1 // SPDX-License-Identifier: GPL-2.0-or-later
4 * Generic Bluetooth USB driver
6 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
10 #include <linux/module.h>
11 #include <linux/usb.h>
12 #include <linux/usb/quirks.h>
13 #include <linux/firmware.h>
14 #include <linux/iopoll.h>
15 #include <linux/of_device.h>
16 #include <linux/of_irq.h>
17 #include <linux/suspend.h>
18 #include <linux/gpio/consumer.h>
19 #include <asm/unaligned.h>
21 #include <net/bluetooth/bluetooth.h>
22 #include <net/bluetooth/hci_core.h>
30 static bool disable_scofix;
31 static bool force_scofix;
32 static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND);
34 static bool reset = true;
36 static struct usb_driver btusb_driver;
38 #define BTUSB_IGNORE 0x01
39 #define BTUSB_DIGIANSWER 0x02
40 #define BTUSB_CSR 0x04
41 #define BTUSB_SNIFFER 0x08
42 #define BTUSB_BCM92035 0x10
43 #define BTUSB_BROKEN_ISOC 0x20
44 #define BTUSB_WRONG_SCO_MTU 0x40
45 #define BTUSB_ATH3012 0x80
46 #define BTUSB_INTEL 0x100
47 #define BTUSB_INTEL_BOOT 0x200
48 #define BTUSB_BCM_PATCHRAM 0x400
49 #define BTUSB_MARVELL 0x800
50 #define BTUSB_SWAVE 0x1000
51 #define BTUSB_INTEL_NEW 0x2000
52 #define BTUSB_AMP 0x4000
53 #define BTUSB_QCA_ROME 0x8000
54 #define BTUSB_BCM_APPLE 0x10000
55 #define BTUSB_REALTEK 0x20000
56 #define BTUSB_BCM2045 0x40000
57 #define BTUSB_IFNUM_2 0x80000
58 #define BTUSB_CW6622 0x100000
59 #define BTUSB_MEDIATEK 0x200000
60 #define BTUSB_WIDEBAND_SPEECH 0x400000
61 #define BTUSB_VALID_LE_STATES 0x800000
62 #define BTUSB_QCA_WCN6855 0x1000000
64 static const struct usb_device_id btusb_table[] = {
65 /* Generic Bluetooth USB device */
66 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
68 /* Generic Bluetooth AMP device */
69 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP },
71 /* Generic Bluetooth USB interface */
72 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) },
74 /* Apple-specific (Broadcom) devices */
75 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01),
76 .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 },
78 /* MediaTek MT76x0E */
79 { USB_DEVICE(0x0e8d, 0x763f) },
81 /* Broadcom SoftSailing reporting vendor specific */
82 { USB_DEVICE(0x0a5c, 0x21e1) },
84 /* Apple MacBookPro 7,1 */
85 { USB_DEVICE(0x05ac, 0x8213) },
88 { USB_DEVICE(0x05ac, 0x8215) },
90 /* Apple MacBookPro6,2 */
91 { USB_DEVICE(0x05ac, 0x8218) },
93 /* Apple MacBookAir3,1, MacBookAir3,2 */
94 { USB_DEVICE(0x05ac, 0x821b) },
96 /* Apple MacBookAir4,1 */
97 { USB_DEVICE(0x05ac, 0x821f) },
99 /* Apple MacBookPro8,2 */
100 { USB_DEVICE(0x05ac, 0x821a) },
102 /* Apple MacMini5,1 */
103 { USB_DEVICE(0x05ac, 0x8281) },
105 /* AVM BlueFRITZ! USB v2.0 */
106 { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE },
108 /* Bluetooth Ultraport Module from IBM */
109 { USB_DEVICE(0x04bf, 0x030a) },
111 /* ALPS Modules with non-standard id */
112 { USB_DEVICE(0x044e, 0x3001) },
113 { USB_DEVICE(0x044e, 0x3002) },
115 /* Ericsson with non-standard id */
116 { USB_DEVICE(0x0bdb, 0x1002) },
118 /* Canyon CN-BTU1 with HID interfaces */
119 { USB_DEVICE(0x0c10, 0x0000) },
121 /* Broadcom BCM20702A0 */
122 { USB_DEVICE(0x413c, 0x8197) },
124 /* Broadcom BCM20702B0 (Dynex/Insignia) */
125 { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM },
127 /* Broadcom BCM43142A0 (Foxconn/Lenovo) */
128 { USB_VENDOR_AND_INTERFACE_INFO(0x105b, 0xff, 0x01, 0x01),
129 .driver_info = BTUSB_BCM_PATCHRAM },
131 /* Broadcom BCM920703 (HTC Vive) */
132 { USB_VENDOR_AND_INTERFACE_INFO(0x0bb4, 0xff, 0x01, 0x01),
133 .driver_info = BTUSB_BCM_PATCHRAM },
135 /* Foxconn - Hon Hai */
136 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01),
137 .driver_info = BTUSB_BCM_PATCHRAM },
139 /* Lite-On Technology - Broadcom based */
140 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01),
141 .driver_info = BTUSB_BCM_PATCHRAM },
143 /* Broadcom devices with vendor specific id */
144 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
145 .driver_info = BTUSB_BCM_PATCHRAM },
147 /* ASUSTek Computer - Broadcom based */
148 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01),
149 .driver_info = BTUSB_BCM_PATCHRAM },
151 /* Belkin F8065bf - Broadcom based */
152 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01),
153 .driver_info = BTUSB_BCM_PATCHRAM },
155 /* IMC Networks - Broadcom based */
156 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01),
157 .driver_info = BTUSB_BCM_PATCHRAM },
159 /* Dell Computer - Broadcom based */
160 { USB_VENDOR_AND_INTERFACE_INFO(0x413c, 0xff, 0x01, 0x01),
161 .driver_info = BTUSB_BCM_PATCHRAM },
163 /* Toshiba Corp - Broadcom based */
164 { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01),
165 .driver_info = BTUSB_BCM_PATCHRAM },
167 /* Intel Bluetooth USB Bootloader (RAM module) */
168 { USB_DEVICE(0x8087, 0x0a5a),
169 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC },
171 { } /* Terminating entry */
174 MODULE_DEVICE_TABLE(usb, btusb_table);
176 static const struct usb_device_id blacklist_table[] = {
177 /* CSR BlueCore devices */
178 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
180 /* Broadcom BCM2033 without firmware */
181 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
183 /* Broadcom BCM2045 devices */
184 { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 },
186 /* Atheros 3011 with sflash firmware */
187 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
188 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
189 { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE },
190 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
191 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
192 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
193 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
195 /* Atheros AR9285 Malbec with sflash firmware */
196 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
198 /* Atheros 3012 with sflash firmware */
199 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
200 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
201 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
202 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
203 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
204 { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
205 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
206 { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 },
207 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
208 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
209 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
210 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
211 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
212 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
213 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
214 { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 },
215 { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 },
216 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 },
217 { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 },
218 { USB_DEVICE(0x04ca, 0x3018), .driver_info = BTUSB_ATH3012 },
219 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
220 { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 },
221 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
222 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 },
223 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
224 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
225 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
226 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
227 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
228 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
229 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
230 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
231 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
232 { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 },
233 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
234 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
235 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
236 { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 },
237 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
238 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
239 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
240 { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 },
241 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
242 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
243 { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
244 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
245 { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 },
246 { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
247 { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 },
248 { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 },
250 /* Atheros AR5BBU12 with sflash firmware */
251 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
253 /* Atheros AR5BBU12 with sflash firmware */
254 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
255 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
257 /* QCA ROME chipset */
258 { USB_DEVICE(0x0cf3, 0x535b), .driver_info = BTUSB_QCA_ROME |
259 BTUSB_WIDEBAND_SPEECH },
260 { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME |
261 BTUSB_WIDEBAND_SPEECH },
262 { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME |
263 BTUSB_WIDEBAND_SPEECH },
264 { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME |
265 BTUSB_WIDEBAND_SPEECH },
266 { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME |
267 BTUSB_WIDEBAND_SPEECH },
268 { USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME |
269 BTUSB_WIDEBAND_SPEECH },
270 { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME |
271 BTUSB_WIDEBAND_SPEECH },
272 { USB_DEVICE(0x0cf3, 0xe500), .driver_info = BTUSB_QCA_ROME |
273 BTUSB_WIDEBAND_SPEECH },
274 { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME |
275 BTUSB_WIDEBAND_SPEECH },
276 { USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME |
277 BTUSB_WIDEBAND_SPEECH },
278 { USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME |
279 BTUSB_WIDEBAND_SPEECH },
280 { USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME |
281 BTUSB_WIDEBAND_SPEECH },
282 { USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME |
283 BTUSB_WIDEBAND_SPEECH },
284 { USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME |
285 BTUSB_WIDEBAND_SPEECH },
286 { USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME |
287 BTUSB_WIDEBAND_SPEECH },
288 { USB_DEVICE(0x04ca, 0x3021), .driver_info = BTUSB_QCA_ROME |
289 BTUSB_WIDEBAND_SPEECH },
290 { USB_DEVICE(0x13d3, 0x3491), .driver_info = BTUSB_QCA_ROME |
291 BTUSB_WIDEBAND_SPEECH },
292 { USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME |
293 BTUSB_WIDEBAND_SPEECH },
294 { USB_DEVICE(0x13d3, 0x3501), .driver_info = BTUSB_QCA_ROME |
295 BTUSB_WIDEBAND_SPEECH },
297 /* QCA WCN6855 chipset */
298 { USB_DEVICE(0x0cf3, 0xe600), .driver_info = BTUSB_QCA_WCN6855 |
299 BTUSB_WIDEBAND_SPEECH },
301 /* Broadcom BCM2035 */
