1917 * alt 3 (HCI payload >= 60 Bytes let air packet 1918 * data satisfy 60 bytes), requiring 1919 * MTU >= 3 (packets) * 25 (size) - 3 (headers) = 72 1920 * see also Core spec 5, vol 4, B 2.1.1 & Table 2.1. 1921 */ 1922 if (btusb_find_altsetting(data, 6)) 1923 new_alts = 6; 1924 else if (btusb_find_altsetting(data, 3) && 1925 hdev->sco_mtu >= 72 && 1926 test_bit(BTUSB_USE_ALT3_FOR_WBS, &data->flags)) 1927 new_alts = 3; 1928 else 1929 new_alts = 1; 1930 } 1931 1932 if (btusb_switch_alt_setting(hdev, new_alts) < 0) 1933 bt_dev_err(hdev, "set USB alt:(%d) failed!", new_alts); 1934 } else { 1935 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1936 usb_kill_anchored_urbs(&data->isoc_anchor); 1937 1938 __set_isoc_interface(hdev, 0); 1939 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags)) 1940 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf); 1941 } 1942} 1943 1944static void btusb_waker(struct work_struct *work) 1945{ 1946 struct btusb_data *data = container_of(work, struct btusb_data, waker); 1947 int err; 1948 1949 err = usb_autopm_get_interface(data->intf); 1950 if (err < 0) 1951 return; 1952 1953 usb_autopm_put_interface(data->intf); 1954} 1955 1956static void btusb_rx_work(struct work_struct *work) 1957{ 1958 struct btusb_data *data = container_of(work, struct btusb_data, 1959 rx_work.work); 1960 struct sk_buff *skb; 1961 1962 /* Dequeue ACL data received during the interval */ 1963 while ((skb = skb_dequeue(&data->acl_q))) 1964 data->recv_acl(data->hdev, skb); 1965} 1966 1967static int btusb_setup_bcm92035(struct hci_dev *hdev) 1968{ 1969 struct sk_buff *skb; 1970 u8 val = 0x00; 1971 1972 BT_DBG("%s", hdev->name); 1973 1974 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT); 1975 if (IS_ERR(skb)) 1976 bt_dev_err(hdev, "BCM92035 command failed (%ld)", PTR_ERR(skb)); 1977 else 1978 kfree_skb(skb); 1979 1980 return 0; 1981} 1982 1983static int btusb_setup_csr(struct hci_dev *hdev) 1984{ 1985 struct btusb_data *data = hci_get_drvdata(hdev); 1986 u16 bcdDevice = le16_to_cpu(data->udev->descriptor.bcdDevice); 1987 struct hci_rp_read_local_version *rp; 1988 struct sk_buff *skb; 1989 bool is_fake = false; 1990 int ret; 1991 1992 BT_DBG("%s", hdev->name); 1993 1994 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1995 HCI_INIT_TIMEOUT); 1996 if (IS_ERR(skb)) { 1997 int err = PTR_ERR(skb); 1998 bt_dev_err(hdev, "CSR: Local version failed (%d)", err); 1999 return err; 2000 } 2001 2002 if (skb->len != sizeof(struct hci_rp_read_local_version)) { 2003 bt_dev_err(hdev, "CSR: Local version length mismatch"); 2004 kfree_skb(skb); 2005 return -EIO; 2006 } 2007 2008 rp = (struct hci_rp_read_local_version *)skb->data; 2009 2010 /* Detect a wide host of Chinese controllers that aren't CSR. 2011 * 2012 * Known fake bcdDevices: 0x0100, 0x0134, 0x1915, 0x2520, 0x7558, 0x8891 2013 * 2014 * The main thing they have in common is that these are really popular low-cost 2015 * options that support newer Bluetooth versions but rely on heavy VID/PID 2016 * squatting of this poor old Bluetooth 1.1 device. Even sold as such. 2017 * 2018 * We detect actual CSR devices by checking that the HCI manufacturer code 2019 * is Cambridge Silicon Radio (10) and ensuring that LMP sub-version and 2020 * HCI rev values always match. As they both store the firmware number. 2021 */ 2022 if (le16_to_cpu(rp->manufacturer) != 10 || 2023 le16_to_cpu(rp->hci_rev) != le16_to_cpu(rp->lmp_subver)) 2024 is_fake = true; 2025 2026 /* Known legit CSR firmware build numbers and their supported BT versions: 2027 * - 1.1 (0x1) -> 0x0073, 0x020d, 0x033c, 0x034e 2028 * - 1.2 (0x2) -> 0x04d9, 0x0529 2029 * - 2.0 (0x3) -> 0x07a6, 0x07ad, 0x0c5c 2030 * - 2.1 (0x4) -> 0x149c, 0x1735, 0x1899 (0x1899 is a BlueCore4-External) 2031 * - 4.0 (0x6) -> 0x1d86, 0x2031, 0x22bb 2032 * 2033 * e.g. Real CSR dongles with LMP subversion 0x73 are old enough that 2034 * support BT 1.1 only; so it's a dead giveaway when some 2035 * third-party BT 4.0 dongle reuses it. 2036 */ 2037 else if (le16_to_cpu(rp->lmp_subver) <= 0x034e && 2038 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_1) 2039 is_fake = true; 2040 2041 else if (le16_to_cpu(rp->lmp_subver) <= 0x0529 && 2042 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_2) 2043 is_fake = true; 2044 2045 else if (le16_to_cpu(rp->lmp_subver) <= 0x0c5c && 2046 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_0) 2047 is_fake = true; 2048 2049 else if (le16_to_cpu(rp->lmp_subver) <= 0x1899 && 2050 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_1) 2051 is_fake = true; 2052 2053 else if (le16_to_cpu(rp->lmp_subver) <= 0x22bb && 2054 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_4_0) 2055 is_fake = true; 2056 2057 /* Other clones which beat all the above checks */ 2058 else if (bcdDevice == 0x0134 && 2059 le16_to_cpu(rp->lmp_subver) == 0x0c5c && 2060 le16_to_cpu(rp->hci_ver) == BLUETOOTH_VER_2_0) 2061 is_fake = true; 2062 2063 if (is_fake) { 2064 bt_dev_warn(hdev, "CSR: Unbranded CSR clone detected; adding workarounds and force-suspending once..."); 2065 2066 /* Generally these clones have big discrepancies between 2067 * advertised features and what's actually supported. 2068 * Probably will need to be expanded in the future; 2069 * without these the controller will lock up. 2070 */ 2071 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 2072 set_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks); 2073 set_bit(HCI_QUIRK_BROKEN_FILTER_CLEAR_ALL, &hdev->quirks); 2074 set_bit(HCI_QUIRK_NO_SUSPEND_NOTIFIER, &hdev->quirks); 2075 2076 /* Clear the reset quirk since this is not an actual 2077 * early Bluetooth 1.1 device from CSR. 2078 */ 2079 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 2080 clear_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 2081 2082 /* 2083 * Special workaround for these BT 4.0 chip clones, and potentially more: 2084 * 2085 * - 0x0134: a Barrot 8041a02 (HCI rev: 0x0810 sub: 0x1012) 2086 * - 0x7558: IC markings FR3191AHAL 749H15143 (HCI rev/sub-version: 0x0709) 2087 * 2088 * These controllers are really messed-up. 2089 * 2090 * 1. Their bulk RX endpoint will never report any data unless 2091 * the device was suspended at least once (yes, really). 2092 * 2. They will not wakeup when autosuspended and receiving data 2093 * on their bulk RX endpoint from e.g. a keyboard or mouse 2094 * (IOW remote-wakeup support is broken for the bulk endpoint). 2095 * 2096 * To fix 1. enable runtime-suspend, force-suspend the 2097 * HCI and then wake-it up by disabling runtime-suspend. 2098 * 2099 * To fix 2. clear the HCI's can_wake flag, this way the HCI 2100 * will still be autosuspended when it is not open. 2101 * 2102 * -- 2103 * 2104 * Because these are widespread problems we prefer generic solutions; so 2105 * apply this initialization quirk to every controller that gets here, 2106 * it should be harmless. The alternative is to not work at all. 2107 */ 2108 pm_runtime_allow(&data->udev->dev); 2109 2110 ret = pm_runtime_suspend(&data->udev->dev); 2111 if (ret >= 0) 2112 msleep(200); 2113 else 2114 bt_dev_warn(hdev, "CSR: Couldn't suspend the device for our Barrot 8041a02 receive-issue workaround"); 2115 2116 pm_runtime_forbid(&data->udev->dev); 2117 2118 device_set_wakeup_capable(&data->udev->dev, false); 2119 2120 /* Re-enable autosuspend if this was requested */ 2121 if (enable_autosuspend) 2122 usb_enable_autosuspend(data->udev); 2123 } 2124 2125 kfree_skb(skb); 2126 2127 return 0; 2128} 2129 2130static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) 2131{ 2132 struct sk_buff *skb; 2133 struct hci_event_hdr *hdr; 2134 struct hci_ev_cmd_complete *evt; 2135 2136 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL); 2137 if (!skb) 2138 return -ENOMEM; 2139 2140 hdr = skb_put(skb, sizeof(*hdr)); 2141 hdr->evt = HCI_EV_CMD_COMPLETE; 2142 hdr->plen = sizeof(*evt) + 1; 2143 2144 evt = skb_put(skb, sizeof(*evt)); 2145 evt->ncmd = 0x01; 2146 evt->opcode = cpu_to_le16(opcode); 2147 2148 skb_put_u8(skb, 0x00); 2149 2150 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 2151 2152 return hci_recv_frame(hdev, skb); 2153} 2154 2155static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer, 2156 int count) 2157{ 2158 struct hci_dev *hdev = data->hdev; 2159 2160 /* When the device is in bootloader mode, then it can send 2161 * events via the bulk endpoint. These events are treated the 2162 * same way as the ones received from the interrupt endpoint. 2163 */ 2164 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) 2165 return btusb_recv_intr(data, buffer, count); 2166 2167 return btusb_recv_bulk(data, buffer, count); 2168} 2169 2170static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb) 2171{ 2172 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 2173 struct hci_event_hdr *hdr = (void *)skb->data; 2174 2175 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff && 2176 hdr->plen > 0) { 2177 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1; 2178 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1; 2179 2180 switch (skb->data[2]) { 2181 case 0x02: 2182 /* When switching to the operational firmware 2183 * the device sends a vendor specific event 2184 * indicating that the bootup completed. 2185 */ 2186 btintel_bootup(hdev, ptr, len); 2187 break; 2188 case 0x06: 2189 /* When the firmware loading completes the 2190 * device sends out a vendor specific event 2191 * indicating the result of the firmware 2192 * loading. 2193 */ 2194 btintel_secure_send_result(hdev, ptr, len); 2195 break; 2196 } 2197 } 2198 } 2199 2200 return hci_recv_frame(hdev, skb); 2201} 2202 2203static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb) 2204{ 2205 struct urb *urb; 2206 2207 BT_DBG("%s", hdev->name); 2208 2209 switch (hci_skb_pkt_type(skb)) { 2210 case HCI_COMMAND_PKT: 2211 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 2212 struct hci_command_hdr *cmd = (void *)skb->data; 2213 __u16 opcode = le16_to_cpu(cmd->opcode); 2214 2215 /* When in bootloader mode and the command 0xfc09 2216 * is received, it needs to be send down the 2217 * bulk endpoint. So allocate a bulk URB instead. 2218 */ 2219 if (opcode == 0xfc09) 2220 urb = alloc_bulk_urb(hdev, skb); 2221 else 2222 urb = alloc_ctrl_urb(hdev, skb); 2223 2224 /* When the 0xfc01 command is issued to boot into 2225 * the operational firmware, it will actually not 2226 * send a command complete event. To keep the flow 2227 * control working inject that event here. 2228 */ 2229 if (opcode == 0xfc01) 2230 inject_cmd_complete(hdev, opcode); 2231 } else { 2232 urb = alloc_ctrl_urb(hdev, skb); 2233 } 2234 if (IS_ERR(urb)) 2235 return PTR_ERR(urb); 2236 2237 hdev->stat.cmd_tx++; 2238 return submit_or_queue_tx_urb(hdev, urb); 2239 2240 case HCI_ACLDATA_PKT: 2241 urb = alloc_bulk_urb(hdev, skb); 2242 if (IS_ERR(urb)) 2243 return PTR_ERR(urb); 2244 2245 hdev->stat.acl_tx++; 2246 return submit_or_queue_tx_urb(hdev, urb); 2247 2248 case HCI_SCODATA_PKT: 2249 if (hci_conn_num(hdev, SCO_LINK) < 1) 2250 return -ENODEV; 2251 2252 urb = alloc_isoc_urb(hdev, skb); 2253 if (IS_ERR(urb)) 2254 return PTR_ERR(urb); 2255 2256 hdev->stat.sco_tx++; 2257 return submit_tx_urb(hdev, urb); 2258 } 2259 2260 return -EILSEQ; 2261} 2262 2263/* UHW CR mapping */ 2264#define MTK_BT_MISC 0x70002510 2265#define MTK_BT_SUBSYS_RST 0x70002610 2266#define MTK_UDMA_INT_STA_BT 0x74000024 2267#define MTK_UDMA_INT_STA_BT1 0x74000308 2268#define MTK_BT_WDT_STATUS 0x740003A0 2269#define MTK_EP_RST_OPT 0x74011890 2270#define MTK_EP_RST_IN_OUT_OPT 0x00010001 2271#define MTK_BT_RST_DONE 0x00000100 2272#define MTK_BT_RESET_WAIT_MS 100 2273#define MTK_BT_RESET_NUM_TRIES 10 2274 2275static void btusb_mtk_wmt_recv(struct urb *urb) 2276{ 2277 struct hci_dev *hdev = urb->context; 2278 struct btusb_data *data = hci_get_drvdata(hdev); 2279 struct sk_buff *skb; 2280 int err; 2281 2282 if (urb->status == 0 && urb->actual_length > 0) { 2283 hdev->stat.byte_rx += urb->actual_length; 2284 2285 /* WMT event shouldn't be fragmented and the size should be 2286 * less than HCI_WMT_MAX_EVENT_SIZE. 2287 */ 2288 skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC); 2289 if (!skb) { 2290 hdev->stat.err_rx++; 2291 kfree(urb->setup_packet); 2292 return; 2293 } 2294 2295 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 2296 skb_put_data(skb, urb->transfer_buffer, urb->actual_length); 2297 2298 /* When someone waits for the WMT event, the skb is being cloned 2299 * and being processed the events from there then. 2300 */ 2301 if (test_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags)) { 2302 data->evt_skb = skb_clone(skb, GFP_ATOMIC); 2303 if (!data->evt_skb) { 2304 kfree_skb(skb); 2305 kfree(urb->setup_packet); 2306 return; 2307 } 2308 } 2309 2310 err = hci_recv_frame(hdev, skb); 2311 if (err < 0) { 2312 kfree_skb(data->evt_skb); 2313 data->evt_skb = NULL; 2314 kfree(urb->setup_packet); 2315 return; 2316 } 2317 2318 if (test_and_clear_bit(BTUSB_TX_WAIT_VND_EVT, 2319 &data->flags)) { 2320 /* Barrier to sync with other CPUs */ 2321 smp_mb__after_atomic(); 2322 wake_up_bit(&data->flags, 2323 BTUSB_TX_WAIT_VND_EVT); 2324 } 2325 kfree(urb->setup_packet); 2326 return; 2327 } else if (urb->status == -ENOENT) { 2328 /* Avoid suspend failed when usb_kill_urb */ 2329 return; 2330 } 2331 2332 usb_mark_last_busy(data->udev); 2333 2334 /* The URB complete handler is still called with urb->actual_length = 0 2335 * when the event is not available, so we should keep re-submitting 2336 * URB until WMT event returns, Also, It's necessary to wait some time 2337 * between the two consecutive control URBs to relax the target device 2338 * to generate the event. Otherwise, the WMT event cannot return from 2339 * the device successfully. 2340 */ 2341 udelay(500); 2342 2343 usb_anchor_urb(urb, &data->ctrl_anchor); 2344 err = usb_submit_urb(urb, GFP_ATOMIC); 2345 if (err < 0) { 2346 kfree(urb->setup_packet); 2347 /* -EPERM: urb is being killed; 2348 * -ENODEV: device got disconnected 2349 */ 2350 if (err != -EPERM && err != -ENODEV) 2351 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 2352 urb, -err); 2353 usb_unanchor_urb(urb); 2354 } 2355} 2356 2357static int btusb_mtk_submit_wmt_recv_urb(struct hci_dev *hdev) 2358{ 2359 struct btusb_data *data = hci_get_drvdata(hdev); 2360 struct usb_ctrlrequest *dr; 2361 unsigned char *buf; 2362 int err, size = 64; 2363 unsigned int pipe; 2364 struct urb *urb; 2365 2366 urb = usb_alloc_urb(0, GFP_KERNEL); 2367 if (!urb) 2368 return -ENOMEM; 2369 2370 dr = kmalloc(sizeof(*dr), GFP_KERNEL); 2371 if (!dr) { 2372 usb_free_urb(urb); 2373 return -ENOMEM; 2374 } 2375 2376 dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN; 2377 dr->bRequest = 1; 2378 dr->wIndex = cpu_to_le16(0); 2379 dr->wValue = cpu_to_le16(48); 2380 dr->wLength = cpu_to_le16(size); 2381 2382 buf = kmalloc(size, GFP_KERNEL); 2383 if (!buf) { 2384 kfree(dr); 2385 usb_free_urb(urb); 2386 return -ENOMEM; 2387 } 2388 2389 pipe = usb_rcvctrlpipe(data->udev, 0); 2390 2391 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 2392 buf, size, btusb_mtk_wmt_recv, hdev); 2393 2394 urb->transfer_flags |= URB_FREE_BUFFER; 2395 2396 usb_anchor_urb(urb, &data->ctrl_anchor); 2397 err = usb_submit_urb(urb, GFP_KERNEL); 2398 if (err < 0) { 2399 if (err != -EPERM && err != -ENODEV) 2400 bt_dev_err(hdev, "urb %p submission failed (%d)", 2401 urb, -err); 2402 usb_unanchor_urb(urb); 2403 } 2404 2405 usb_free_urb(urb); 2406 2407 return err; 2408} 2409 2410static int btusb_mtk_hci_wmt_sync(struct hci_dev *hdev, 2411 struct btmtk_hci_wmt_params *wmt_params) 2412{ 2413 struct btusb_data *data = hci_get_drvdata(hdev); 2414 struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc; 2415 u32 hlen, status = BTMTK_WMT_INVALID; 2416 struct btmtk_hci_wmt_evt *wmt_evt; 2417 struct btmtk_hci_wmt_cmd *wc; 2418 struct btmtk_wmt_hdr *hdr; 2419 int err; 2420 2421 /* Send the WMT command and wait until the WMT event returns */ 2422 hlen = sizeof(*hdr) + wmt_params->dlen; 2423 if (hlen > 255) 2424 return -EINVAL; 2425 2426 wc = kzalloc(hlen, GFP_KERNEL); 2427 if (!wc) 2428 return -ENOMEM; 2429 2430 hdr = &wc->hdr; 2431 hdr->dir = 1; 2432 hdr->op = wmt_params->op; 2433 hdr->dlen = cpu_to_le16(wmt_params->dlen + 1); 2434 hdr->flag = wmt_params->flag; 2435 memcpy(wc->data, wmt_params->data, wmt_params->dlen); 2436 2437 set_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags); 2438 2439 err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc); 2440 2441 if (err < 0) { 2442 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags); 2443 goto err_free_wc; 2444 } 2445 2446 /* Submit control IN URB on demand to process the WMT event */ 2447 err = btusb_mtk_submit_wmt_recv_urb(hdev); 2448 if (err < 0) 2449 goto err_free_wc; 2450 2451 /* The vendor specific WMT commands are all answered by a vendor 2452 * specific event and will have the Command Status or Command 2453 * Complete as with usual HCI command flow control. 