302 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
303 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
304 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
306 /* Broadcom BCM2045 */
307 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
308 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
310 /* IBM/Lenovo ThinkPad with Broadcom chip */
311 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
312 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
314 /* HP laptop with Broadcom chip */
315 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
317 /* Dell laptop with Broadcom chip */
318 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
320 /* Dell Wireless 370 and 410 devices */
321 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
322 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
324 /* Belkin F8T012 and F8T013 devices */
325 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
326 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
328 /* Asus WL-BTD202 device */
329 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
331 /* Kensington Bluetooth USB adapter */
332 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
334 /* RTX Telecom based adapters with buggy SCO support */
335 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
336 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
338 /* CONWISE Technology based adapters with buggy SCO support */
339 { USB_DEVICE(0x0e5e, 0x6622),
340 .driver_info = BTUSB_BROKEN_ISOC | BTUSB_CW6622},
342 /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */
343 { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE },
345 /* Digianswer devices */
346 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
347 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
349 /* CSR BlueCore Bluetooth Sniffer */
350 { USB_DEVICE(0x0a12, 0x0002),
351 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
353 /* Frontline ComProbe Bluetooth Sniffer */
354 { USB_DEVICE(0x16d3, 0x0002),
355 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
357 /* Marvell Bluetooth devices */
358 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL },
359 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL },
360 { USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL },
362 /* Intel Bluetooth devices */
363 { USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_NEW |
364 BTUSB_WIDEBAND_SPEECH |
365 BTUSB_VALID_LE_STATES },
366 { USB_DEVICE(0x8087, 0x0026), .driver_info = BTUSB_INTEL_NEW |
367 BTUSB_WIDEBAND_SPEECH },
368 { USB_DEVICE(0x8087, 0x0029), .driver_info = BTUSB_INTEL_NEW |
369 BTUSB_WIDEBAND_SPEECH },
370 { USB_DEVICE(0x8087, 0x0032), .driver_info = BTUSB_INTEL_NEW |
371 BTUSB_WIDEBAND_SPEECH},
372 { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR },
373 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL },
374 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL },
375 { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_NEW |
376 BTUSB_WIDEBAND_SPEECH },
377 { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL |
378 BTUSB_WIDEBAND_SPEECH },
379 { USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_NEW |
380 BTUSB_WIDEBAND_SPEECH |
381 BTUSB_VALID_LE_STATES },
382 { USB_DEVICE(0x10ab, 0x9309), .driver_info = BTUSB_QCA_WCN6855 |
383 BTUSB_WIDEBAND_SPEECH |
384 BTUSB_VALID_LE_STATES },
385 { USB_DEVICE(0x10ab, 0x9409), .driver_info = BTUSB_QCA_WCN6855 |
386 BTUSB_WIDEBAND_SPEECH |
387 BTUSB_VALID_LE_STATES },
388 { USB_DEVICE(0x0489, 0xe0d0), .driver_info = BTUSB_QCA_WCN6855 |
389 BTUSB_WIDEBAND_SPEECH |
390 BTUSB_VALID_LE_STATES },
392 /* Other Intel Bluetooth devices */
393 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01),
394 .driver_info = BTUSB_IGNORE },
396 /* Realtek 8821CE Bluetooth devices */
397 { USB_DEVICE(0x13d3, 0x3529), .driver_info = BTUSB_REALTEK |
398 BTUSB_WIDEBAND_SPEECH },
400 /* Realtek 8822CE Bluetooth devices */
401 { USB_DEVICE(0x0bda, 0xb00c), .driver_info = BTUSB_REALTEK |
402 BTUSB_WIDEBAND_SPEECH },
403 { USB_DEVICE(0x0bda, 0xc822), .driver_info = BTUSB_REALTEK |
404 BTUSB_WIDEBAND_SPEECH },
406 /* Realtek 8852CE Bluetooth devices */
407 { USB_DEVICE(0x04ca, 0x4007), .driver_info = BTUSB_REALTEK |
408 BTUSB_WIDEBAND_SPEECH },
409 { USB_DEVICE(0x04c5, 0x1675), .driver_info = BTUSB_REALTEK |
410 BTUSB_WIDEBAND_SPEECH },
411 { USB_DEVICE(0x0cb8, 0xc558), .driver_info = BTUSB_REALTEK |
412 BTUSB_WIDEBAND_SPEECH },
413 { USB_DEVICE(0x13d3, 0x3587), .driver_info = BTUSB_REALTEK |
414 BTUSB_WIDEBAND_SPEECH },
415 { USB_DEVICE(0x13d3, 0x3586), .driver_info = BTUSB_REALTEK |
416 BTUSB_WIDEBAND_SPEECH },
418 /* Realtek 8852BE Bluetooth devices */
419 { USB_DEVICE(0x0cb8, 0xc559), .driver_info = BTUSB_REALTEK |
420 BTUSB_WIDEBAND_SPEECH },
421 { USB_DEVICE(0x0bda, 0x887b), .driver_info = BTUSB_REALTEK |
422 BTUSB_WIDEBAND_SPEECH },
423 { USB_DEVICE(0x0bda, 0xb85b), .driver_info = BTUSB_REALTEK |
424 BTUSB_WIDEBAND_SPEECH },
425 { USB_DEVICE(0x13d3, 0x3570), .driver_info = BTUSB_REALTEK |
426 BTUSB_WIDEBAND_SPEECH },
427 { USB_DEVICE(0x13d3, 0x3571), .driver_info = BTUSB_REALTEK |
428 BTUSB_WIDEBAND_SPEECH },
430 /* Realtek Bluetooth devices */
431 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01),
432 .driver_info = BTUSB_REALTEK },
434 /* MediaTek Bluetooth devices */
435 { USB_VENDOR_AND_INTERFACE_INFO(0x0e8d, 0xe0, 0x01, 0x01),
436 .driver_info = BTUSB_MEDIATEK |
437 BTUSB_WIDEBAND_SPEECH |
438 BTUSB_VALID_LE_STATES },
440 /* MediaTek MT7922A Bluetooth devices */
441 { USB_DEVICE(0x0489, 0xe0d8), .driver_info = BTUSB_MEDIATEK |
442 BTUSB_WIDEBAND_SPEECH |
443 BTUSB_VALID_LE_STATES },
444 { USB_DEVICE(0x0489, 0xe0d9), .driver_info = BTUSB_MEDIATEK |
445 BTUSB_WIDEBAND_SPEECH |
446 BTUSB_VALID_LE_STATES },
447 { USB_DEVICE(0x0489, 0xe0f5), .driver_info = BTUSB_MEDIATEK |
448 BTUSB_WIDEBAND_SPEECH |
449 BTUSB_VALID_LE_STATES },
450 { USB_DEVICE(0x13d3, 0x3568), .driver_info = BTUSB_MEDIATEK |
451 BTUSB_WIDEBAND_SPEECH |
452 BTUSB_VALID_LE_STATES },
454 /* Additional Realtek 8723AE Bluetooth devices */
455 { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK },
456 { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK },
458 /* Additional Realtek 8723BE Bluetooth devices */
459 { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK },
460 { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK },
461 { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK },
462 { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK },
463 { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK },
464 { USB_DEVICE(0x13d3, 0x3494), .driver_info = BTUSB_REALTEK },
466 /* Additional Realtek 8723BU Bluetooth devices */
467 { USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK },
469 /* Additional Realtek 8723DE Bluetooth devices */
470 { USB_DEVICE(0x0bda, 0xb009), .driver_info = BTUSB_REALTEK },
471 { USB_DEVICE(0x2ff8, 0xb011), .driver_info = BTUSB_REALTEK },
473 /* Additional Realtek 8821AE Bluetooth devices */
474 { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK },
475 { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK },
476 { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK },
477 { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK },
478 { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK },
480 /* Additional Realtek 8822BE Bluetooth devices */
481 { USB_DEVICE(0x13d3, 0x3526), .driver_info = BTUSB_REALTEK },
482 { USB_DEVICE(0x0b05, 0x185c), .driver_info = BTUSB_REALTEK },
484 /* Additional Realtek 8822CE Bluetooth devices */
485 { USB_DEVICE(0x04ca, 0x4005), .driver_info = BTUSB_REALTEK },
486 { USB_DEVICE(0x13d3, 0x3548), .driver_info = BTUSB_REALTEK },
488 /* Silicon Wave based devices */
489 { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE },
491 { } /* Terminating entry */
494 /* The Bluetooth USB module build into some devices needs to be reset on resume,
495 * this is a problem with the platform (likely shutting off all power) not with
496 * the module itself. So we use a DMI list to match known broken platforms.
498 static const struct dmi_system_id btusb_needs_reset_resume_table[] = {
500 /* Dell OptiPlex 3060 (QCA ROME device 0cf3:e007) */
502 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
503 DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 3060"),
507 /* Dell XPS 9360 (QCA ROME device 0cf3:e300) */
509 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
510 DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9360"),
514 /* Dell Inspiron 5565 (QCA ROME device 0cf3:e009) */
516 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
517 DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5565"),
523 #define BTUSB_MAX_ISOC_FRAMES 10
525 #define BTUSB_INTR_RUNNING 0
526 #define BTUSB_BULK_RUNNING 1
527 #define BTUSB_ISOC_RUNNING 2
528 #define BTUSB_SUSPENDING 3
529 #define BTUSB_DID_ISO_RESUME 4
530 #define BTUSB_BOOTLOADER 5
531 #define BTUSB_DOWNLOADING 6
532 #define BTUSB_FIRMWARE_LOADED 7
533 #define BTUSB_FIRMWARE_FAILED 8
534 #define BTUSB_BOOTING 9
535 #define BTUSB_DIAG_RUNNING 10
536 #define BTUSB_OOB_WAKE_ENABLED 11
537 #define BTUSB_HW_RESET_ACTIVE 12
538 #define BTUSB_TX_WAIT_VND_EVT 13
539 #define BTUSB_WAKEUP_DISABLE 14
540 #define BTUSB_USE_ALT3_FOR_WBS 15
543 struct hci_dev *hdev;
544 struct usb_device *udev;
545 struct usb_interface *intf;
546 struct usb_interface *isoc;
547 struct usb_interface *diag;
552 struct work_struct work;
553 struct work_struct waker;
555 struct usb_anchor deferred;
556 struct usb_anchor tx_anchor;
560 struct usb_anchor intr_anchor;
561 struct usb_anchor bulk_anchor;
562 struct usb_anchor isoc_anchor;
563 struct usb_anchor diag_anchor;
564 struct usb_anchor ctrl_anchor;
567 struct sk_buff *evt_skb;
568 struct sk_buff *acl_skb;
569 struct sk_buff *sco_skb;
571 struct usb_endpoint_descriptor *intr_ep;
572 struct usb_endpoint_descriptor *bulk_tx_ep;
573 struct usb_endpoint_descriptor *bulk_rx_ep;
574 struct usb_endpoint_descriptor *isoc_tx_ep;
575 struct usb_endpoint_descriptor *isoc_rx_ep;
576 struct usb_endpoint_descriptor *diag_tx_ep;
577 struct usb_endpoint_descriptor *diag_rx_ep;
579 struct gpio_desc *reset_gpio;
584 unsigned int sco_num;
585 unsigned int air_mode;
586 bool usb_alt6_packet_flow;
590 int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb);
591 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count);
593 int (*setup_on_usb)(struct hci_dev *hdev);
595 int oob_wake_irq; /* irq for out-of-band wake-on-bt */
596 unsigned cmd_timeout_cnt;
599 static void btusb_intel_cmd_timeout(struct hci_dev *hdev)
601 struct btusb_data *data = hci_get_drvdata(hdev);
602 struct gpio_desc *reset_gpio = data->reset_gpio;
604 if (++data->cmd_timeout_cnt < 5)
608 bt_dev_err(hdev, "No way to reset. Ignoring and continuing");
613 * Toggle the hard reset line if the platform provides one. The reset
614 * is going to yank the device off the USB and then replug. So doing
615 * once is enough. The cleanup is handled correctly on the way out
616 * (standard USB disconnect), and the new device is detected cleanly
617 * and bound to the driver again like it should be.