2454 * 2455 * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT 2456 * state to be cleared. The driver specific event receive routine 2457 * will clear that state and with that indicate completion of the 2458 * WMT command. 2459 */ 2460 err = wait_on_bit_timeout(&data->flags, BTUSB_TX_WAIT_VND_EVT, 2461 TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT); 2462 if (err == -EINTR) { 2463 bt_dev_err(hdev, "Execution of wmt command interrupted"); 2464 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags); 2465 goto err_free_wc; 2466 } 2467 2468 if (err) { 2469 bt_dev_err(hdev, "Execution of wmt command timed out"); 2470 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags); 2471 err = -ETIMEDOUT; 2472 goto err_free_wc; 2473 } 2474 2475 /* Parse and handle the return WMT event */ 2476 wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data; 2477 if (wmt_evt->whdr.op != hdr->op) { 2478 bt_dev_err(hdev, "Wrong op received %d expected %d", 2479 wmt_evt->whdr.op, hdr->op); 2480 err = -EIO; 2481 goto err_free_skb; 2482 } 2483 2484 switch (wmt_evt->whdr.op) { 2485 case BTMTK_WMT_SEMAPHORE: 2486 if (wmt_evt->whdr.flag == 2) 2487 status = BTMTK_WMT_PATCH_UNDONE; 2488 else 2489 status = BTMTK_WMT_PATCH_DONE; 2490 break; 2491 case BTMTK_WMT_FUNC_CTRL: 2492 wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt; 2493 if (be16_to_cpu(wmt_evt_funcc->status) == 0x404) 2494 status = BTMTK_WMT_ON_DONE; 2495 else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420) 2496 status = BTMTK_WMT_ON_PROGRESS; 2497 else 2498 status = BTMTK_WMT_ON_UNDONE; 2499 break; 2500 case BTMTK_WMT_PATCH_DWNLD: 2501 if (wmt_evt->whdr.flag == 2) 2502 status = BTMTK_WMT_PATCH_DONE; 2503 else if (wmt_evt->whdr.flag == 1) 2504 status = BTMTK_WMT_PATCH_PROGRESS; 2505 else 2506 status = BTMTK_WMT_PATCH_UNDONE; 2507 break; 2508 } 2509 2510 if (wmt_params->status) 2511 *wmt_params->status = status; 2512 2513err_free_skb: 2514 kfree_skb(data->evt_skb); 2515 data->evt_skb = NULL; 2516err_free_wc: 2517 kfree(wc); 2518 return err; 2519} 2520 2521static int btusb_mtk_func_query(struct hci_dev *hdev) 2522{ 2523 struct btmtk_hci_wmt_params wmt_params; 2524 int status, err; 2525 u8 param = 0; 2526 2527 /* Query whether the function is enabled */ 2528 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 2529 wmt_params.flag = 4; 2530 wmt_params.dlen = sizeof(param); 2531 wmt_params.data = ¶m; 2532 wmt_params.status = &status; 2533 2534 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 2535 if (err < 0) { 2536 bt_dev_err(hdev, "Failed to query function status (%d)", err); 2537 return err; 2538 } 2539 2540 return status; 2541} 2542 2543static int btusb_mtk_uhw_reg_write(struct btusb_data *data, u32 reg, u32 val) 2544{ 2545 struct hci_dev *hdev = data->hdev; 2546 int pipe, err; 2547 void *buf; 2548 2549 buf = kzalloc(4, GFP_KERNEL); 2550 if (!buf) 2551 return -ENOMEM; 2552 2553 put_unaligned_le32(val, buf); 2554 2555 pipe = usb_sndctrlpipe(data->udev, 0); 2556 err = usb_control_msg(data->udev, pipe, 0x02, 2557 0x5E, 2558 reg >> 16, reg & 0xffff, 2559 buf, 4, USB_CTRL_SET_TIMEOUT); 2560 if (err < 0) { 2561 bt_dev_err(hdev, "Failed to write uhw reg(%d)", err); 2562 goto err_free_buf; 2563 } 2564 2565err_free_buf: 2566 kfree(buf); 2567 2568 return err; 2569} 2570 2571static int btusb_mtk_uhw_reg_read(struct btusb_data *data, u32 reg, u32 *val) 2572{ 2573 struct hci_dev *hdev = data->hdev; 2574 int pipe, err; 2575 void *buf; 2576 2577 buf = kzalloc(4, GFP_KERNEL); 2578 if (!buf) 2579 return -ENOMEM; 2580 2581 pipe = usb_rcvctrlpipe(data->udev, 0); 2582 err = usb_control_msg(data->udev, pipe, 0x01, 2583 0xDE, 2584 reg >> 16, reg & 0xffff, 2585 buf, 4, USB_CTRL_SET_TIMEOUT); 2586 if (err < 0) { 2587 bt_dev_err(hdev, "Failed to read uhw reg(%d)", err); 2588 goto err_free_buf; 2589 } 2590 2591 *val = get_unaligned_le32(buf); 2592 bt_dev_dbg(hdev, "reg=%x, value=0x%08x", reg, *val); 2593 2594err_free_buf: 2595 kfree(buf); 2596 2597 return err; 2598} 2599 2600static int btusb_mtk_reg_read(struct btusb_data *data, u32 reg, u32 *val) 2601{ 2602 int pipe, err, size = sizeof(u32); 2603 void *buf; 2604 2605 buf = kzalloc(size, GFP_KERNEL); 2606 if (!buf) 2607 return -ENOMEM; 2608 2609 pipe = usb_rcvctrlpipe(data->udev, 0); 2610 err = usb_control_msg(data->udev, pipe, 0x63, 2611 USB_TYPE_VENDOR | USB_DIR_IN, 2612 reg >> 16, reg & 0xffff, 2613 buf, size, USB_CTRL_SET_TIMEOUT); 2614 if (err < 0) 2615 goto err_free_buf; 2616 2617 *val = get_unaligned_le32(buf); 2618 2619err_free_buf: 2620 kfree(buf); 2621 2622 return err; 2623} 2624 2625static int btusb_mtk_id_get(struct btusb_data *data, u32 reg, u32 *id) 2626{ 2627 return btusb_mtk_reg_read(data, reg, id); 2628} 2629 2630static int btusb_mtk_setup(struct hci_dev *hdev) 2631{ 2632 struct btusb_data *data = hci_get_drvdata(hdev); 2633 struct btmtk_hci_wmt_params wmt_params; 2634 ktime_t calltime, delta, rettime; 2635 struct btmtk_tci_sleep tci_sleep; 2636 unsigned long long duration; 2637 struct sk_buff *skb; 2638 const char *fwname; 2639 int err, status; 2640 u32 dev_id; 2641 char fw_bin_name[64]; 2642 u32 fw_version = 0; 2643 u8 param; 2644 2645 calltime = ktime_get(); 2646 2647 err = btusb_mtk_id_get(data, 0x80000008, &dev_id); 2648 if (err < 0) { 2649 bt_dev_err(hdev, "Failed to get device id (%d)", err); 2650 return err; 2651 } 2652 2653 if (!dev_id) { 2654 err = btusb_mtk_id_get(data, 0x70010200, &dev_id); 2655 if (err < 0) { 2656 bt_dev_err(hdev, "Failed to get device id (%d)", err); 2657 return err; 2658 } 2659 err = btusb_mtk_id_get(data, 0x80021004, &fw_version); 2660 if (err < 0) { 2661 bt_dev_err(hdev, "Failed to get fw version (%d)", err); 2662 return err; 2663 } 2664 } 2665 2666 switch (dev_id) { 2667 case 0x7663: 2668 fwname = FIRMWARE_MT7663; 2669 break; 2670 case 0x7668: 2671 fwname = FIRMWARE_MT7668; 2672 break; 2673 case 0x7922: 2674 case 0x7961: 2675 snprintf(fw_bin_name, sizeof(fw_bin_name), 2676 "mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin", 2677 dev_id & 0xffff, (fw_version & 0xff) + 1); 2678 err = btmtk_setup_firmware_79xx(hdev, fw_bin_name, 2679 btusb_mtk_hci_wmt_sync); 2680 if (err < 0) { 2681 bt_dev_err(hdev, "Failed to set up firmware (%d)", err); 2682 return err; 2683 } 2684 2685 /* It's Device EndPoint Reset Option Register */ 2686 btusb_mtk_uhw_reg_write(data, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT); 2687 2688 /* Enable Bluetooth protocol */ 2689 param = 1; 2690 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 2691 wmt_params.flag = 0; 2692 wmt_params.dlen = sizeof(param); 2693 wmt_params.data = ¶m; 2694 wmt_params.status = NULL; 2695 2696 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 2697 if (err < 0) { 2698 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 2699 return err; 2700 } 2701 2702 hci_set_msft_opcode(hdev, 0xFD30); 2703 hci_set_aosp_capable(hdev); 2704 goto done; 2705 default: 2706 bt_dev_err(hdev, "Unsupported hardware variant (%08x)", 2707 dev_id); 2708 return -ENODEV; 2709 } 2710 2711 /* Query whether the firmware is already download */ 2712 wmt_params.op = BTMTK_WMT_SEMAPHORE; 2713 wmt_params.flag = 1; 2714 wmt_params.dlen = 0; 2715 wmt_params.data = NULL; 2716 wmt_params.status = &status; 2717 2718 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 2719 if (err < 0) { 2720 bt_dev_err(hdev, "Failed to query firmware status (%d)", err); 2721 return err; 2722 } 2723 2724 if (status == BTMTK_WMT_PATCH_DONE) { 2725 bt_dev_info(hdev, "firmware already downloaded"); 2726 goto ignore_setup_fw; 2727 } 2728 2729 /* Setup a firmware which the device definitely requires */ 2730 err = btmtk_setup_firmware(hdev, fwname, 2731 btusb_mtk_hci_wmt_sync); 2732 if (err < 0) 2733 return err; 2734 2735ignore_setup_fw: 2736 err = readx_poll_timeout(btusb_mtk_func_query, hdev, status, 2737 status < 0 || status != BTMTK_WMT_ON_PROGRESS, 2738 2000, 5000000); 2739 /* -ETIMEDOUT happens */ 2740 if (err < 0) 2741 return err; 2742 2743 /* The other errors happen in btusb_mtk_func_query */ 2744 if (status < 0) 2745 return status; 2746 2747 if (status == BTMTK_WMT_ON_DONE) { 2748 bt_dev_info(hdev, "function already on"); 2749 goto ignore_func_on; 2750 } 2751 2752 /* Enable Bluetooth protocol */ 2753 param = 1; 2754 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 2755 wmt_params.flag = 0; 2756 wmt_params.dlen = sizeof(param); 2757 wmt_params.data = ¶m; 2758 wmt_params.status = NULL; 2759 2760 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 2761 if (err < 0) { 2762 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 2763 return err; 2764 } 2765 2766ignore_func_on: 2767 /* Apply the low power environment setup */ 2768 tci_sleep.mode = 0x5; 2769 tci_sleep.duration = cpu_to_le16(0x640); 2770 tci_sleep.host_duration = cpu_to_le16(0x640); 2771 tci_sleep.host_wakeup_pin = 0; 2772 tci_sleep.time_compensation = 0; 2773 2774 skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep, 2775 HCI_INIT_TIMEOUT); 2776 if (IS_ERR(skb)) { 2777 err = PTR_ERR(skb); 2778 bt_dev_err(hdev, "Failed to apply low power setting (%d)", err); 2779 return err; 2780 } 2781 kfree_skb(skb); 2782 2783done: 2784 rettime = ktime_get(); 2785 delta = ktime_sub(rettime, calltime); 2786 duration = (unsigned long long)ktime_to_ns(delta) >> 10; 2787 2788 bt_dev_info(hdev, "Device setup in %llu usecs", duration); 2789 2790 return 0; 2791} 2792 2793static int btusb_mtk_shutdown(struct hci_dev *hdev) 2794{ 2795 struct btmtk_hci_wmt_params wmt_params; 2796 u8 param = 0; 2797 int err; 2798 2799 /* Disable the device */ 2800 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 2801 wmt_params.flag = 0; 2802 wmt_params.dlen = sizeof(param); 2803 wmt_params.data = ¶m; 2804 wmt_params.status = NULL; 2805 2806 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 2807 if (err < 0) { 2808 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 2809 return err; 2810 } 2811 2812 return 0; 2813} 2814 2815static void btusb_mtk_cmd_timeout(struct hci_dev *hdev) 2816{ 2817 struct btusb_data *data = hci_get_drvdata(hdev); 2818 u32 val; 2819 int err, retry = 0; 2820 2821 /* It's MediaTek specific bluetooth reset mechanism via USB */ 2822 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) { 2823 bt_dev_err(hdev, "last reset failed? Not resetting again"); 2824 return; 2825 } 2826 2827 err = usb_autopm_get_interface(data->intf); 2828 if (err < 0) 2829 return; 2830 2831 btusb_stop_traffic(data); 2832 usb_kill_anchored_urbs(&data->tx_anchor); 2833 2834 /* It's Device EndPoint Reset Option Register */ 2835 bt_dev_dbg(hdev, "Initiating reset mechanism via uhw"); 2836 btusb_mtk_uhw_reg_write(data, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT); 2837 btusb_mtk_uhw_reg_read(data, MTK_BT_WDT_STATUS, &val); 2838 2839 /* Reset the bluetooth chip via USB interface. */ 2840 btusb_mtk_uhw_reg_write(data, MTK_BT_SUBSYS_RST, 1); 2841 btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT, 0x000000FF); 2842 btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT, &val); 2843 btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT1, 0x000000FF); 2844 btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT1, &val); 2845 /* MT7921 need to delay 20ms between toggle reset bit */ 2846 msleep(20); 2847 btusb_mtk_uhw_reg_write(data, MTK_BT_SUBSYS_RST, 0); 2848 btusb_mtk_uhw_reg_read(data, MTK_BT_SUBSYS_RST, &val); 2849 2850 /* Poll the register until reset is completed */ 2851 do { 2852 btusb_mtk_uhw_reg_read(data, MTK_BT_MISC, &val); 2853 if (val & MTK_BT_RST_DONE) { 2854 bt_dev_dbg(hdev, "Bluetooth Reset Successfully"); 2855 break; 2856 } 2857 2858 bt_dev_dbg(hdev, "Polling Bluetooth Reset CR"); 2859 retry++; 2860 msleep(MTK_BT_RESET_WAIT_MS); 2861 } while (retry < MTK_BT_RESET_NUM_TRIES); 2862 2863 btusb_mtk_id_get(data, 0x70010200, &val); 2864 if (!val) 2865 bt_dev_err(hdev, "Can't get device id, subsys reset fail."); 2866 2867 usb_queue_reset_device(data->intf); 2868 2869 clear_bit(BTUSB_HW_RESET_ACTIVE, &data->flags); 2870} 2871 2872static int btusb_recv_acl_mtk(struct hci_dev *hdev, struct sk_buff *skb) 2873{ 2874 struct btusb_data *data = hci_get_drvdata(hdev); 2875 u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle); 2876 2877 switch (handle) { 2878 case 0xfc6f: /* Firmware dump from device */ 2879 /* When the firmware hangs, the device can no longer 2880 * suspend and thus disable auto-suspend. 2881 */ 2882 usb_disable_autosuspend(data->udev); 2883 fallthrough; 2884 case 0x05ff: /* Firmware debug logging 1 */ 2885 case 0x05fe: /* Firmware debug logging 2 */ 2886 return hci_recv_diag(hdev, skb); 2887 } 2888 2889 return hci_recv_frame(hdev, skb); 2890} 2891 2892#ifdef CONFIG_PM 2893/* Configure an out-of-band gpio as wake-up pin, if specified in device tree */ 2894static int marvell_config_oob_wake(struct hci_dev *hdev) 2895{ 2896 struct sk_buff *skb; 2897 struct btusb_data *data = hci_get_drvdata(hdev); 2898 struct device *dev = &data->udev->dev; 2899 u16 pin, gap, opcode; 2900 int ret; 2901 u8 cmd[5]; 2902 2903 /* Move on if no wakeup pin specified */ 2904 if (of_property_read_u16(dev->of_node, "marvell,wakeup-pin", &pin) || 2905 of_property_read_u16(dev->of_node, "marvell,wakeup-gap-ms", &gap)) 2906 return 0; 2907 2908 /* Vendor specific command to configure a GPIO as wake-up pin */ 2909 opcode = hci_opcode_pack(0x3F, 0x59); 2910 cmd[0] = opcode & 0xFF; 2911 cmd[1] = opcode >> 8; 2912 cmd[2] = 2; /* length of parameters that follow */ 2913 cmd[3] = pin; 2914 cmd[4] = gap; /* time in ms, for which wakeup pin should be asserted */ 2915 2916 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL); 2917 if (!skb) { 2918 bt_dev_err(hdev, "%s: No memory", __func__); 2919 return -ENOMEM; 2920 } 2921 2922 skb_put_data(skb, cmd, sizeof(cmd)); 2923 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 2924 2925 ret = btusb_send_frame(hdev, skb); 2926 if (ret) { 2927 bt_dev_err(hdev, "%s: configuration failed", __func__); 2928 kfree_skb(skb); 2929 return ret; 2930 } 2931 2932 return 0; 2933} 2934#endif 2935 2936static int btusb_set_bdaddr_marvell(struct hci_dev *hdev, 2937 const bdaddr_t *bdaddr) 2938{ 2939 struct sk_buff *skb; 2940 u8 buf[8]; 2941 long ret; 2942 2943 buf[0] = 0xfe; 2944 buf[1] = sizeof(bdaddr_t); 2945 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t)); 2946 2947 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT); 2948 if (IS_ERR(skb)) { 2949 ret = PTR_ERR(skb); 2950 bt_dev_err(hdev, "changing Marvell device address failed (%ld)", 2951 ret); 2952 return ret; 2953 } 2954 kfree_skb(skb); 2955 2956 return 0; 2957} 2958 2959static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev, 2960 const bdaddr_t *bdaddr) 2961{ 2962 struct sk_buff *skb; 2963 u8 buf[10]; 2964 long ret; 2965 2966 buf[0] = 0x01; 2967 buf[1] = 0x01; 2968 buf[2] = 0x00; 2969 buf[3] = sizeof(bdaddr_t); 2970 memcpy(buf + 4, bdaddr, sizeof(bdaddr_t)); 2971 2972 skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT); 2973 if (IS_ERR(skb)) { 2974 ret = PTR_ERR(skb); 2975 bt_dev_err(hdev, "Change address command failed (%ld)", ret); 2976 return ret; 2977 } 2978 kfree_skb(skb); 2979 2980 return 0; 2981} 2982 2983static int btusb_set_bdaddr_wcn6855(struct hci_dev *hdev, 2984 const bdaddr_t *bdaddr) 2985{ 2986 struct sk_buff *skb; 2987 u8 buf[6]; 2988 long ret; 2989 2990 memcpy(buf, bdaddr, sizeof(bdaddr_t)); 2991 2992 skb = __hci_cmd_sync_ev(hdev, 0xfc14, sizeof(buf), buf, 2993 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT); 2994 if (IS_ERR(skb)) { 2995 ret = PTR_ERR(skb); 2996 bt_dev_err(hdev, "Change address command failed (%ld)", ret); 2997 return ret; 2998 } 2999 kfree_skb(skb); 3000 3001 return 0; 3002} 3003 3004#define QCA_DFU_PACKET_LEN 4096 3005 3006#define QCA_GET_TARGET_VERSION 0x09 3007#define QCA_CHECK_STATUS 0x05 3008#define QCA_DFU_DOWNLOAD 0x01 3009 3010#define QCA_SYSCFG_UPDATED 0x40 3011#define QCA_PATCH_UPDATED 0x80 3012#define QCA_DFU_TIMEOUT 3000 3013#define QCA_FLAG_MULTI_NVM 0x80 3014#define QCA_BT_RESET_WAIT_MS 100 3015 3016#define WCN6855_2_0_RAM_VERSION_GF 0x400c1200 3017#define WCN6855_2_1_RAM_VERSION_GF 0x400c1211 3018 3019struct qca_version { 3020 __le32 rom_version; 3021 __le32 patch_version; 3022 __le32 ram_version; 3023 __u8 chip_id; 3024 __u8 platform_id; 3025 __le16 flag; 3026 __u8 reserved[4]; 3027} __packed; 3028 