619 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) {
620 bt_dev_err(hdev, "last reset failed? Not resetting again");
624 bt_dev_err(hdev, "Initiating HW reset via gpio");
625 gpiod_set_value_cansleep(reset_gpio, 1);
627 gpiod_set_value_cansleep(reset_gpio, 0);
630 static void btusb_rtl_cmd_timeout(struct hci_dev *hdev)
632 struct btusb_data *data = hci_get_drvdata(hdev);
633 struct gpio_desc *reset_gpio = data->reset_gpio;
635 if (++data->cmd_timeout_cnt < 5)
639 bt_dev_err(hdev, "No gpio to reset Realtek device, ignoring");
643 /* Toggle the hard reset line. The Realtek device is going to
644 * yank itself off the USB and then replug. The cleanup is handled
645 * correctly on the way out (standard USB disconnect), and the new
646 * device is detected cleanly and bound to the driver again like
649 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) {
650 bt_dev_err(hdev, "last reset failed? Not resetting again");
654 bt_dev_err(hdev, "Reset Realtek device via gpio");
655 gpiod_set_value_cansleep(reset_gpio, 1);
657 gpiod_set_value_cansleep(reset_gpio, 0);
660 static void btusb_qca_cmd_timeout(struct hci_dev *hdev)
662 struct btusb_data *data = hci_get_drvdata(hdev);
665 if (++data->cmd_timeout_cnt < 5)
668 bt_dev_err(hdev, "Multiple cmd timeouts seen. Resetting usb device.");
669 /* This is not an unbalanced PM reference since the device will reset */
670 err = usb_autopm_get_interface(data->intf);
672 usb_queue_reset_device(data->intf);
674 bt_dev_err(hdev, "Failed usb_autopm_get_interface with %d", err);
677 static inline void btusb_free_frags(struct btusb_data *data)
681 spin_lock_irqsave(&data->rxlock, flags);
683 dev_kfree_skb_irq(data->evt_skb);
684 data->evt_skb = NULL;
686 dev_kfree_skb_irq(data->acl_skb);
687 data->acl_skb = NULL;
689 dev_kfree_skb_irq(data->sco_skb);
690 data->sco_skb = NULL;
692 spin_unlock_irqrestore(&data->rxlock, flags);
695 static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count)
701 spin_lock_irqsave(&data->rxlock, flags);
708 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC);
714 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
715 hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE;
718 len = min_t(uint, hci_skb_expect(skb), count);
719 skb_put_data(skb, buffer, len);
723 hci_skb_expect(skb) -= len;
725 if (skb->len == HCI_EVENT_HDR_SIZE) {
726 /* Complete event header */
727 hci_skb_expect(skb) = hci_event_hdr(skb)->plen;
729 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
738 if (!hci_skb_expect(skb)) {
740 data->recv_event(data->hdev, skb);
746 spin_unlock_irqrestore(&data->rxlock, flags);
751 static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count)
757 spin_lock_irqsave(&data->rxlock, flags);
764 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC);
770 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
771 hci_skb_expect(skb) = HCI_ACL_HDR_SIZE;
774 len = min_t(uint, hci_skb_expect(skb), count);
775 skb_put_data(skb, buffer, len);
779 hci_skb_expect(skb) -= len;
781 if (skb->len == HCI_ACL_HDR_SIZE) {
782 __le16 dlen = hci_acl_hdr(skb)->dlen;
784 /* Complete ACL header */
785 hci_skb_expect(skb) = __le16_to_cpu(dlen);
787 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
796 if (!hci_skb_expect(skb)) {
798 hci_recv_frame(data->hdev, skb);
804 spin_unlock_irqrestore(&data->rxlock, flags);
809 static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count)
815 spin_lock_irqsave(&data->rxlock, flags);
822 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC);
828 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
829 hci_skb_expect(skb) = HCI_SCO_HDR_SIZE;
832 len = min_t(uint, hci_skb_expect(skb), count);
833 skb_put_data(skb, buffer, len);
837 hci_skb_expect(skb) -= len;
839 if (skb->len == HCI_SCO_HDR_SIZE) {
840 /* Complete SCO header */
841 hci_skb_expect(skb) = hci_sco_hdr(skb)->dlen;
843 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
852 if (!hci_skb_expect(skb)) {
854 hci_recv_frame(data->hdev, skb);
860 spin_unlock_irqrestore(&data->rxlock, flags);
865 static void btusb_intr_complete(struct urb *urb)
867 struct hci_dev *hdev = urb->context;
868 struct btusb_data *data = hci_get_drvdata(hdev);
871 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
874 if (!test_bit(HCI_RUNNING, &hdev->flags))
877 if (urb->status == 0) {
878 hdev->stat.byte_rx += urb->actual_length;
880 if (btusb_recv_intr(data, urb->transfer_buffer,
881 urb->actual_length) < 0) {
882 bt_dev_err(hdev, "corrupted event packet");
885 } else if (urb->status == -ENOENT) {
886 /* Avoid suspend failed when usb_kill_urb */
890 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
893 usb_mark_last_busy(data->udev);
894 usb_anchor_urb(urb, &data->intr_anchor);
896 err = usb_submit_urb(urb, GFP_ATOMIC);
898 /* -EPERM: urb is being killed;
899 * -ENODEV: device got disconnected
901 if (err != -EPERM && err != -ENODEV)
902 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
904 usb_unanchor_urb(urb);
908 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
910 struct btusb_data *data = hci_get_drvdata(hdev);
916 BT_DBG("%s", hdev->name);
921 urb = usb_alloc_urb(0, mem_flags);
925 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
927 buf = kmalloc(size, mem_flags);
933 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
935 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
936 btusb_intr_complete, hdev, data->intr_ep->bInterval);
938 urb->transfer_flags |= URB_FREE_BUFFER;
940 usb_anchor_urb(urb, &data->intr_anchor);
942 err = usb_submit_urb(urb, mem_flags);
944 if (err != -EPERM && err != -ENODEV)
945 bt_dev_err(hdev, "urb %p submission failed (%d)",
947 usb_unanchor_urb(urb);
955 static void btusb_bulk_complete(struct urb *urb)
957 struct hci_dev *hdev = urb->context;
958 struct btusb_data *data = hci_get_drvdata(hdev);
961 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
964 if (!test_bit(HCI_RUNNING, &hdev->flags))
967 if (urb->status == 0) {
968 hdev->stat.byte_rx += urb->actual_length;
970 if (data->recv_bulk(data, urb->transfer_buffer,
971 urb->actual_length) < 0) {
972 bt_dev_err(hdev, "corrupted ACL packet");
975 } else if (urb->status == -ENOENT) {
976 /* Avoid suspend failed when usb_kill_urb */
980 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
983 usb_anchor_urb(urb, &data->bulk_anchor);
984 usb_mark_last_busy(data->udev);
986 err = usb_submit_urb(urb, GFP_ATOMIC);
988 /* -EPERM: urb is being killed;
989 * -ENODEV: device got disconnected
991 if (err != -EPERM && err != -ENODEV)
992 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
994 usb_unanchor_urb(urb);
998 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
1000 struct btusb_data *data = hci_get_drvdata(hdev);
1004 int err, size = HCI_MAX_FRAME_SIZE;
1006 BT_DBG("%s", hdev->name);
1008 if (!data->bulk_rx_ep)
1011 urb = usb_alloc_urb(0, mem_flags);
1015 buf = kmalloc(size, mem_flags);
1021 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
1023 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
1024 btusb_bulk_complete, hdev);
1026 urb->transfer_flags |= URB_FREE_BUFFER;
1028 usb_mark_last_busy(data->udev);
1029 usb_anchor_urb(urb, &data->bulk_anchor);
1031 err = usb_submit_urb(urb, mem_flags);
1033 if (err != -EPERM && err != -ENODEV)
1034 bt_dev_err(hdev, "urb %p submission failed (%d)",
1036 usb_unanchor_urb(urb);
1044 static void btusb_isoc_complete(struct urb *urb)
1046 struct hci_dev *hdev = urb->context;
1047 struct btusb_data *data = hci_get_drvdata(hdev);
1050 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1051 urb->actual_length);
1053 if (!test_bit(HCI_RUNNING, &hdev->flags))
1056 if (urb->status == 0) {
1057 for (i = 0; i < urb->number_of_packets; i++) {
1058 unsigned int offset = urb->iso_frame_desc[i].offset;
1059 unsigned int length = urb->iso_frame_desc[i].actual_length;
1061 if (urb->iso_frame_desc[i].status)
1064 hdev->stat.byte_rx += length;
1066 if (btusb_recv_isoc(data, urb->transfer_buffer + offset,
1068 bt_dev_err(hdev, "corrupted SCO packet");
1069 hdev->stat.err_rx++;
1072 } else if (urb->status == -ENOENT) {
1073 /* Avoid suspend failed when usb_kill_urb */
1077 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
1080 usb_anchor_urb(urb, &data->isoc_anchor);
1082 err = usb_submit_urb(urb, GFP_ATOMIC);
1084 /* -EPERM: urb is being killed;
1085 * -ENODEV: device got disconnected
1087 if (err != -EPERM && err != -ENODEV)
1088 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1090 usb_unanchor_urb(urb);
1094 static inline void __fill_isoc_descriptor_msbc(struct urb *urb, int len,
1095 int mtu, struct btusb_data *data)
1098 unsigned int interval;
1100 BT_DBG("len %d mtu %d", len, mtu);
1102 /* For mSBC ALT 6 setting the host will send the packet at continuous
1103 * flow. As per core spec 5, vol 4, part B, table 2.1. For ALT setting
1104 * 6 the HCI PACKET INTERVAL should be 7.5ms for every usb packets.
1105 * To maintain the rate we send 63bytes of usb packets alternatively for
1106 * 7ms and 8ms to maintain the rate as 7.5ms.
1108 if (data->usb_alt6_packet_flow) {
1110 data->usb_alt6_packet_flow = false;
1113 data->usb_alt6_packet_flow = true;
1116 for (i = 0; i < interval; i++) {
1117 urb->iso_frame_desc[i].offset = offset;
1118 urb->iso_frame_desc[i].length = offset;
1121 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
1122 urb->iso_frame_desc[i].offset = offset;
1123 urb->iso_frame_desc[i].length = len;
1127 urb->number_of_packets = i;
1130 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
1134 BT_DBG("len %d mtu %d", len, mtu);
1136 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
1137 i++, offset += mtu, len -= mtu) {
1138 urb->iso_frame_desc[i].offset = offset;
1139 urb->iso_frame_desc[i].length = mtu;
1142 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
1143 urb->iso_frame_desc[i].offset = offset;
1144 urb->iso_frame_desc[i].length = len;
1148 urb->number_of_packets = i;
1151 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
1153 struct btusb_data *data = hci_get_drvdata(hdev);
1159 BT_DBG("%s", hdev->name);
1161 if (!data->isoc_rx_ep)
1164 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
1168 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
1169 BTUSB_MAX_ISOC_FRAMES;
1171 buf = kmalloc(size, mem_flags);
1177 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
1179 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
1180 hdev, data->isoc_rx_ep->bInterval);
1182 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
1184 __fill_isoc_descriptor(urb, size,
1185 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
1187 usb_anchor_urb(urb, &data->isoc_anchor);
1189 err = usb_submit_urb(urb, mem_flags);
1191 if (err != -EPERM && err != -ENODEV)
1192 bt_dev_err(hdev, "urb %p submission failed (%d)",
1194 usb_unanchor_urb(urb);
1202 static void btusb_diag_complete(struct urb *urb)
1204 struct hci_dev *hdev = urb->context;
1205 struct btusb_data *data = hci_get_drvdata(hdev);
1208 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1209 urb->actual_length);
1211 if (urb->status == 0) {
1212 struct sk_buff *skb;
1214 skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC);
1216 skb_put_data(skb, urb->transfer_buffer,
1217 urb->actual_length);
1218 hci_recv_diag(hdev, skb);
1220 } else if (urb->status == -ENOENT) {
1221 /* Avoid suspend failed when usb_kill_urb */
1225 if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags))
1228 usb_anchor_urb(urb, &data->diag_anchor);
1229 usb_mark_last_busy(data->udev);
1231 err = usb_submit_urb(urb, GFP_ATOMIC);
1233 /* -EPERM: urb is being killed;
1234 * -ENODEV: device got disconnected
1236 if (err != -EPERM && err != -ENODEV)
1237 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1239 usb_unanchor_urb(urb);
1243 static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags)
1245 struct btusb_data *data = hci_get_drvdata(hdev);
1249 int err, size = HCI_MAX_FRAME_SIZE;
1251 BT_DBG("%s", hdev->name);
1253 if (!data->diag_rx_ep)
1256 urb = usb_alloc_urb(0, mem_flags);
1260 buf = kmalloc(size, mem_flags);
1266 pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress);
1268 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
1269 btusb_diag_complete, hdev);
1271 urb->transfer_flags |= URB_FREE_BUFFER;
1273 usb_mark_last_busy(data->udev);
1274 usb_anchor_urb(urb, &data->diag_anchor);
1276 err = usb_submit_urb(urb, mem_flags);
1278 if (err != -EPERM && err != -ENODEV)
1279 bt_dev_err(hdev, "urb %p submission failed (%d)",
1281 usb_unanchor_urb(urb);
1289 static void btusb_tx_complete(struct urb *urb)
1291 struct sk_buff *skb = urb->context;
1292 struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1293 struct btusb_data *data = hci_get_drvdata(hdev);
1294 unsigned long flags;
1296 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1297 urb->actual_length);
1299 if (!test_bit(HCI_RUNNING, &hdev->flags))
1303 hdev->stat.byte_tx += urb->transfer_buffer_length;
1305 hdev->stat.err_tx++;
1308 spin_lock_irqsave(&data->txlock, flags);
1309 data->tx_in_flight--;
1310 spin_unlock_irqrestore(&data->txlock, flags);
1312 kfree(urb->setup_packet);
1317 static void btusb_isoc_tx_complete(struct urb *urb)
1319 struct sk_buff *skb = urb->context;
1320 struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1322 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1323 urb->actual_length);
1325 if (!test_bit(HCI_RUNNING, &hdev->flags))
1329 hdev->stat.byte_tx += urb->transfer_buffer_length;
1331 hdev->stat.err_tx++;
1334 kfree(urb->setup_packet);
1339 static int btusb_open(struct hci_dev *hdev)
1341 struct btusb_data *data = hci_get_drvdata(hdev);
1344 BT_DBG("%s", hdev->name);
1346 err = usb_autopm_get_interface(data->intf);
1350 /* Patching USB firmware files prior to starting any URBs of HCI path
1351 * It is more safe to use USB bulk channel for downloading USB patch
1353 if (data->setup_on_usb) {
1354 err = data->setup_on_usb(hdev);
1359 data->intf->needs_remote_wakeup = 1;
1361 /* Disable device remote wakeup when host is suspended
1362 * For Realtek chips, global suspend without
1363 * SET_FEATURE (DEVICE_REMOTE_WAKEUP) can save more power in device.
1365 if (test_bit(BTUSB_WAKEUP_DISABLE, &data->flags))
1366 device_wakeup_disable(&data->udev->dev);
1368 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
1371 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
1375 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1377 usb_kill_anchored_urbs(&data->intr_anchor);
1381 set_bit(BTUSB_BULK_RUNNING, &data->flags);
1382 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1385 if (!btusb_submit_diag_urb(hdev, GFP_KERNEL))
1386 set_bit(BTUSB_DIAG_RUNNING, &data->flags);
1390 usb_autopm_put_interface(data->intf);
1394 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1396 usb_autopm_put_interface(data->intf);
1400 static void btusb_stop_traffic(struct btusb_data *data)
1402 usb_kill_anchored_urbs(&data->intr_anchor);
1403 usb_kill_anchored_urbs(&data->bulk_anchor);
1404 usb_kill_anchored_urbs(&data->isoc_anchor);
1405 usb_kill_anchored_urbs(&data->diag_anchor);
1406 usb_kill_anchored_urbs(&data->ctrl_anchor);
1409 static int btusb_close(struct hci_dev *hdev)
1411 struct btusb_data *data = hci_get_drvdata(hdev);
1414 BT_DBG("%s", hdev->name);
1416 cancel_work_sync(&data->work);
1417 cancel_work_sync(&data->waker);
1419 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1420 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1421 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1422 clear_bit(BTUSB_DIAG_RUNNING, &data->flags);
1424 btusb_stop_traffic(data);
1425 btusb_free_frags(data);
1427 err = usb_autopm_get_interface(data->intf);
1431 data->intf->needs_remote_wakeup = 0;
1433 /* Enable remote wake up for auto-suspend */
1434 if (test_bit(BTUSB_WAKEUP_DISABLE, &data->flags))
1435 data->intf->needs_remote_wakeup = 1;
1437 usb_autopm_put_interface(data->intf);
1440 usb_scuttle_anchored_urbs(&data->deferred);
1444 static int btusb_flush(struct hci_dev *hdev)
1446 struct btusb_data *data = hci_get_drvdata(hdev);
1448 BT_DBG("%s", hdev->name);
1450 usb_kill_anchored_urbs(&data->tx_anchor);
1451 btusb_free_frags(data);
1456 static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb)
1458 struct btusb_data *data = hci_get_drvdata(hdev);
1459 struct usb_ctrlrequest *dr;
1463 urb = usb_alloc_urb(0, GFP_KERNEL);
1465 return ERR_PTR(-ENOMEM);
1467 dr = kmalloc(sizeof(*dr), GFP_KERNEL);
1470 return ERR_PTR(-ENOMEM);
1473 dr->bRequestType = data->cmdreq_type;
1474 dr->bRequest = data->cmdreq;
1477 dr->wLength = __cpu_to_le16(skb->len);
1479 pipe = usb_sndctrlpipe(data->udev, 0x00);
1481 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
1482 skb->data, skb->len, btusb_tx_complete, skb);
1484 skb->dev = (void *)hdev;
1489 static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb)
1491 struct btusb_data *data = hci_get_drvdata(hdev);
1495 if (!data->bulk_tx_ep)
1496 return ERR_PTR(-ENODEV);
1498 urb = usb_alloc_urb(0, GFP_KERNEL);
1500 return ERR_PTR(-ENOMEM);
1502 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress);
1504 usb_fill_bulk_urb(urb, data->udev, pipe,
1505 skb->data, skb->len, btusb_tx_complete, skb);
1507 skb->dev = (void *)hdev;
1512 static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb)
1514 struct btusb_data *data = hci_get_drvdata(hdev);
1518 if (!data->isoc_tx_ep)
1519 return ERR_PTR(-ENODEV);
1521 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL);
1523 return ERR_PTR(-ENOMEM);
1525 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress);
1527 usb_fill_int_urb(urb, data->udev, pipe,
1528 skb->data, skb->len, btusb_isoc_tx_complete,
1529 skb, data->isoc_tx_ep->bInterval);
1531 urb->transfer_flags = URB_ISO_ASAP;
1533 if (data->isoc_altsetting == 6)
1534 __fill_isoc_descriptor_msbc(urb, skb->len,
1535 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize),
1538 __fill_isoc_descriptor(urb, skb->len,
1539 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
1540 skb->dev = (void *)hdev;
1545 static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb)
1547 struct btusb_data *data = hci_get_drvdata(hdev);
1550 usb_anchor_urb(urb, &data->tx_anchor);
1552 err = usb_submit_urb(urb, GFP_KERNEL);
1554 if (err != -EPERM && err != -ENODEV)
1555 bt_dev_err(hdev, "urb %p submission failed (%d)",
1557 kfree(urb->setup_packet);
1558 usb_unanchor_urb(urb);
1560 usb_mark_last_busy(data->udev);
1567 static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb)
1569 struct btusb_data *data = hci_get_drvdata(hdev);
1570 unsigned long flags;
1573 spin_lock_irqsave(&data->txlock, flags);
1574 suspending = test_bit(BTUSB_SUSPENDING, &data->flags);
1576 data->tx_in_flight++;
1577 spin_unlock_irqrestore(&data->txlock, flags);
1580 return submit_tx_urb(hdev, urb);
1582 usb_anchor_urb(urb, &data->deferred);
1583 schedule_work(&data->waker);
1589 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
1593 BT_DBG("%s", hdev->name);
1595 switch (hci_skb_pkt_type(skb)) {
1596 case HCI_COMMAND_PKT:
1597 urb = alloc_ctrl_urb(hdev, skb);
1599 return PTR_ERR(urb);
1601 hdev->stat.cmd_tx++;
1602 return submit_or_queue_tx_urb(hdev, urb);
1604 case HCI_ACLDATA_PKT:
1605 urb = alloc_bulk_urb(hdev, skb);
1607 return PTR_ERR(urb);
1609 hdev->stat.acl_tx++;
1610 return submit_or_queue_tx_urb(hdev, urb);
1612 case HCI_SCODATA_PKT:
1613 if (hci_conn_num(hdev, SCO_LINK) < 1)
1616 urb = alloc_isoc_urb(hdev, skb);
1618 return PTR_ERR(urb);
1620 hdev->stat.sco_tx++;
1621 return submit_tx_urb(hdev, urb);
1627 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
1629 struct btusb_data *data = hci_get_drvdata(hdev);
1631 BT_DBG("%s evt %d", hdev->name, evt);
1633 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) {
1634 data->sco_num = hci_conn_num(hdev, SCO_LINK);
1635 data->air_mode = evt;
1636 schedule_work(&data->work);
1640 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
1642 struct btusb_data *data = hci_get_drvdata(hdev);
1643 struct usb_interface *intf = data->isoc;
1644 struct usb_endpoint_descriptor *ep_desc;
1650 err = usb_set_interface(data->udev, data->isoc_ifnum, altsetting);
1652 bt_dev_err(hdev, "setting interface failed (%d)", -err);
1656 data->isoc_altsetting = altsetting;
1658 data->isoc_tx_ep = NULL;
1659 data->isoc_rx_ep = NULL;
1661 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1662 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1664 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
1665 data->isoc_tx_ep = ep_desc;
1669 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
1670 data->isoc_rx_ep = ep_desc;
1675 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
1676 bt_dev_err(hdev, "invalid SCO descriptors");
1683 static int btusb_switch_alt_setting(struct hci_dev *hdev, int new_alts)
1685 struct btusb_data *data = hci_get_drvdata(hdev);
1688 if (data->isoc_altsetting != new_alts) {
1689 unsigned long flags;
1691 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1692 usb_kill_anchored_urbs(&data->isoc_anchor);
1694 /* When isochronous alternate setting needs to be
1695 * changed, because SCO connection has been added
1696 * or removed, a packet fragment may be left in the
1697 * reassembling state. This could lead to wrongly
1698 * assembled fragments.
1700 * Clear outstanding fragment when selecting a new
1701 * alternate setting.
1703 spin_lock_irqsave(&data->rxlock, flags);
1704 dev_kfree_skb_irq(data->sco_skb);
1705 data->sco_skb = NULL;
1706 spin_unlock_irqrestore(&data->rxlock, flags);
1708 err = __set_isoc_interface(hdev, new_alts);
1713 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1714 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
1715 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1717 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
1723 static struct usb_host_interface *btusb_find_altsetting(struct btusb_data *data,
1726 struct usb_interface *intf = data->isoc;
1729 BT_DBG("Looking for Alt no :%d", alt);
1734 for (i = 0; i < intf->num_altsetting; i++) {
1735 if (intf->altsetting[i].desc.bAlternateSetting == alt)
1736 return &intf->altsetting[i];
1742 static void btusb_work(struct work_struct *work)
1744 struct btusb_data *data = container_of(work, struct btusb_data, work);
1745 struct hci_dev *hdev = data->hdev;
1749 if (data->sco_num > 0) {
1750 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
1751 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
1753 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1754 usb_kill_anchored_urbs(&data->isoc_anchor);
1758 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
1761 if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_CVSD) {
1762 if (hdev->voice_setting & 0x0020) {
1763 static const int alts[3] = { 2, 4, 5 };
1765 new_alts = alts[data->sco_num - 1];
1767 new_alts = data->sco_num;
1769 } else if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_TRANSP) {
1770 /* Bluetooth USB spec recommends alt 6 (63 bytes), but
1771 * many adapters do not support it. Alt 1 appears to
1772 * work for all adapters that do not have alt 6, and
1773 * which work with WBS at all. Some devices prefer
1774 * alt 3 (HCI payload >= 60 Bytes let air packet
1775 * data satisfy 60 bytes), requiring
1776 * MTU >= 3 (packets) * 25 (size) - 3 (headers) = 72
1777 * see also Core spec 5, vol 4, B 2.1.1 & Table 2.1.
1779 if (btusb_find_altsetting(data, 6))
1781 else if (btusb_find_altsetting(data, 3) &&
1782 hdev->sco_mtu >= 72 &&
1783 test_bit(BTUSB_USE_ALT3_FOR_WBS, &data->flags))
1789 if (btusb_switch_alt_setting(hdev, new_alts) < 0)
1790 bt_dev_err(hdev, "set USB alt:(%d) failed!", new_alts);
1792 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1793 usb_kill_anchored_urbs(&data->isoc_anchor);
1795 __set_isoc_interface(hdev, 0);
1796 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
1797 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
1801 static void btusb_waker(struct work_struct *work)
1803 struct btusb_data *data = container_of(work, struct btusb_data, waker);
1806 err = usb_autopm_get_interface(data->intf);
1810 usb_autopm_put_interface(data->intf);
1813 static int btusb_setup_bcm92035(struct hci_dev *hdev)
1815 struct sk_buff *skb;
1818 BT_DBG("%s", hdev->name);
1820 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT);
1822 bt_dev_err(hdev, "BCM92035 command failed (%ld)", PTR_ERR(skb));
1829 static int btusb_setup_csr(struct hci_dev *hdev)
1831 struct btusb_data *data = hci_get_drvdata(hdev);
1832 u16 bcdDevice = le16_to_cpu(data->udev->descriptor.bcdDevice);
1833 struct hci_rp_read_local_version *rp;
1834 struct sk_buff *skb;
1835 bool is_fake = false;
1837 BT_DBG("%s", hdev->name);
1839 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1842 int err = PTR_ERR(skb);
1843 bt_dev_err(hdev, "CSR: Local version failed (%d)", err);
1847 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
1848 bt_dev_err(hdev, "CSR: Local version length mismatch");
1853 rp = (struct hci_rp_read_local_version *)skb->data;
1855 bt_dev_info(hdev, "CSR: Setting up dongle with HCI ver=%u rev=%04x; LMP ver=%u subver=%04x; manufacturer=%u",
1856 le16_to_cpu(rp->hci_ver), le16_to_cpu(rp->hci_rev),
1857 le16_to_cpu(rp->lmp_ver), le16_to_cpu(rp->lmp_subver),
1858 le16_to_cpu(rp->manufacturer));
1860 /* Detect a wide host of Chinese controllers that aren't CSR.
1862 * Known fake bcdDevices: 0x0100, 0x0134, 0x1915, 0x2520, 0x7558, 0x8891
1864 * The main thing they have in common is that these are really popular low-cost
1865 * options that support newer Bluetooth versions but rely on heavy VID/PID
1866 * squatting of this poor old Bluetooth 1.1 device. Even sold as such.
1868 * We detect actual CSR devices by checking that the HCI manufacturer code
1869 * is Cambridge Silicon Radio (10) and ensuring that LMP sub-version and
1870 * HCI rev values always match. As they both store the firmware number.
1872 if (le16_to_cpu(rp->manufacturer) != 10 ||
1873 le16_to_cpu(rp->hci_rev) != le16_to_cpu(rp->lmp_subver))
1876 /* Known legit CSR firmware build numbers and their supported BT versions:
1877 * - 1.1 (0x1) -> 0x0073, 0x020d, 0x033c, 0x034e
1878 * - 1.2 (0x2) -> 0x04d9, 0x0529
1879 * - 2.0 (0x3) -> 0x07a6, 0x07ad, 0x0c5c
1880 * - 2.1 (0x4) -> 0x149c, 0x1735, 0x1899 (0x1899 is a BlueCore4-External)
1881 * - 4.0 (0x6) -> 0x1d86, 0x2031, 0x22bb
1883 * e.g. Real CSR dongles with LMP subversion 0x73 are old enough that
1884 * support BT 1.1 only; so it's a dead giveaway when some
1885 * third-party BT 4.0 dongle reuses it.