3029struct qca_rampatch_version { 3030 __le16 rom_version_high; 3031 __le16 rom_version_low; 3032 __le16 patch_version; 3033} __packed; 3034 3035struct qca_device_info { 3036 u32 rom_version; 3037 u8 rampatch_hdr; /* length of header in rampatch */ 3038 u8 nvm_hdr; /* length of header in NVM */ 3039 u8 ver_offset; /* offset of version structure in rampatch */ 3040}; 3041 3042static const struct qca_device_info qca_devices_table[] = { 3043 { 0x00000100, 20, 4, 8 }, /* Rome 1.0 */ 3044 { 0x00000101, 20, 4, 8 }, /* Rome 1.1 */ 3045 { 0x00000200, 28, 4, 16 }, /* Rome 2.0 */ 3046 { 0x00000201, 28, 4, 16 }, /* Rome 2.1 */ 3047 { 0x00000300, 28, 4, 16 }, /* Rome 3.0 */ 3048 { 0x00000302, 28, 4, 16 }, /* Rome 3.2 */ 3049 { 0x00130100, 40, 4, 16 }, /* WCN6855 1.0 */ 3050 { 0x00130200, 40, 4, 16 }, /* WCN6855 2.0 */ 3051 { 0x00130201, 40, 4, 16 }, /* WCN6855 2.1 */ 3052 { 0x00190200, 40, 4, 16 }, /* WCN785x 2.0 */ 3053}; 3054 3055static int btusb_qca_send_vendor_req(struct usb_device *udev, u8 request, 3056 void *data, u16 size) 3057{ 3058 int pipe, err; 3059 u8 *buf; 3060 3061 buf = kmalloc(size, GFP_KERNEL); 3062 if (!buf) 3063 return -ENOMEM; 3064 3065 /* Found some of USB hosts have IOT issues with ours so that we should 3066 * not wait until HCI layer is ready. 3067 */ 3068 pipe = usb_rcvctrlpipe(udev, 0); 3069 err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN, 3070 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); 3071 if (err < 0) { 3072 dev_err(&udev->dev, "Failed to access otp area (%d)", err); 3073 goto done; 3074 } 3075 3076 memcpy(data, buf, size); 3077 3078done: 3079 kfree(buf); 3080 3081 return err; 3082} 3083 3084static int btusb_setup_qca_download_fw(struct hci_dev *hdev, 3085 const struct firmware *firmware, 3086 size_t hdr_size) 3087{ 3088 struct btusb_data *btdata = hci_get_drvdata(hdev); 3089 struct usb_device *udev = btdata->udev; 3090 size_t count, size, sent = 0; 3091 int pipe, len, err; 3092 u8 *buf; 3093 3094 buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL); 3095 if (!buf) 3096 return -ENOMEM; 3097 3098 count = firmware->size; 3099 3100 size = min_t(size_t, count, hdr_size); 3101 memcpy(buf, firmware->data, size); 3102 3103 /* USB patches should go down to controller through USB path 3104 * because binary format fits to go down through USB channel. 3105 * USB control path is for patching headers and USB bulk is for 3106 * patch body. 3107 */ 3108 pipe = usb_sndctrlpipe(udev, 0); 3109 err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR, 3110 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); 3111 if (err < 0) { 3112 bt_dev_err(hdev, "Failed to send headers (%d)", err); 3113 goto done; 3114 } 3115 3116 sent += size; 3117 count -= size; 3118 3119 /* ep2 need time to switch from function acl to function dfu, 3120 * so we add 20ms delay here. 3121 */ 3122 msleep(20); 3123 3124 while (count) { 3125 size = min_t(size_t, count, QCA_DFU_PACKET_LEN); 3126 3127 memcpy(buf, firmware->data + sent, size); 3128 3129 pipe = usb_sndbulkpipe(udev, 0x02); 3130 err = usb_bulk_msg(udev, pipe, buf, size, &len, 3131 QCA_DFU_TIMEOUT); 3132 if (err < 0) { 3133 bt_dev_err(hdev, "Failed to send body at %zd of %zd (%d)", 3134 sent, firmware->size, err); 3135 break; 3136 } 3137 3138 if (size != len) { 3139 bt_dev_err(hdev, "Failed to get bulk buffer"); 3140 err = -EILSEQ; 3141 break; 3142 } 3143 3144 sent += size; 3145 count -= size; 3146 } 3147 3148done: 3149 kfree(buf); 3150 return err; 3151} 3152 3153static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, 3154 struct qca_version *ver, 3155 const struct qca_device_info *info) 3156{ 3157 struct qca_rampatch_version *rver; 3158 const struct firmware *fw; 3159 u32 ver_rom, ver_patch, rver_rom; 3160 u16 rver_rom_low, rver_rom_high, rver_patch; 3161 char fwname[64]; 3162 int err; 3163 3164 ver_rom = le32_to_cpu(ver->rom_version); 3165 ver_patch = le32_to_cpu(ver->patch_version); 3166 3167 snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", ver_rom); 3168 3169 err = request_firmware(&fw, fwname, &hdev->dev); 3170 if (err) { 3171 bt_dev_err(hdev, "failed to request rampatch file: %s (%d)", 3172 fwname, err); 3173 return err; 3174 } 3175 3176 bt_dev_info(hdev, "using rampatch file: %s", fwname); 3177 3178 rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset); 3179 rver_rom_low = le16_to_cpu(rver->rom_version_low); 3180 rver_patch = le16_to_cpu(rver->patch_version); 3181 3182 if (ver_rom & ~0xffffU) { 3183 rver_rom_high = le16_to_cpu(rver->rom_version_high); 3184 rver_rom = le32_to_cpu(rver_rom_high << 16 | rver_rom_low); 3185 } else { 3186 rver_rom = rver_rom_low; 3187 } 3188 3189 bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, " 3190 "firmware rome 0x%x build 0x%x", 3191 rver_rom, rver_patch, ver_rom, ver_patch); 3192 3193 if (rver_rom != ver_rom || rver_patch <= ver_patch) { 3194 bt_dev_err(hdev, "rampatch file version did not match with firmware"); 3195 err = -EINVAL; 3196 goto done; 3197 } 3198 3199 err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr); 3200 3201done: 3202 release_firmware(fw); 3203 3204 return err; 3205} 3206 3207static void btusb_generate_qca_nvm_name(char *fwname, size_t max_size, 3208 const struct qca_version *ver) 3209{ 3210 u32 rom_version = le32_to_cpu(ver->rom_version); 3211 u16 flag = le16_to_cpu(ver->flag); 3212 3213 if (((flag >> 8) & 0xff) == QCA_FLAG_MULTI_NVM) { 3214 /* The board_id should be split into two bytes 3215 * The 1st byte is chip ID, and the 2nd byte is platform ID 3216 * For example, board ID 0x010A, 0x01 is platform ID. 0x0A is chip ID 3217 * we have several platforms, and platform IDs are continuously added 3218 * Platform ID: 3219 * 0x00 is for Mobile 3220 * 0x01 is for X86 3221 * 0x02 is for Automotive 3222 * 0x03 is for Consumer electronic 3223 */ 3224 u16 board_id = (ver->chip_id << 8) + ver->platform_id; 3225 const char *variant; 3226 3227 switch (le32_to_cpu(ver->ram_version)) { 3228 case WCN6855_2_0_RAM_VERSION_GF: 3229 case WCN6855_2_1_RAM_VERSION_GF: 3230 variant = "_gf"; 3231 break; 3232 default: 3233 variant = ""; 3234 break; 3235 } 3236 3237 if (board_id == 0) { 3238 snprintf(fwname, max_size, "qca/nvm_usb_%08x%s.bin", 3239 rom_version, variant); 3240 } else { 3241 snprintf(fwname, max_size, "qca/nvm_usb_%08x%s_%04x.bin", 3242 rom_version, variant, board_id); 3243 } 3244 } else { 3245 snprintf(fwname, max_size, "qca/nvm_usb_%08x.bin", 3246 rom_version); 3247 } 3248 3249} 3250 3251static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, 3252 struct qca_version *ver, 3253 const struct qca_device_info *info) 3254{ 3255 const struct firmware *fw; 3256 char fwname[64]; 3257 int err; 3258 3259 btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver); 3260 3261 err = request_firmware(&fw, fwname, &hdev->dev); 3262 if (err) { 3263 bt_dev_err(hdev, "failed to request NVM file: %s (%d)", 3264 fwname, err); 3265 return err; 3266 } 3267 3268 bt_dev_info(hdev, "using NVM file: %s", fwname); 3269 3270 err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr); 3271 3272 release_firmware(fw); 3273 3274 return err; 3275} 3276 3277/* identify the ROM version and check whether patches are needed */ 3278static bool btusb_qca_need_patch(struct usb_device *udev) 3279{ 3280 struct qca_version ver; 3281 3282 if (btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver, 3283 sizeof(ver)) < 0) 3284 return false; 3285 /* only low ROM versions need patches */ 3286 return !(le32_to_cpu(ver.rom_version) & ~0xffffU); 3287} 3288 3289static int btusb_setup_qca(struct hci_dev *hdev) 3290{ 3291 struct btusb_data *btdata = hci_get_drvdata(hdev); 3292 struct usb_device *udev = btdata->udev; 3293 const struct qca_device_info *info = NULL; 3294 struct qca_version ver; 3295 u32 ver_rom; 3296 u8 status; 3297 int i, err; 3298 3299 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver, 3300 sizeof(ver)); 3301 if (err < 0) 3302 return err; 3303 3304 ver_rom = le32_to_cpu(ver.rom_version); 3305 3306 for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) { 3307 if (ver_rom == qca_devices_table[i].rom_version) 3308 info = &qca_devices_table[i]; 3309 } 3310 if (!info) { 3311 /* If the rom_version is not matched in the qca_devices_table 3312 * and the high ROM version is not zero, we assume this chip no 3313 * need to load the rampatch and nvm. 3314 */ 3315 if (ver_rom & ~0xffffU) 3316 return 0; 3317 3318 bt_dev_err(hdev, "don't support firmware rome 0x%x", ver_rom); 3319 return -ENODEV; 3320 } 3321 3322 err = btusb_qca_send_vendor_req(udev, QCA_CHECK_STATUS, &status, 3323 sizeof(status)); 3324 if (err < 0) 3325 return err; 3326 3327 if (!