1887 else if (le16_to_cpu(rp->lmp_subver) <= 0x034e &&
1888 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_1)
1891 else if (le16_to_cpu(rp->lmp_subver) <= 0x0529 &&
1892 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_2)
1895 else if (le16_to_cpu(rp->lmp_subver) <= 0x0c5c &&
1896 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_0)
1899 else if (le16_to_cpu(rp->lmp_subver) <= 0x1899 &&
1900 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_1)
1903 else if (le16_to_cpu(rp->lmp_subver) <= 0x22bb &&
1904 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_4_0)
1907 /* Other clones which beat all the above checks */
1908 else if (bcdDevice == 0x0134 &&
1909 le16_to_cpu(rp->lmp_subver) == 0x0c5c &&
1910 le16_to_cpu(rp->hci_ver) == BLUETOOTH_VER_2_0)
1914 bt_dev_warn(hdev, "CSR: Unbranded CSR clone detected; adding workarounds...");
1916 /* Generally these clones have big discrepancies between
1917 * advertised features and what's actually supported.
1918 * Probably will need to be expanded in the future;
1919 * without these the controller will lock up.
1921 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
1922 set_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks);
1924 /* Clear the reset quirk since this is not an actual
1925 * early Bluetooth 1.1 device from CSR.
1927 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1928 clear_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
1936 static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
1937 struct intel_version *ver)
1939 const struct firmware *fw;
1943 snprintf(fwname, sizeof(fwname),
1945 ver->hw_platform, ver->hw_variant, ver->hw_revision,
1946 ver->fw_variant, ver->fw_revision, ver->fw_build_num,
1947 ver->fw_build_ww, ver->fw_build_yy);
1949 ret = reject_firmware(&fw, fwname, &hdev->dev);
1951 if (ret == -EINVAL) {
1952 bt_dev_err(hdev, "Intel firmware file request failed (%d)",
1957 bt_dev_err(hdev, "failed to open Intel firmware file: %s (%d)",
1960 /* If the correct firmware patch file is not found, use the
1961 * default firmware patch file instead
1963 snprintf(fwname, sizeof(fwname), "/*(DEBLOBBED)*/",
1964 ver->hw_platform, ver->hw_variant);
1965 if (reject_firmware(&fw, fwname, &hdev->dev) < 0) {
1966 bt_dev_err(hdev, "failed to open default fw file: %s",
1972 bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname);
1977 static int btusb_setup_intel_patching(struct hci_dev *hdev,
1978 const struct firmware *fw,
1979 const u8 **fw_ptr, int *disable_patch)
1981 struct sk_buff *skb;
1982 struct hci_command_hdr *cmd;
1983 const u8 *cmd_param;
1984 struct hci_event_hdr *evt = NULL;
1985 const u8 *evt_param = NULL;
1986 int remain = fw->size - (*fw_ptr - fw->data);
1988 /* The first byte indicates the types of the patch command or event.
1989 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1990 * in the current firmware buffer doesn't start with 0x01 or
1991 * the size of remain buffer is smaller than HCI command header,
1992 * the firmware file is corrupted and it should stop the patching
1995 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1996 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd read");
2002 cmd = (struct hci_command_hdr *)(*fw_ptr);
2003 *fw_ptr += sizeof(*cmd);
2004 remain -= sizeof(*cmd);
2006 /* Ensure that the remain firmware data is long enough than the length
2007 * of command parameter. If not, the firmware file is corrupted.
2009 if (remain < cmd->plen) {
2010 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd len");
2014 /* If there is a command that loads a patch in the firmware
2015 * file, then enable the patch upon success, otherwise just
2016 * disable the manufacturer mode, for example patch activation
2017 * is not required when the default firmware patch file is used
2018 * because there are no patch data to load.
2020 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
2023 cmd_param = *fw_ptr;
2024 *fw_ptr += cmd->plen;
2025 remain -= cmd->plen;
2027 /* This reads the expected events when the above command is sent to the
2028 * device. Some vendor commands expects more than one events, for
2029 * example command status event followed by vendor specific event.
2030 * For this case, it only keeps the last expected event. so the command
2031 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
2032 * last expected event.
2034 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
2038 evt = (struct hci_event_hdr *)(*fw_ptr);
2039 *fw_ptr += sizeof(*evt);
2040 remain -= sizeof(*evt);
2042 if (remain < evt->plen) {
2043 bt_dev_err(hdev, "Intel fw corrupted: invalid evt len");
2047 evt_param = *fw_ptr;
2048 *fw_ptr += evt->plen;
2049 remain -= evt->plen;
2052 /* Every HCI commands in the firmware file has its correspond event.
2053 * If event is not found or remain is smaller than zero, the firmware
2054 * file is corrupted.
2056 if (!evt || !evt_param || remain < 0) {
2057 bt_dev_err(hdev, "Intel fw corrupted: invalid evt read");
2061 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
2062 cmd_param, evt->evt, HCI_INIT_TIMEOUT);
2064 bt_dev_err(hdev, "sending Intel patch command (0x%4.4x) failed (%ld)",
2065 cmd->opcode, PTR_ERR(skb));
2066 return PTR_ERR(skb);
2069 /* It ensures that the returned event matches the event data read from
2070 * the firmware file. At fist, it checks the length and then
2071 * the contents of the event.
2073 if (skb->len != evt->plen) {
2074 bt_dev_err(hdev, "mismatch event length (opcode 0x%4.4x)",
2075 le16_to_cpu(cmd->opcode));
2080 if (memcmp(skb->data, evt_param, evt->plen)) {
2081 bt_dev_err(hdev, "mismatch event parameter (opcode 0x%4.4x)",
2082 le16_to_cpu(cmd->opcode));
2091 static int btusb_setup_intel(struct hci_dev *hdev)
2093 struct sk_buff *skb;
2094 const struct firmware *fw;
2096 int disable_patch, err;
2097 struct intel_version ver;
2099 BT_DBG("%s", hdev->name);
2101 /* The controller has a bug with the first HCI command sent to it
2102 * returning number of completed commands as zero. This would stall the
2103 * command processing in the Bluetooth core.
2105 * As a workaround, send HCI Reset command first which will reset the
2106 * number of completed commands and allow normal command processing
2109 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
2111 bt_dev_err(hdev, "sending initial HCI reset command failed (%ld)",
2113 return PTR_ERR(skb);
2117 /* Read Intel specific controller version first to allow selection of
2118 * which firmware file to load.
2120 * The returned information are hardware variant and revision plus
2121 * firmware variant, revision and build number.
2123 err = btintel_read_version(hdev, &ver);
2127 bt_dev_info(hdev, "read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x",
2128 ver.hw_platform, ver.hw_variant, ver.hw_revision,
2129 ver.fw_variant, ver.fw_revision, ver.fw_build_num,
2130 ver.fw_build_ww, ver.fw_build_yy, ver.fw_patch_num);
2132 /* fw_patch_num indicates the version of patch the device currently
2133 * have. If there is no patch data in the device, it is always 0x00.
2134 * So, if it is other than 0x00, no need to patch the device again.
2136 if (ver.fw_patch_num) {
2137 bt_dev_info(hdev, "Intel device is already patched. "
2138 "patch num: %02x", ver.fw_patch_num);
2142 /* Opens the firmware patch file based on the firmware version read
2143 * from the controller. If it fails to open the matching firmware
2144 * patch file, it tries to open the default firmware patch file.
2145 * If no patch file is found, allow the device to operate without
2148 fw = btusb_setup_intel_get_fw(hdev, &ver);
2153 /* Enable the manufacturer mode of the controller.
2154 * Only while this mode is enabled, the driver can download the
2155 * firmware patch data and configuration parameters.
2157 err = btintel_enter_mfg(hdev);
2159 release_firmware(fw);
2165 /* The firmware data file consists of list of Intel specific HCI
2166 * commands and its expected events. The first byte indicates the
2167 * type of the message, either HCI command or HCI event.
2169 * It reads the command and its expected event from the firmware file,
2170 * and send to the controller. Once __hci_cmd_sync_ev() returns,
2171 * the returned event is compared with the event read from the firmware
2172 * file and it will continue until all the messages are downloaded to
2175 * Once the firmware patching is completed successfully,
2176 * the manufacturer mode is disabled with reset and activating the
2179 * If the firmware patching fails, the manufacturer mode is
2180 * disabled with reset and deactivating the patch.
2182 * If the default patch file is used, no reset is done when disabling
2185 while (fw->size > fw_ptr - fw->data) {
2188 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr,
2191 goto exit_mfg_deactivate;
2194 release_firmware(fw);
2197 goto exit_mfg_disable;
2199 /* Patching completed successfully and disable the manufacturer mode
2200 * with reset and activate the downloaded firmware patches.
2202 err = btintel_exit_mfg(hdev, true, true);
2206 /* Need build number for downloaded fw patches in
2207 * every power-on boot
2209 err = btintel_read_version(hdev, &ver);
2212 bt_dev_info(hdev, "Intel BT fw patch 0x%02x completed & activated",
2218 /* Disable the manufacturer mode without reset */
2219 err = btintel_exit_mfg(hdev, false, false);
2223 bt_dev_info(hdev, "Intel firmware patch completed");
2227 exit_mfg_deactivate:
2228 release_firmware(fw);
2230 /* Patching failed. Disable the manufacturer mode with reset and
2231 * deactivate the downloaded firmware patches.
2233 err = btintel_exit_mfg(hdev, true, false);
2237 bt_dev_info(hdev, "Intel firmware patch completed and deactivated");
2240 /* Set the event mask for Intel specific vendor events. This enables
2241 * a few extra events that are useful during general operation.
2243 btintel_set_event_mask_mfg(hdev, false);
2245 btintel_check_bdaddr(hdev);
2249 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
2251 struct sk_buff *skb;
2252 struct hci_event_hdr *hdr;
2253 struct hci_ev_cmd_complete *evt;
2255 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
2259 hdr = skb_put(skb, sizeof(*hdr));
2260 hdr->evt = HCI_EV_CMD_COMPLETE;
2261 hdr->plen = sizeof(*evt) + 1;
2263 evt = skb_put(skb, sizeof(*evt));
2265 evt->opcode = cpu_to_le16(opcode);
2267 skb_put_u8(skb, 0x00);
2269 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
2271 return hci_recv_frame(hdev, skb);
2274 static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer,
2277 /* When the device is in bootloader mode, then it can send
2278 * events via the bulk endpoint. These events are treated the
2279 * same way as the ones received from the interrupt endpoint.
2281 if (test_bit(BTUSB_BOOTLOADER, &data->flags))
2282 return btusb_recv_intr(data, buffer, count);
2284 return btusb_recv_bulk(data, buffer, count);
2287 static void btusb_intel_bootup(struct btusb_data *data, const void *ptr,
2290 const struct intel_bootup *evt = ptr;
2292 if (len != sizeof(*evt))
2295 if (test_and_clear_bit(BTUSB_BOOTING, &data->flags))
2296 wake_up_bit(&data->flags, BTUSB_BOOTING);
2299 static void btusb_intel_secure_send_result(struct btusb_data *data,
2300 const void *ptr, unsigned int len)
2302 const struct intel_secure_send_result *evt = ptr;
2304 if (len != sizeof(*evt))
2308 set_bit(BTUSB_FIRMWARE_FAILED, &data->flags);
2310 if (test_and_clear_bit(BTUSB_DOWNLOADING, &data->flags) &&
2311 test_bit(BTUSB_FIRMWARE_LOADED, &data->flags))
2312 wake_up_bit(&data->flags, BTUSB_DOWNLOADING);
2315 static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb)
2317 struct btusb_data *data = hci_get_drvdata(hdev);
2319 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) {
2320 struct hci_event_hdr *hdr = (void *)skb->data;
2322 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
2324 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
2325 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
2327 switch (skb->data[2]) {
2329 /* When switching to the operational firmware
2330 * the device sends a vendor specific event
2331 * indicating that the bootup completed.
2333 btusb_intel_bootup(data, ptr, len);
2336 /* When the firmware loading completes the
2337 * device sends out a vendor specific event
2338 * indicating the result of the firmware
2341 btusb_intel_secure_send_result(data, ptr, len);
2347 return hci_recv_frame(hdev, skb);
2350 static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb)
2352 struct btusb_data *data = hci_get_drvdata(hdev);
2355 BT_DBG("%s", hdev->name);
2357 switch (hci_skb_pkt_type(skb)) {
2358 case HCI_COMMAND_PKT:
2359 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) {
2360 struct hci_command_hdr *cmd = (void *)skb->data;
2361 __u16 opcode = le16_to_cpu(cmd->opcode);
2363 /* When in bootloader mode and the command 0xfc09
2364 * is received, it needs to be send down the
2365 * bulk endpoint. So allocate a bulk URB instead.
2367 if (opcode == 0xfc09)
2368 urb = alloc_bulk_urb(hdev, skb);
2370 urb = alloc_ctrl_urb(hdev, skb);
2372 /* When the 0xfc01 command is issued to boot into
2373 * the operational firmware, it will actually not
2374 * send a command complete event. To keep the flow
2375 * control working inject that event here.
2377 if (opcode == 0xfc01)
2378 inject_cmd_complete(hdev, opcode);
2380 urb = alloc_ctrl_urb(hdev, skb);
2383 return PTR_ERR(urb);
2385 hdev->stat.cmd_tx++;
2386 return submit_or_queue_tx_urb(hdev, urb);
2388 case HCI_ACLDATA_PKT:
2389 urb = alloc_bulk_urb(hdev, skb);
2391 return PTR_ERR(urb);
2393 hdev->stat.acl_tx++;
2394 return submit_or_queue_tx_urb(hdev, urb);
2396 case HCI_SCODATA_PKT:
2397 if (hci_conn_num(hdev, SCO_LINK) < 1)
2400 urb = alloc_isoc_urb(hdev, skb);
2402 return PTR_ERR(urb);
2404 hdev->stat.sco_tx++;
2405 return submit_tx_urb(hdev, urb);
2411 static bool btusb_setup_intel_new_get_fw_name(struct intel_version *ver,
2412 struct intel_boot_params *params,
2413 char *fw_name, size_t len,
2416 switch (ver->hw_variant) {
2417 case 0x0b: /* SfP */
2418 case 0x0c: /* WsP */
2419 snprintf(fw_name, len, "intel/ibt-%u-%u.%s",
2420 le16_to_cpu(ver->hw_variant),
2421 le16_to_cpu(params->dev_revid),
2424 case 0x11: /* JfP */
2425 case 0x12: /* ThP */
2426 case 0x13: /* HrP */
2427 case 0x14: /* CcP */
2428 snprintf(fw_name, len, "intel/ibt-%u-%u-%u.%s",
2429 le16_to_cpu(ver->hw_variant),
2430 le16_to_cpu(ver->hw_revision),
2431 le16_to_cpu(ver->fw_revision),
2440 static int btusb_intel_download_firmware(struct hci_dev *hdev,
2441 struct intel_version *ver,
2442 struct intel_boot_params *params,
2445 const struct firmware *fw;
2448 struct btusb_data *data = hci_get_drvdata(hdev);
2450 if (!ver || !params)
2453 /* The hardware platform number has a fixed value of 0x37 and
2454 * for now only accept this single value.
2456 if (ver->hw_platform != 0x37) {
2457 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)",
2462 /* Check for supported iBT hardware variants of this firmware
2465 * This check has been put in place to ensure correct forward
2466 * compatibility options when newer hardware variants come along.
2468 switch (ver->hw_variant) {
2469 case 0x0b: /* SfP */
2470 case 0x0c: /* WsP */
2471 case 0x11: /* JfP */
2472 case 0x12: /* ThP */
2473 case 0x13: /* HrP */
2474 case 0x14: /* CcP */
2477 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
2482 btintel_version_info(hdev, ver);
2484 /* The firmware variant determines if the device is in bootloader
2485 * mode or is running operational firmware. The value 0x06 identifies
2486 * the bootloader and the value 0x23 identifies the operational
2489 * When the operational firmware is already present, then only
2490 * the check for valid Bluetooth device address is needed. This
2491 * determines if the device will be added as configured or
2492 * unconfigured controller.
2494 * It is not possible to use the Secure Boot Parameters in this
2495 * case since that command is only available in bootloader mode.
2497 if (ver->fw_variant == 0x23) {
2498 clear_bit(BTUSB_BOOTLOADER, &data->flags);
2499 btintel_check_bdaddr(hdev);
2503 /* If the device is not in bootloader mode, then the only possible
2504 * choice is to return an error and abort the device initialization.
2506 if (ver->fw_variant != 0x06) {
2507 bt_dev_err(hdev, "Unsupported Intel firmware variant (%u)",
2512 /* Read the secure boot parameters to identify the operating
2513 * details of the bootloader.
2515 err = btintel_read_boot_params(hdev, params);
2519 /* It is required that every single firmware fragment is acknowledged
2520 * with a command complete event. If the boot parameters indicate
2521 * that this bootloader does not send them, then abort the setup.
2523 if (params->limited_cce != 0x00) {
2524 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)",
2525 params->limited_cce);
2529 /* If the OTP has no valid Bluetooth device address, then there will
2530 * also be no valid address for the operational firmware.
2532 if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) {
2533 bt_dev_info(hdev, "No device address configured");
2534 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
2537 /* With this Intel bootloader only the hardware variant and device
2538 * revision information are used to select the right firmware for SfP
2541 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi.
2543 * Currently the supported hardware variants are:
2544 * 11 (0x0b) for iBT3.0 (LnP/SfP)
2545 * 12 (0x0c) for iBT3.5 (WsP)
2547 * For ThP/JfP and for future SKU's, the FW name varies based on HW
2548 * variant, HW revision and FW revision, as these are dependent on CNVi
2549 * and RF Combination.
2551 * 17 (0x11) for iBT3.5 (JfP)
2552 * 18 (0x12) for iBT3.5 (ThP)
2554 * The firmware file name for these will be
2555 * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi.
2558 err = btusb_setup_intel_new_get_fw_name(ver, params, fwname,
2559 sizeof(fwname), "sfi");
2561 bt_dev_err(hdev, "Unsupported Intel firmware naming");
2565 err = reject_firmware(&fw, fwname, &hdev->dev);
2567 bt_dev_err(hdev, "Failed to load Intel firmware file (%d)", err);
2571 bt_dev_info(hdev, "Found device firmware: %s", fwname);
2573 if (fw->size < 644) {
2574 bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
2580 set_bit(BTUSB_DOWNLOADING, &data->flags);
2582 /* Start firmware downloading and get boot parameter */
2583 err = btintel_download_firmware(hdev, fw, boot_param);
2585 /* When FW download fails, send Intel Reset to retry
2588 btintel_reset_to_bootloader(hdev);
2591 set_bit(BTUSB_FIRMWARE_LOADED, &data->flags);
2593 bt_dev_info(hdev, "Waiting for firmware download to complete");
2595 /* Before switching the device into operational mode and with that
2596 * booting the loaded firmware, wait for the bootloader notification
2597 * that all fragments have been successfully received.
2599 * When the event processing receives the notification, then the
2600 * BTUSB_DOWNLOADING flag will be cleared.
2602 * The firmware loading should not take longer than 5 seconds
2603 * and thus just timeout if that happens and fail the setup
2606 err = wait_on_bit_timeout(&data->flags, BTUSB_DOWNLOADING,
2608 msecs_to_jiffies(5000));
2609 if (err == -EINTR) {
2610 bt_dev_err(hdev, "Firmware loading interrupted");
2615 bt_dev_err(hdev, "Firmware loading timeout");
2617 btintel_reset_to_bootloader(hdev);
2621 if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) {
2622 bt_dev_err(hdev, "Firmware loading failed");
2628 release_firmware(fw);
2632 static int btusb_setup_intel_new(struct hci_dev *hdev)
2634 struct btusb_data *data = hci_get_drvdata(hdev);
2635 struct intel_version ver;
2636 struct intel_boot_params params;
2639 ktime_t calltime, delta, rettime;
2640 unsigned long long duration;
2642 struct intel_debug_features features;
2644 BT_DBG("%s", hdev->name);
2646 /* Set the default boot parameter to 0x0 and it is updated to
2647 * SKU specific boot parameter after reading Intel_Write_Boot_Params
2648 * command while downloading the firmware.
2650 boot_param = 0x00000000;
2652 calltime = ktime_get();
2654 /* Read the Intel version information to determine if the device
2655 * is in bootloader mode or if it already has operational firmware
2658 err = btintel_read_version(hdev, &ver);
2660 bt_dev_err(hdev, "Intel Read version failed (%d)", err);
2661 btintel_reset_to_bootloader(hdev);
2665 err = btusb_intel_download_firmware(hdev, &ver, ¶ms, &boot_param);
2669 /* controller is already having an operational firmware */
2670 if (ver.fw_variant == 0x23)
2673 rettime = ktime_get();
2674 delta = ktime_sub(rettime, calltime);
2675 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
2677 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration);
2679 calltime = ktime_get();
2681 set_bit(BTUSB_BOOTING, &data->flags);
2683 err = btintel_send_intel_reset(hdev, boot_param);
2685 bt_dev_err(hdev, "Intel Soft Reset failed (%d)", err);
2686 btintel_reset_to_bootloader(hdev);
2690 /* The bootloader will not indicate when the device is ready. This
2691 * is done by the operational firmware sending bootup notification.
2693 * Booting into operational firmware should not take longer than
2694 * 1 second. However if that happens, then just fail the setup
2695 * since something went wrong.
2697 bt_dev_info(hdev, "Waiting for device to boot");
2699 err = wait_on_bit_timeout(&data->flags, BTUSB_BOOTING,
2701 msecs_to_jiffies(1000));
2703 if (err == -EINTR) {
2704 bt_dev_err(hdev, "Device boot interrupted");
2709 bt_dev_err(hdev, "Device boot timeout");
2710 btintel_reset_to_bootloader(hdev);
2714 rettime = ktime_get();
2715 delta = ktime_sub(rettime, calltime);
2716 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
2718 bt_dev_info(hdev, "Device booted in %llu usecs", duration);
2720 clear_bit(BTUSB_BOOTLOADER, &data->flags);
2722 err = btusb_setup_intel_new_get_fw_name(&ver, ¶ms, ddcname,
2723 sizeof(ddcname), "ddc");
2726 bt_dev_err(hdev, "Unsupported Intel firmware naming");
2728 /* Once the device is running in operational mode, it needs to
2729 * apply the device configuration (DDC) parameters.
2731 * The device can work without DDC parameters, so even if it
2732 * fails to load the file, no need to fail the setup.
2734 btintel_load_ddc_config(hdev, ddcname);
2737 /* Read the Intel supported features and if new exception formats
2738 * supported, need to load the additional DDC config to enable.
2740 btintel_read_debug_features(hdev, &features);
2742 /* Set DDC mask for available debug features */
2743 btintel_set_debug_features(hdev, &features);
2745 /* Read the Intel version information after loading the FW */
2746 err = btintel_read_version(hdev, &ver);
2750 btintel_version_info(hdev, &ver);
2753 /* All Intel controllers that support the Microsoft vendor
2754 * extension are using 0xFC1E for VsMsftOpCode.
2756 switch (ver.hw_variant) {
2757 case 0x12: /* ThP */
2758 hci_set_msft_opcode(hdev, 0xFC1E);
2762 /* Set the event mask for Intel specific vendor events. This enables
2763 * a few extra events that are useful during general operation. It
2764 * does not enable any debugging related events.
2766 * The device will function correctly without these events enabled
2767 * and thus no need to fail the setup.
2769 btintel_set_event_mask(hdev, false);
2774 static int btusb_shutdown_intel(struct hci_dev *hdev)
2776 struct sk_buff *skb;
2779 /* In the shutdown sequence where Bluetooth is turned off followed
2780 * by WiFi being turned off, turning WiFi back on causes issue with
2781 * the RF calibration.
2783 * To ensure that any RF activity has been stopped, issue HCI Reset
2784 * command to clear all ongoing activity including advertising,
2787 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
2790 bt_dev_err(hdev, "HCI reset during shutdown failed");
2795 /* Some platforms have an issue with BT LED when the interface is
2796 * down or BT radio is turned off, which takes 5 seconds to BT LED
2797 * goes off. This command turns off the BT LED immediately.