(status & QCA_PATCH_UPDATED)) { 3328 err = btusb_setup_qca_load_rampatch(hdev, &ver, info); 3329 if (err < 0) 3330 return err; 3331 } 3332 3333 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver, 3334 sizeof(ver)); 3335 if (err < 0) 3336 return err; 3337 3338 if (!(status & QCA_SYSCFG_UPDATED)) { 3339 err = btusb_setup_qca_load_nvm(hdev, &ver, info); 3340 if (err < 0) 3341 return err; 3342 3343 /* WCN6855 2.1 and later will reset to apply firmware downloaded here, so 3344 * wait ~100ms for reset Done then go ahead, otherwise, it maybe 3345 * cause potential enable failure. 3346 */ 3347 if (info->rom_version >= 0x00130201) 3348 msleep(QCA_BT_RESET_WAIT_MS); 3349 } 3350 3351 /* Mark HCI_OP_ENHANCED_SETUP_SYNC_CONN as broken as it doesn't seem to 3352 * work with the likes of HSP/HFP mSBC. 3353 */ 3354 set_bit(HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN, &hdev->quirks); 3355 set_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks); 3356 3357 return 0; 3358} 3359 3360static inline int __set_diag_interface(struct hci_dev *hdev) 3361{ 3362 struct btusb_data *data = hci_get_drvdata(hdev); 3363 struct usb_interface *intf = data->diag; 3364 int i; 3365 3366 if (!data->diag) 3367 return -ENODEV; 3368 3369 data->diag_tx_ep = NULL; 3370 data->diag_rx_ep = NULL; 3371 3372 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 3373 struct usb_endpoint_descriptor *ep_desc; 3374 3375 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 3376 3377 if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 3378 data->diag_tx_ep = ep_desc; 3379 continue; 3380 } 3381 3382 if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 3383 data->diag_rx_ep = ep_desc; 3384 continue; 3385 } 3386 } 3387 3388 if (!data->diag_tx_ep || !data->diag_rx_ep) { 3389 bt_dev_err(hdev, "invalid diagnostic descriptors"); 3390 return -ENODEV; 3391 } 3392 3393 return 0; 3394} 3395 3396static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable) 3397{ 3398 struct btusb_data *data = hci_get_drvdata(hdev); 3399 struct sk_buff *skb; 3400 struct urb *urb; 3401 unsigned int pipe; 3402 3403 if (!data->diag_tx_ep) 3404 return ERR_PTR(-ENODEV); 3405 3406 urb = usb_alloc_urb(0, GFP_KERNEL); 3407 if (!urb) 3408 return ERR_PTR(-ENOMEM); 3409 3410 skb = bt_skb_alloc(2, GFP_KERNEL); 3411 if (!skb) { 3412 usb_free_urb(urb); 3413 return ERR_PTR(-ENOMEM); 3414 } 3415 3416 skb_put_u8(skb, 0xf0); 3417 skb_put_u8(skb, enable); 3418 3419 pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress); 3420 3421 usb_fill_bulk_urb(urb, data->udev, pipe, 3422 skb->data, skb->len, btusb_tx_complete, skb); 3423 3424 skb->dev = (void *)hdev; 3425 3426 return urb; 3427} 3428 3429static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable) 3430{ 3431 struct btusb_data *data = hci_get_drvdata(hdev); 3432 struct urb *urb; 3433 3434 if (!data->diag) 3435 return -ENODEV; 3436 3437 if (!test_bit(HCI_RUNNING, &hdev->flags)) 3438 return -ENETDOWN; 3439 3440 urb = alloc_diag_urb(hdev, enable); 3441 if (IS_ERR(urb)) 3442 return PTR_ERR(urb); 3443 3444 return submit_or_queue_tx_urb(hdev, urb); 3445} 3446 3447#ifdef CONFIG_PM 3448static irqreturn_t btusb_oob_wake_handler(int irq, void *priv) 3449{ 3450 struct btusb_data *data = priv; 3451 3452 pm_wakeup_event(&data->udev->dev, 0); 3453 pm_system_wakeup(); 3454 3455 /* Disable only if not already disabled (keep it balanced) */ 3456 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) { 3457 disable_irq_nosync(irq); 3458 disable_irq_wake(irq); 3459 } 3460 return IRQ_HANDLED; 3461} 3462 3463static const struct of_device_id btusb_match_table[] = { 3464 { .compatible = "usb1286,204e" }, 3465 { .compatible = "usbcf3,e300" }, /* QCA6174A */ 3466 { .compatible = "usb4ca,301a" }, /* QCA6174A (Lite-On) */ 3467 { } 3468}; 3469MODULE_DEVICE_TABLE(of, btusb_match_table); 3470 3471/* Use an oob wakeup pin? */ 3472static int btusb_config_oob_wake(struct hci_dev *hdev) 3473{ 3474 struct btusb_data *data = hci_get_drvdata(hdev); 3475 struct device *dev = &data->udev->dev; 3476 int irq, ret; 3477 3478 clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags); 3479 3480 if (!of_match_device(btusb_match_table, dev)) 3481 return 0; 3482 3483 /* Move on if no IRQ specified */ 3484 irq = of_irq_get_byname(dev->of_node, "wakeup"); 3485 if (irq <= 0) { 3486 bt_dev_dbg(hdev, "%s: no OOB Wakeup IRQ in DT", __func__); 3487 return 0; 3488 } 3489 3490 irq_set_status_flags(irq, IRQ_NOAUTOEN); 3491 ret = devm_request_irq(&hdev->dev, irq, btusb_oob_wake_handler, 3492 0, "OOB Wake-on-BT", data); 3493 if (ret) { 3494 bt_dev_err(hdev, "%s: IRQ request failed", __func__); 3495 return ret; 3496 } 3497 3498 ret = device_init_wakeup(dev, true); 3499 if (ret) { 3500 bt_dev_err(hdev, "%s: failed to init_wakeup", __func__); 3501 return ret; 3502 } 3503 3504 data->oob_wake_irq = irq; 3505 bt_dev_info(hdev, "OOB Wake-on-BT configured at IRQ %u", irq); 3506 return 0; 3507} 3508#endif 3509 3510static void btusb_check_needs_reset_resume(struct usb_interface *intf) 3511{ 3512 if (dmi_check_system(btusb_needs_reset_resume_table)) 3513 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME; 3514} 3515 3516static bool btusb_wakeup(struct hci_dev *hdev) 3517{ 3518 struct btusb_data *data = hci_get_drvdata(hdev); 3519 3520 return device_may_wakeup(&data->udev->dev); 3521} 3522 3523static int btusb_shutdown_qca(struct hci_dev *hdev) 3524{ 3525 struct sk_buff *skb; 3526 3527 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 3528 if (IS_ERR(skb)) { 3529 bt_dev_err(hdev, "HCI reset during shutdown failed"); 3530 return PTR_ERR(skb); 3531 } 3532 kfree_skb(skb); 3533 3534 return 0; 3535} 3536 3537static ssize_t force_poll_sync_read(struct file *file, char __user *user_buf, 3538 size_t count, loff_t *ppos) 3539{ 3540 struct btusb_data *data = file->private_data; 3541 char buf[3]; 3542 3543 buf[0] = data->poll_sync ? 'Y' : 'N'; 3544 buf[1] = '\n'; 3545 buf[2] = '\0'; 3546 return simple_read_from_buffer(user_buf, count, ppos, buf, 2); 3547} 3548 3549static ssize_t force_poll_sync_write(struct file *file, 3550 const char __user *user_buf, 3551 size_t count, loff_t *ppos) 3552{ 3553 struct btusb_data *data = file->private_data; 3554 bool enable; 3555 int err; 3556 3557 err = kstrtobool_from_user(user_buf, count, &enable); 3558 if (err) 3559 return err; 3560 3561 /* Only allow changes while the adapter is down */ 3562 if (test_bit(HCI_UP, &data->hdev->flags)) 3563 return -EPERM; 3564 3565 if (data->poll_sync == enable) 3566 return -EALREADY; 3567 3568 data->poll_sync = enable; 3569 3570 return count; 3571} 3572 3573static const struct file_operations force_poll_sync_fops = { 3574 .open = simple_open, 3575 .read = force_poll_sync_read, 3576 .write = force_poll_sync_write, 3577 .llseek = default_llseek, 3578}; 3579 3580static int btusb_probe(struct usb_interface *intf, 3581 const struct usb_device_id *id) 3582{ 3583 struct usb_endpoint_descriptor *ep_desc; 3584 struct gpio_desc *reset_gpio; 3585 struct btusb_data *data; 3586 struct hci_dev *hdev; 3587 unsigned ifnum_base; 3588 int i, err, priv_size; 3589 3590 BT_DBG("intf %p id %p", intf, id); 3591 3592 /* interface numbers are hardcoded in the spec */ 3593 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) { 3594 if (!