2799 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT);
2802 bt_dev_err(hdev, "turning off Intel device LED failed");
2810 static int btusb_shutdown_intel_new(struct hci_dev *hdev)
2812 struct sk_buff *skb;
2814 /* Send HCI Reset to the controller to stop any BT activity which
2815 * were triggered. This will help to save power and maintain the
2816 * sync b/w Host and controller
2818 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
2820 bt_dev_err(hdev, "HCI reset during shutdown failed");
2821 return PTR_ERR(skb);
2828 #define FIRMWARE_MT7663 "/*(DEBLOBBED)*/"
2829 #define FIRMWARE_MT7668 "/*(DEBLOBBED)*/"
2831 #define HCI_WMT_MAX_EVENT_SIZE 64
2834 BTMTK_WMT_PATCH_DWNLD = 0x1,
2835 BTMTK_WMT_FUNC_CTRL = 0x6,
2836 BTMTK_WMT_RST = 0x7,
2837 BTMTK_WMT_SEMAPHORE = 0x17,
2842 BTMTK_WMT_PATCH_UNDONE,
2843 BTMTK_WMT_PATCH_PROGRESS,
2844 BTMTK_WMT_PATCH_DONE,
2845 BTMTK_WMT_ON_UNDONE,
2847 BTMTK_WMT_ON_PROGRESS,
2850 struct btmtk_wmt_hdr {
2857 struct btmtk_hci_wmt_cmd {
2858 struct btmtk_wmt_hdr hdr;
2862 struct btmtk_hci_wmt_evt {
2863 struct hci_event_hdr hhdr;
2864 struct btmtk_wmt_hdr whdr;
2867 struct btmtk_hci_wmt_evt_funcc {
2868 struct btmtk_hci_wmt_evt hwhdr;
2872 struct btmtk_tci_sleep {
2875 __le16 host_duration;
2877 u8 time_compensation;
2880 struct btmtk_hci_wmt_params {
2888 static void btusb_mtk_wmt_recv(struct urb *urb)
2890 struct hci_dev *hdev = urb->context;
2891 struct btusb_data *data = hci_get_drvdata(hdev);
2892 struct hci_event_hdr *hdr;
2893 struct sk_buff *skb;
2896 if (urb->status == 0 && urb->actual_length > 0) {
2897 hdev->stat.byte_rx += urb->actual_length;
2899 /* WMT event shouldn't be fragmented and the size should be
2900 * less than HCI_WMT_MAX_EVENT_SIZE.
2902 skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC);
2904 hdev->stat.err_rx++;
2905 kfree(urb->setup_packet);
2909 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
2910 skb_put_data(skb, urb->transfer_buffer, urb->actual_length);
2912 hdr = (void *)skb->data;
2913 /* Fix up the vendor event id with 0xff for vendor specific
2914 * instead of 0xe4 so that event send via monitoring socket can
2915 * be parsed properly.
2919 /* When someone waits for the WMT event, the skb is being cloned
2920 * and being processed the events from there then.
2922 if (test_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags)) {
2923 data->evt_skb = skb_clone(skb, GFP_ATOMIC);
2924 if (!data->evt_skb) {
2926 kfree(urb->setup_packet);
2931 err = hci_recv_frame(hdev, skb);
2933 kfree_skb(data->evt_skb);
2934 data->evt_skb = NULL;
2935 kfree(urb->setup_packet);
2939 if (test_and_clear_bit(BTUSB_TX_WAIT_VND_EVT,
2941 /* Barrier to sync with other CPUs */
2942 smp_mb__after_atomic();
2943 wake_up_bit(&data->flags,
2944 BTUSB_TX_WAIT_VND_EVT);
2946 kfree(urb->setup_packet);
2948 } else if (urb->status == -ENOENT) {
2949 /* Avoid suspend failed when usb_kill_urb */
2953 usb_mark_last_busy(data->udev);
2955 /* The URB complete handler is still called with urb->actual_length = 0
2956 * when the event is not available, so we should keep re-submitting
2957 * URB until WMT event returns, Also, It's necessary to wait some time
2958 * between the two consecutive control URBs to relax the target device
2959 * to generate the event. Otherwise, the WMT event cannot return from
2960 * the device successfully.
2964 usb_anchor_urb(urb, &data->ctrl_anchor);
2965 err = usb_submit_urb(urb, GFP_ATOMIC);
2967 kfree(urb->setup_packet);
2968 /* -EPERM: urb is being killed;
2969 * -ENODEV: device got disconnected
2971 if (err != -EPERM && err != -ENODEV)
2972 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
2974 usb_unanchor_urb(urb);
2978 static int btusb_mtk_submit_wmt_recv_urb(struct hci_dev *hdev)
2980 struct btusb_data *data = hci_get_drvdata(hdev);
2981 struct usb_ctrlrequest *dr;
2987 urb = usb_alloc_urb(0, GFP_KERNEL);
2991 dr = kmalloc(sizeof(*dr), GFP_KERNEL);
2997 dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN;
2999 dr->wIndex = cpu_to_le16(0);
3000 dr->wValue = cpu_to_le16(48);
3001 dr->wLength = cpu_to_le16(size);
3003 buf = kmalloc(size, GFP_KERNEL);
3010 pipe = usb_rcvctrlpipe(data->udev, 0);
3012 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
3013 buf, size, btusb_mtk_wmt_recv, hdev);
3015 urb->transfer_flags |= URB_FREE_BUFFER;
3017 usb_anchor_urb(urb, &data->ctrl_anchor);
3018 err = usb_submit_urb(urb, GFP_KERNEL);
3020 if (err != -EPERM && err != -ENODEV)
3021 bt_dev_err(hdev, "urb %p submission failed (%d)",
3023 usb_unanchor_urb(urb);
3031 static int btusb_mtk_hci_wmt_sync(struct hci_dev *hdev,
3032 struct btmtk_hci_wmt_params *wmt_params)
3034 struct btusb_data *data = hci_get_drvdata(hdev);
3035 struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc;
3036 u32 hlen, status = BTMTK_WMT_INVALID;
3037 struct btmtk_hci_wmt_evt *wmt_evt;
3038 struct btmtk_hci_wmt_cmd *wc;
3039 struct btmtk_wmt_hdr *hdr;
3042 /* Send the WMT command and wait until the WMT event returns */
3043 hlen = sizeof(*hdr) + wmt_params->dlen;
3047 wc = kzalloc(hlen, GFP_KERNEL);
3053 hdr->op = wmt_params->op;
3054 hdr->dlen = cpu_to_le16(wmt_params->dlen + 1);
3055 hdr->flag = wmt_params->flag;
3056 memcpy(wc->data, wmt_params->data, wmt_params->dlen);
3058 set_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
3060 /* WMT cmd/event doesn't follow up the generic HCI cmd/event handling,
3061 * it needs constantly polling control pipe until the host received the
3062 * WMT event, thus, we should require to specifically acquire PM counter
3063 * on the USB to prevent the interface from entering auto suspended
3064 * while WMT cmd/event in progress.
3066 err = usb_autopm_get_interface(data->intf);
3070 err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc);
3073 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
3074 usb_autopm_put_interface(data->intf);
3078 /* Submit control IN URB on demand to process the WMT event */
3079 err = btusb_mtk_submit_wmt_recv_urb(hdev);
3081 usb_autopm_put_interface(data->intf);
3086 /* The vendor specific WMT commands are all answered by a vendor
3087 * specific event and will have the Command Status or Command
3088 * Complete as with usual HCI command flow control.
3090 * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT
3091 * state to be cleared. The driver specific event receive routine
3092 * will clear that state and with that indicate completion of the
3095 err = wait_on_bit_timeout(&data->flags, BTUSB_TX_WAIT_VND_EVT,
3096 TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT);
3097 if (err == -EINTR) {
3098 bt_dev_err(hdev, "Execution of wmt command interrupted");
3099 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
3104 bt_dev_err(hdev, "Execution of wmt command timed out");
3105 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
3110 if (data->evt_skb == NULL)
3113 /* Parse and handle the return WMT event */
3114 wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data;
3115 if (wmt_evt->whdr.op != hdr->op) {
3116 bt_dev_err(hdev, "Wrong op received %d expected %d",
3117 wmt_evt->whdr.op, hdr->op);
3122 switch (wmt_evt->whdr.op) {
3123 case BTMTK_WMT_SEMAPHORE:
3124 if (wmt_evt->whdr.flag == 2)
3125 status = BTMTK_WMT_PATCH_UNDONE;
3127 status = BTMTK_WMT_PATCH_DONE;
3129 case BTMTK_WMT_FUNC_CTRL:
3130 wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt;
3131 if (be16_to_cpu(wmt_evt_funcc->status) == 0x404)
3132 status = BTMTK_WMT_ON_DONE;
3133 else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420)
3134 status = BTMTK_WMT_ON_PROGRESS;
3136 status = BTMTK_WMT_ON_UNDONE;
3140 if (wmt_params->status)
3141 *wmt_params->status = status;
3144 kfree_skb(data->evt_skb);
3145 data->evt_skb = NULL;
3151 static int btusb_mtk_setup_firmware(struct hci_dev *hdev, const char *fwname)
3153 struct btmtk_hci_wmt_params wmt_params;
3154 const struct firmware *fw;
3160 err = reject_firmware(&fw, fwname, &hdev->dev);
3162 bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
3166 /* Power on data RAM the firmware relies on. */
3168 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
3169 wmt_params.flag = 3;
3170 wmt_params.dlen = sizeof(param);
3171 wmt_params.data = ¶m;
3172 wmt_params.status = NULL;
3174 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3176 bt_dev_err(hdev, "Failed to power on data RAM (%d)", err);
3177 goto err_release_fw;
3183 /* The size of patch header is 30 bytes, should be skip */
3186 goto err_release_fw;
3193 wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
3194 wmt_params.status = NULL;
3196 while (fw_size > 0) {
3197 dlen = min_t(int, 250, fw_size);
3199 /* Tell deivice the position in sequence */
3200 if (fw_size - dlen <= 0)
3202 else if (fw_size < fw->size - 30)
3205 wmt_params.flag = flag;
3206 wmt_params.dlen = dlen;
3207 wmt_params.data = fw_ptr;
3209 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3211 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
3213 goto err_release_fw;
3220 wmt_params.op = BTMTK_WMT_RST;
3221 wmt_params.flag = 4;
3222 wmt_params.dlen = 0;
3223 wmt_params.data = NULL;
3224 wmt_params.status = NULL;
3226 /* Activate funciton the firmware providing to */
3227 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3229 bt_dev_err(hdev, "Failed to send wmt rst (%d)", err);
3230 goto err_release_fw;
3233 /* Wait a few moments for firmware activation done */
3234 usleep_range(10000, 12000);
3237 release_firmware(fw);
3242 static int btusb_mtk_func_query(struct hci_dev *hdev)
3244 struct btmtk_hci_wmt_params wmt_params;
3248 /* Query whether the function is enabled */
3249 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
3250 wmt_params.flag = 4;
3251 wmt_params.dlen = sizeof(param);
3252 wmt_params.data = ¶m;
3253 wmt_params.status = &status;
3255 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3257 bt_dev_err(hdev, "Failed to query function status (%d)", err);
3264 static int btusb_mtk_reg_read(struct btusb_data *data, u32 reg, u32 *val)
3266 int pipe, err, size = sizeof(u32);
3269 buf = kzalloc(size, GFP_KERNEL);
3273 pipe = usb_rcvctrlpipe(data->udev, 0);
3274 err = usb_control_msg(data->udev, pipe, 0x63,
3275 USB_TYPE_VENDOR | USB_DIR_IN,
3276 reg >> 16, reg & 0xffff,
3277 buf, size, USB_CTRL_SET_TIMEOUT);
3281 *val = get_unaligned_le32(buf);
3289 static int btusb_mtk_id_get(struct btusb_data *data, u32 reg, u32 *id)
3291 return btusb_mtk_reg_read(data, reg, id);
3294 static int btusb_mtk_setup(struct hci_dev *hdev)
3296 struct btusb_data *data = hci_get_drvdata(hdev);
3297 struct btmtk_hci_wmt_params wmt_params;
3298 ktime_t calltime, delta, rettime;
3299 struct btmtk_tci_sleep tci_sleep;
3300 unsigned long long duration;
3301 struct sk_buff *skb;
3307 calltime = ktime_get();
3309 err = btusb_mtk_id_get(data, 0x80000008, &dev_id);
3311 bt_dev_err(hdev, "Failed to get device id (%d)", err);
3317 fwname = FIRMWARE_MT7663;
3320 fwname = FIRMWARE_MT7668;
3323 bt_dev_err(hdev, "Unsupported support hardware variant (%08x)",
3328 /* Query whether the firmware is already download */
3329 wmt_params.op = BTMTK_WMT_SEMAPHORE;
3330 wmt_params.flag = 1;
3331 wmt_params.dlen = 0;
3332 wmt_params.data = NULL;
3333 wmt_params.status = &status;