(id->driver_info & BTUSB_IFNUM_2)) 3595 return -ENODEV; 3596 if (intf->cur_altsetting->desc.bInterfaceNumber != 2) 3597 return -ENODEV; 3598 } 3599 3600 ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber; 3601 3602 if (!id->driver_info) { 3603 const struct usb_device_id *match; 3604 3605 match = usb_match_id(intf, blacklist_table); 3606 if (match) 3607 id = match; 3608 } 3609 3610 if (id->driver_info == BTUSB_IGNORE) 3611 return -ENODEV; 3612 3613 if (id->driver_info & BTUSB_ATH3012) { 3614 struct usb_device *udev = interface_to_usbdev(intf); 3615 3616 /* Old firmware would otherwise let ath3k driver load 3617 * patch and sysconfig files 3618 */ 3619 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001 && 3620 !btusb_qca_need_patch(udev)) 3621 return -ENODEV; 3622 } 3623 3624 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL); 3625 if (!data) 3626 return -ENOMEM; 3627 3628 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 3629 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 3630 3631 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) { 3632 data->intr_ep = ep_desc; 3633 continue; 3634 } 3635 3636 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 3637 data->bulk_tx_ep = ep_desc; 3638 continue; 3639 } 3640 3641 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 3642 data->bulk_rx_ep = ep_desc; 3643 continue; 3644 } 3645 } 3646 3647 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) 3648 return -ENODEV; 3649 3650 if (id->driver_info & BTUSB_AMP) { 3651 data->cmdreq_type = USB_TYPE_CLASS | 0x01; 3652 data->cmdreq = 0x2b; 3653 } else { 3654 data->cmdreq_type = USB_TYPE_CLASS; 3655 data->cmdreq = 0x00; 3656 } 3657 3658 data->udev = interface_to_usbdev(intf); 3659 data->intf = intf; 3660 3661 INIT_WORK(&data->work, btusb_work); 3662 INIT_WORK(&data->waker, btusb_waker); 3663 INIT_DELAYED_WORK(&data->rx_work, btusb_rx_work); 3664 3665 skb_queue_head_init(&data->acl_q); 3666 3667 init_usb_anchor(&data->deferred); 3668 init_usb_anchor(&data->tx_anchor); 3669 spin_lock_init(&data->txlock); 3670 3671 init_usb_anchor(&data->intr_anchor); 3672 init_usb_anchor(&data->bulk_anchor); 3673 init_usb_anchor(&data->isoc_anchor); 3674 init_usb_anchor(&data->diag_anchor); 3675 init_usb_anchor(&data->ctrl_anchor); 3676 spin_lock_init(&data->rxlock); 3677 3678 priv_size = 0; 3679 3680 data->recv_event = hci_recv_frame; 3681 data->recv_bulk = btusb_recv_bulk; 3682 3683 if (id->driver_info & BTUSB_INTEL_COMBINED) { 3684 /* Allocate extra space for Intel device */ 3685 priv_size += sizeof(struct btintel_data); 3686 3687 /* Override the rx handlers */ 3688 data->recv_event = btusb_recv_event_intel; 3689 data->recv_bulk = btusb_recv_bulk_intel; 3690 } 3691 3692 data->recv_acl = hci_recv_frame; 3693 3694 hdev = hci_alloc_dev_priv(priv_size); 3695 if (!hdev) 3696 return -ENOMEM; 3697 3698 hdev->bus = HCI_USB; 3699 hci_set_drvdata(hdev, data); 3700 3701 if (id->driver_info & BTUSB_AMP) 3702 hdev->dev_type = HCI_AMP; 3703 else 3704 hdev->dev_type = HCI_PRIMARY; 3705 3706 data->hdev = hdev; 3707 3708 SET_HCIDEV_DEV(hdev, &intf->dev); 3709 3710 reset_gpio = gpiod_get_optional(&data->udev->dev, "reset", 3711 GPIOD_OUT_LOW); 3712 if (IS_ERR(reset_gpio)) { 3713 err = PTR_ERR(reset_gpio); 3714 goto out_free_dev; 3715 } else if (reset_gpio) { 3716 data->reset_gpio = reset_gpio; 3717 } 3718 3719 hdev->open = btusb_open; 3720 hdev->close = btusb_close; 3721 hdev->flush = btusb_flush; 3722 hdev->send = btusb_send_frame; 3723 hdev->notify = btusb_notify; 3724 hdev->wakeup = btusb_wakeup; 3725 3726#ifdef CONFIG_PM 3727 err = btusb_config_oob_wake(hdev); 3728 if (err) 3729 goto out_free_dev; 3730 3731 /* Marvell devices may need a specific chip configuration */ 3732 if (id->driver_info & BTUSB_MARVELL && data->oob_wake_irq) { 3733 err = marvell_config_oob_wake(hdev); 3734 if (err) 3735 goto out_free_dev; 3736 } 3737#endif 3738 if (id->driver_info & BTUSB_CW6622) 3739 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 3740 3741 if (id->driver_info & BTUSB_BCM2045) 3742 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 3743 3744 if (id->driver_info & BTUSB_BCM92035) 3745 hdev->setup = btusb_setup_bcm92035; 3746 3747 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && 3748 (id->driver_info & BTUSB_BCM_PATCHRAM)) { 3749 hdev->manufacturer = 15; 3750 hdev->setup = btbcm_setup_patchram; 3751 hdev->set_diag = btusb_bcm_set_diag; 3752 hdev->set_bdaddr = btbcm_set_bdaddr; 3753 3754 /* Broadcom LM_DIAG Interface numbers are hardcoded */ 3755 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); 3756 } 3757 3758 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && 3759 (id->driver_info & BTUSB_BCM_APPLE)) { 3760 hdev->manufacturer = 15; 3761 hdev->setup = btbcm_setup_apple; 3762 hdev->set_diag = btusb_bcm_set_diag; 3763 3764 /* Broadcom LM_DIAG Interface numbers are hardcoded */ 3765 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); 3766 } 3767 3768 /* Combined Intel Device setup to support multiple setup routine */ 3769 if (id->driver_info & BTUSB_INTEL_COMBINED) { 3770 err = btintel_configure_setup(hdev); 3771 if (err) 3772 goto out_free_dev; 3773 3774 /* Transport specific configuration */ 3775 hdev->send = btusb_send_frame_intel; 3776 hdev->cmd_timeout = btusb_intel_cmd_timeout; 3777 3778 if (id->driver_info & BTUSB_INTEL_NO_WBS_SUPPORT) 3779 btintel_set_flag(hdev, INTEL_ROM_LEGACY_NO_WBS_SUPPORT); 3780 3781 if (id->driver_info & BTUSB_INTEL_BROKEN_INITIAL_NCMD) 3782 btintel_set_flag(hdev, INTEL_BROKEN_INITIAL_NCMD); 3783 3784 if (id->driver_info & BTUSB_INTEL_BROKEN_SHUTDOWN_LED) 3785 btintel_set_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED); 3786 } 3787 3788 if (id->driver_info & BTUSB_MARVELL) 3789 hdev->set_bdaddr = btusb_set_bdaddr_marvell; 3790 3791 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK) && 3792 (id->driver_info & BTUSB_MEDIATEK)) { 3793 hdev->setup = btusb_mtk_setup; 3794 hdev->shutdown = btusb_mtk_shutdown; 3795 hdev->manufacturer = 70; 3796 hdev->cmd_timeout = btusb_mtk_cmd_timeout; 3797 hdev->set_bdaddr = btmtk_set_bdaddr; 3798 set_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks); 3799 data->recv_acl = btusb_recv_acl_mtk; 3800 } 3801 3802 if (id->driver_info & BTUSB_SWAVE) { 3803 set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks); 3804 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks); 3805 } 3806 3807 if (id->driver_info & BTUSB_INTEL_BOOT) { 3808 hdev->manufacturer = 2; 3809 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 3810 } 3811 3812 if (id->driver_info & BTUSB_ATH3012) { 3813 data->setup_on_usb = btusb_setup_qca; 3814 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 3815 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 3816 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 3817 } 3818 3819 if (id->driver_info & BTUSB_QCA_ROME) { 3820 data->setup_on_usb = btusb_setup_qca; 3821 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 3822 hdev->cmd_timeout = btusb_qca_cmd_timeout; 3823 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 3824 btusb_check_needs_reset_resume(intf); 3825 } 3826 3827 if (id->driver_info & BTUSB_QCA_WCN6855) { 3828 data->setup_on_usb = btusb_setup_qca; 3829 hdev->shutdown = btusb_shutdown_qca; 3830 hdev->set_bdaddr = btusb_set_bdaddr_wcn6855; 3831 hdev->cmd_timeout = btusb_qca_cmd_timeout; 3832 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 3833 hci_set_msft_opcode(hdev, 0xFD70); 3834 } 3835 3836 if (id->driver_info & BTUSB_AMP) { 3837 /* AMP controllers do not support SCO packets */ 3838 data->isoc = NULL; 3839 } else { 3840 /* Interface orders are hardcoded in the specification */ 3841 data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1); 3842 data->isoc_ifnum = ifnum_base + 1; 3843 } 3844 3845 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_RTL) && 3846 (id->driver_info & BTUSB_REALTEK)) { 3847 hdev->setup = btrtl_setup_realtek; 3848 hdev->shutdown = btrtl_shutdown_realtek; 3849 hdev->cmd_timeout = btusb_rtl_cmd_timeout; 3850 3851 /* Realtek devices need to set remote wakeup on auto-suspend */ 3852 set_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags); 3853 set_bit(BTUSB_USE_ALT3_FOR_WBS, &data->flags); 3854 } 3855 3856 if (!reset) 3857 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 3858 3859 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) { 3860 if (!disable_scofix) 3861 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks); 3862 } 3863 3864 if (id->driver_info & BTUSB_BROKEN_ISOC) 3865 data->isoc = NULL; 3866 3867 if (id->driver_info & BTUSB_WIDEBAND_SPEECH) 3868 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); 3869 3870 if (id->driver_info & BTUSB_VALID_LE_STATES) 3871 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); 3872 3873 if (id->driver_info & BTUSB_DIGIANSWER) { 3874 data->cmdreq_type = USB_TYPE_VENDOR; 3875 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 3876 } 3877 3878 if (id->driver_info & BTUSB_CSR) { 3879 struct usb_device *udev = data->udev; 3880 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice); 3881 3882 /* Old firmware would otherwise execute USB reset */ 3883 if (bcdDevice < 0x117) 3884 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 3885 3886 /* This must be set first in case we disable it for fakes */ 3887 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 3888 3889 /* Fake CSR devices with broken commands */ 3890 if (le16_to_cpu(udev->descriptor.idVendor) == 0x0a12 && 3891 le16_to_cpu(udev->descriptor.idProduct) == 0x0001) 3892 hdev->setup = btusb_setup_csr; 3893 } 3894 3895 if (id->driver_info & BTUSB_SNIFFER) { 3896 struct usb_device *udev = data->udev; 3897 3898 /* New sniffer firmware has crippled HCI interface */ 3899 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997) 3900 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 3901 } 3902 3903 if (id->driver_info & BTUSB_INTEL_BOOT) { 3904 /* A bug in the bootloader causes that interrupt interface is 3905 * only enabled after receiving SetInterface(0, AltSetting=0). 3906 */ 3907 err = usb_set_interface(data->udev, 0, 0); 3908 if (err < 0) { 3909 BT_ERR("failed to set interface 0, alt 0 %d", err); 3910 goto out_free_dev; 3911 } 3912 } 3913 3914 if (data->isoc) { 3915 err = usb_driver_claim_interface(&btusb_driver, 3916 data->isoc, data); 3917 if (err < 0) 3918 goto out_free_dev; 3919 } 3920 3921 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && data->diag) { 3922 if (!usb_driver_claim_interface(&btusb_driver, 3923 data->diag, data)) 3924 __set_diag_interface(hdev); 3925 else 3926 data->diag = NULL; 3927 } 3928 3929 if (enable_autosuspend) 3930 usb_enable_autosuspend(data->udev); 3931 3932 err = hci_register_dev(hdev); 3933 if (err < 0) 3934 goto out_free_dev; 3935 3936 usb_set_intfdata(intf, data); 3937 3938 debugfs_create_file("force_poll_sync", 0644, hdev->debugfs, data, 3939 &force_poll_sync_fops); 3940 3941 return 0; 3942 3943out_free_dev: 3944 if (data->reset_gpio) 3945 gpiod_put(data->reset_gpio); 3946 hci_free_dev(hdev); 3947 return err; 3948} 3949 3950static void btusb_disconnect(struct usb_interface *intf) 3951{ 3952 struct btusb_data *data = usb_get_intfdata(intf); 3953 struct hci_dev *hdev; 3954 3955 BT_DBG("intf %p", intf); 3956 3957 if (!data) 3958 return; 3959 3960 hdev = data->hdev; 3961 usb_set_intfdata(data->intf, NULL); 3962 3963 if (data->isoc) 3964 usb_set_intfdata(data->isoc, NULL); 3965 3966 if (data->diag) 3967 usb_set_intfdata(data->diag, NULL); 3968 3969 hci_unregister_dev(hdev); 3970 3971 if (intf == data->intf) { 3972 if (data->isoc) 3973 usb_driver_release_interface(&btusb_driver, data->isoc); 3974 if (data->diag) 3975 usb_driver_release_interface(&btusb_driver, data->diag); 3976 } else if (intf == data->isoc) { 3977 if (data->diag) 3978 usb_driver_release_interface(&btusb_driver, data->diag); 3979 usb_driver_release_interface(&btusb_driver, data->intf); 3980 } else if (intf == data->diag) { 3981 usb_driver_release_interface(&btusb_driver, data->intf); 3982 if (data->isoc) 3983 usb_driver_release_interface(&btusb_driver, data->isoc); 3984 } 3985 3986 if (data->oob_wake_irq) 3987 device_init_wakeup(&data->udev->dev, false); 3988 3989 if (data->reset_gpio) 3990 gpiod_put(data->reset_gpio); 3991 3992 hci_free_dev(hdev); 3993} 3994 3995#ifdef CONFIG_PM 3996static int btusb_suspend(struct usb_interface *intf, pm_message_t message) 3997{ 3998 struct btusb_data *data = usb_get_intfdata(intf); 3999 4000 BT_DBG("intf %p", intf); 4001 4002 if (data->suspend_count++) 4003 return 0; 4004 4005 spin_lock_irq(&data->txlock); 4006 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) { 4007 set_bit(BTUSB_SUSPENDING, &data->flags); 4008 spin_unlock_irq(&data->txlock); 4009 } else { 4010 spin_unlock_irq(&data->txlock); 4011 data->suspend_count--; 4012 return -EBUSY; 4013 } 4014 4015 cancel_work_sync(&data->work); 4016 4017 btusb_stop_traffic(data); 4018 usb_kill_anchored_urbs(&data->tx_anchor); 4019 4020 if (data->oob_wake_irq && device_may_wakeup(&data->udev->dev)) { 4021 set_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags); 4022 enable_irq_wake(data->oob_wake_irq); 4023 enable_irq(data->oob_wake_irq); 4024 } 4025 4026 /* For global suspend, Realtek devices lose the loaded fw 4027 * in them. But for autosuspend, firmware should remain. 4028 * Actually, it depends on whether the usb host sends 4029 * set feature (enable wakeup) or not. 4030 */ 4031 if (test_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags)) { 4032 if (PMSG_IS_AUTO(message) && 4033 device_can_wakeup(&data->udev->dev)) 4034 data->udev->do_remote_wakeup = 1; 4035 else if (!PMSG_IS_AUTO(message) && 4036 !device_may_wakeup(&data->udev->dev)) { 4037 data->udev->do_remote_wakeup = 0; 4038 data->udev->reset_resume = 1; 4039 } 4040 } 4041 4042 return 0; 4043} 4044 4045static void play_deferred(struct btusb_data *data) 4046{ 4047 struct urb *urb; 4048 int err; 4049 4050 while ((urb = usb_get_from_anchor(&data->deferred))) { 4051 usb_anchor_urb(urb, &data->tx_anchor); 4052 4053 err = usb_submit_urb(urb, GFP_ATOMIC); 4054 if (err < 0) { 4055 if (err != -EPERM && err != -ENODEV) 4056 BT_ERR("%s urb %p submission failed (%d)", 4057 data->hdev->name, urb, -err); 4058 kfree(urb->setup_packet); 4059 usb_unanchor_urb(urb); 4060 usb_free_urb(urb); 4061 break; 4062 } 4063 4064 data->tx_in_flight++; 4065 usb_free_urb(urb); 4066 } 4067 4068 /* Cleanup the rest deferred urbs. */ 4069 while ((urb = usb_get_from_anchor(&data->deferred))) { 4070 kfree(urb->setup_packet); 4071 usb_free_urb(urb); 4072 } 4073} 4074 4075static int btusb_resume(struct usb_interface *intf) 4076{ 4077 struct btusb_data *data = usb_get_intfdata(intf); 4078 struct hci_dev *hdev = data->hdev; 4079 int err = 0; 4080 4081 BT_DBG("intf %p", intf); 4082 4083 if (--data->suspend_count) 4084 return 0; 4085 4086 /* Disable only if not already disabled (keep it balanced) */ 4087 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) { 4088 disable_irq(data->oob_wake_irq); 4089 disable_irq_wake(data->oob_wake_irq); 4090 } 4091 4092 if (!test_bit(HCI_RUNNING, &hdev->flags)) 4093 goto done; 4094 4095 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) { 4096 err = btusb_submit_intr_urb(hdev, GFP_NOIO); 4097 if (err < 0) { 4098 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 4099 goto failed; 4100 } 4101 } 4102 4103 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) { 4104 err = btusb_submit_bulk_urb(hdev, GFP_NOIO); 4105 if (err < 0) { 4106 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 4107 goto failed; 4108 } 4109 4110 btusb_submit_bulk_urb(hdev, GFP_NOIO); 4111 } 4112 4113 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 4114 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0) 4115 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 4116 else 4117 btusb_submit_isoc_urb(hdev, GFP_NOIO); 4118 } 4119 4120 spin_lock_irq(&data->txlock); 4121 play_deferred(data); 4122 clear_bit(BTUSB_SUSPENDING, &data->flags); 4123 spin_unlock_irq(&data->txlock); 4124 schedule_work(&data->work); 4125 4126 return 0; 4127 4128failed: 4129 usb_scuttle_anchored_urbs(&data->deferred); 4130done: 4131 spin_lock_irq(&data->txlock); 4132 clear_bit(BTUSB_SUSPENDING, &data->flags); 4133 spin_unlock_irq(&data->txlock); 4134 4135 return err; 4136} 4137#endif 4138 4139static struct usb_driver btusb_driver = { 4140 .name = "btusb", 4141 .probe = btusb_probe, 4142 .disconnect = btusb_disconnect, 4143#ifdef CONFIG_PM 4144 .suspend = btusb_suspend, 4145 .resume = btusb_resume, 4146#endif 4147 .id_table = btusb_table, 4148 .supports_autosuspend = 1, 4149 .disable_hub_initiated_lpm = 1, 4150}; 4151 4152module_usb_driver(btusb_driver); 4153 4154module_param(disable_scofix, bool, 0644); 4155MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size"); 4156 4157module_param(force_scofix, bool, 0644); 4158MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size"); 4159 4160module_param(enable_autosuspend, bool, 0644); 4161MODULE_PARM_DESC(enable_autosuspend, "Enable USB autosuspend by default"); 4162 4163module_param(reset, bool, 0644); 4164MODULE_PARM_DESC(reset, "Send HCI reset command on initialization"); 4165 4166MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 4167MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION); 4168MODULE_VERSION(VERSION); 4169MODULE_LICENSE("GPL");