3335 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3337 bt_dev_err(hdev, "Failed to query firmware status (%d)", err);
3341 if (status == BTMTK_WMT_PATCH_DONE) {
3342 bt_dev_info(hdev, "firmware already downloaded");
3343 goto ignore_setup_fw;
3346 /* Setup a firmware which the device definitely requires */
3347 err = btusb_mtk_setup_firmware(hdev, fwname);
3352 err = readx_poll_timeout(btusb_mtk_func_query, hdev, status,
3353 status < 0 || status != BTMTK_WMT_ON_PROGRESS,
3355 /* -ETIMEDOUT happens */
3359 /* The other errors happen in btusb_mtk_func_query */
3363 if (status == BTMTK_WMT_ON_DONE) {
3364 bt_dev_info(hdev, "function already on");
3365 goto ignore_func_on;
3368 /* Enable Bluetooth protocol */
3370 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
3371 wmt_params.flag = 0;
3372 wmt_params.dlen = sizeof(param);
3373 wmt_params.data = ¶m;
3374 wmt_params.status = NULL;
3376 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3378 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
3383 /* Apply the low power environment setup */
3384 tci_sleep.mode = 0x5;
3385 tci_sleep.duration = cpu_to_le16(0x640);
3386 tci_sleep.host_duration = cpu_to_le16(0x640);
3387 tci_sleep.host_wakeup_pin = 0;
3388 tci_sleep.time_compensation = 0;
3390 skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep,
3394 bt_dev_err(hdev, "Failed to apply low power setting (%d)", err);
3399 rettime = ktime_get();
3400 delta = ktime_sub(rettime, calltime);
3401 duration = (unsigned long long)ktime_to_ns(delta) >> 10;
3403 bt_dev_info(hdev, "Device setup in %llu usecs", duration);
3408 static int btusb_mtk_shutdown(struct hci_dev *hdev)
3410 struct btmtk_hci_wmt_params wmt_params;
3414 /* Disable the device */
3415 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
3416 wmt_params.flag = 0;
3417 wmt_params.dlen = sizeof(param);
3418 wmt_params.data = ¶m;
3419 wmt_params.status = NULL;
3421 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3423 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
3433 /* Configure an out-of-band gpio as wake-up pin, if specified in device tree */
3434 static int marvell_config_oob_wake(struct hci_dev *hdev)
3436 struct sk_buff *skb;
3437 struct btusb_data *data = hci_get_drvdata(hdev);
3438 struct device *dev = &data->udev->dev;
3439 u16 pin, gap, opcode;
3443 /* Move on if no wakeup pin specified */
3444 if (of_property_read_u16(dev->of_node, "marvell,wakeup-pin", &pin) ||
3445 of_property_read_u16(dev->of_node, "marvell,wakeup-gap-ms", &gap))
3448 /* Vendor specific command to configure a GPIO as wake-up pin */
3449 opcode = hci_opcode_pack(0x3F, 0x59);
3450 cmd[0] = opcode & 0xFF;
3451 cmd[1] = opcode >> 8;
3452 cmd[2] = 2; /* length of parameters that follow */
3454 cmd[4] = gap; /* time in ms, for which wakeup pin should be asserted */
3456 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
3458 bt_dev_err(hdev, "%s: No memory\n", __func__);
3462 skb_put_data(skb, cmd, sizeof(cmd));
3463 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
3465 ret = btusb_send_frame(hdev, skb);
3467 bt_dev_err(hdev, "%s: configuration failed\n", __func__);
3476 static int btusb_set_bdaddr_marvell(struct hci_dev *hdev,
3477 const bdaddr_t *bdaddr)
3479 struct sk_buff *skb;
3484 buf[1] = sizeof(bdaddr_t);
3485 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t));
3487 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT);
3490 bt_dev_err(hdev, "changing Marvell device address failed (%ld)",
3499 static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev,
3500 const bdaddr_t *bdaddr)
3502 struct sk_buff *skb;
3509 buf[3] = sizeof(bdaddr_t);
3510 memcpy(buf + 4, bdaddr, sizeof(bdaddr_t));
3512 skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT);
3515 bt_dev_err(hdev, "Change address command failed (%ld)", ret);
3523 static int btusb_set_bdaddr_wcn6855(struct hci_dev *hdev,
3524 const bdaddr_t *bdaddr)
3526 struct sk_buff *skb;
3530 memcpy(buf, bdaddr, sizeof(bdaddr_t));
3532 skb = __hci_cmd_sync_ev(hdev, 0xfc14, sizeof(buf), buf,
3533 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
3536 bt_dev_err(hdev, "Change address command failed (%ld)", ret);
3544 #define QCA_DFU_PACKET_LEN 4096
3546 #define QCA_GET_TARGET_VERSION 0x09
3547 #define QCA_CHECK_STATUS 0x05
3548 #define QCA_DFU_DOWNLOAD 0x01
3550 #define QCA_SYSCFG_UPDATED 0x40
3551 #define QCA_PATCH_UPDATED 0x80
3552 #define QCA_DFU_TIMEOUT 3000
3554 struct qca_version {
3556 __le32 patch_version;
3562 struct qca_rampatch_version {
3563 __le16 rom_version_high;
3564 __le16 rom_version_low;
3565 __le16 patch_version;
3568 struct qca_device_info {
3570 u8 rampatch_hdr; /* length of header in rampatch */
3571 u8 nvm_hdr; /* length of header in NVM */
3572 u8 ver_offset; /* offset of version structure in rampatch */
3575 static const struct qca_device_info qca_devices_table[] = {
3576 { 0x00000100, 20, 4, 8 }, /* Rome 1.0 */
3577 { 0x00000101, 20, 4, 8 }, /* Rome 1.1 */
3578 { 0x00000200, 28, 4, 16 }, /* Rome 2.0 */
3579 { 0x00000201, 28, 4, 16 }, /* Rome 2.1 */
3580 { 0x00000300, 28, 4, 16 }, /* Rome 3.0 */
3581 { 0x00000302, 28, 4, 16 }, /* Rome 3.2 */
3582 { 0x00130100, 40, 4, 16 }, /* WCN6855 1.0 */
3583 { 0x00130200, 40, 4, 16 }, /* WCN6855 2.0 */
3586 static int btusb_qca_send_vendor_req(struct usb_device *udev, u8 request,
3587 void *data, u16 size)
3592 buf = kmalloc(size, GFP_KERNEL);
3596 /* Found some of USB hosts have IOT issues with ours so that we should
3597 * not wait until HCI layer is ready.
3599 pipe = usb_rcvctrlpipe(udev, 0);
3600 err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN,
3601 0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
3603 dev_err(&udev->dev, "Failed to access otp area (%d)", err);
3607 memcpy(data, buf, size);
3615 static int btusb_setup_qca_download_fw(struct hci_dev *hdev,
3616 const struct firmware *firmware,
3619 struct btusb_data *btdata = hci_get_drvdata(hdev);
3620 struct usb_device *udev = btdata->udev;
3621 size_t count, size, sent = 0;
3625 buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL);
3629 count = firmware->size;
3631 size = min_t(size_t, count, hdr_size);
3632 memcpy(buf, firmware->data, size);
3634 /* USB patches should go down to controller through USB path
3635 * because binary format fits to go down through USB channel.
3636 * USB control path is for patching headers and USB bulk is for
3639 pipe = usb_sndctrlpipe(udev, 0);
3640 err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR,
3641 0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
3643 bt_dev_err(hdev, "Failed to send headers (%d)", err);
3650 /* ep2 need time to switch from function acl to function dfu,
3651 * so we add 20ms delay here.
3656 size = min_t(size_t, count, QCA_DFU_PACKET_LEN);
3658 memcpy(buf, firmware->data + sent, size);
3660 pipe = usb_sndbulkpipe(udev, 0x02);
3661 err = usb_bulk_msg(udev, pipe, buf, size, &len,
3664 bt_dev_err(hdev, "Failed to send body at %zd of %zd (%d)",
3665 sent, firmware->size, err);
3670 bt_dev_err(hdev, "Failed to get bulk buffer");
3684 static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev,
3685 struct qca_version *ver,
3686 const struct qca_device_info *info)
3688 struct qca_rampatch_version *rver;
3689 const struct firmware *fw;
3690 u32 ver_rom, ver_patch, rver_rom;
3691 u16 rver_rom_low, rver_rom_high, rver_patch;
3695 ver_rom = le32_to_cpu(ver->rom_version);
3696 ver_patch = le32_to_cpu(ver->patch_version);
3698 snprintf(fwname, sizeof(fwname), "/*(DEBLOBBED)*/", ver_rom);
3700 err = reject_firmware(&fw, fwname, &hdev->dev);
3702 bt_dev_err(hdev, "failed to request rampatch file: %s (%d)",
3707 bt_dev_info(hdev, "using rampatch file: %s", fwname);
3709 rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset);
3710 rver_rom_low = le16_to_cpu(rver->rom_version_low);
3711 rver_patch = le16_to_cpu(rver->patch_version);
3713 if (ver_rom & ~0xffffU) {
3714 rver_rom_high = le16_to_cpu(rver->rom_version_high);
3715 rver_rom = le32_to_cpu(rver_rom_high << 16 | rver_rom_low);
3717 rver_rom = rver_rom_low;
3720 bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, "
3721 "firmware rome 0x%x build 0x%x",
3722 rver_rom, rver_patch, ver_rom, ver_patch);
3724 if (rver_rom != ver_rom || rver_patch <= ver_patch) {
3725 bt_dev_err(hdev, "rampatch file version did not match with firmware");
3730 err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr);
3733 release_firmware(fw);
3738 static int btusb_setup_qca_load_nvm(struct hci_dev *hdev,
3739 struct qca_version *ver,
3740 const struct qca_device_info *info)
3742 const struct firmware *fw;
3746 snprintf(fwname, sizeof(fwname), "/*(DEBLOBBED)*/",
3747 le32_to_cpu(ver->rom_version));
3749 err = reject_firmware(&fw, fwname, &hdev->dev);
3751 bt_dev_err(hdev, "failed to request NVM file: %s (%d)",
3756 bt_dev_info(hdev, "using NVM file: %s", fwname);
3758 err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr);
3760 release_firmware(fw);
3765 /* identify the ROM version and check whether patches are needed */
3766 static bool btusb_qca_need_patch(struct usb_device *udev)
3768 struct qca_version ver;
3770 if (btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
3773 /* only low ROM versions need patches */
3774 return !(le32_to_cpu(ver.rom_version) & ~0xffffU);
3777 static int btusb_setup_qca(struct hci_dev *hdev)
3779 struct btusb_data *btdata = hci_get_drvdata(hdev);
3780 struct usb_device *udev = btdata->udev;
3781 const struct qca_device_info *info = NULL;
3782 struct qca_version ver;
3787 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
3792 ver_rom = le32_to_cpu(ver.rom_version);
3794 for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) {
3795 if (ver_rom == qca_devices_table[i].rom_version)
3796 info = &qca_devices_table[i];
3799 /* If the rom_version is not matched in the qca_devices_table
3800 * and the high ROM version is not zero, we assume this chip no
3801 * need to load the rampatch and nvm.
3803 if (ver_rom & ~0xffffU)
3806 bt_dev_err(hdev, "don't support firmware rome 0x%x", ver_rom);
3810 err = btusb_qca_send_vendor_req(udev, QCA_CHECK_STATUS, &status,
3815 if (!(status & QCA_PATCH_UPDATED)) {
3816 err = btusb_setup_qca_load_rampatch(hdev, &ver, info);
3821 if (!(status & QCA_SYSCFG_UPDATED)) {
3822 err = btusb_setup_qca_load_nvm(hdev, &ver, info);
3830 static inline int __set_diag_interface(struct hci_dev *hdev)
3832 struct btusb_data *data = hci_get_drvdata(hdev);
3833 struct usb_interface *intf = data->diag;
3839 data->diag_tx_ep = NULL;
3840 data->diag_rx_ep = NULL;
3842 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
3843 struct usb_endpoint_descriptor *ep_desc;
3845 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
3847 if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
3848 data->diag_tx_ep = ep_desc;
3852 if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
3853 data->diag_rx_ep = ep_desc;
3858 if (!data->diag_tx_ep || !data->diag_rx_ep) {
3859 bt_dev_err(hdev, "invalid diagnostic descriptors");
3866 static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable)
3868 struct btusb_data *data = hci_get_drvdata(hdev);
3869 struct sk_buff *skb;
3873 if (!data->diag_tx_ep)
3874 return ERR_PTR(-ENODEV);
3876 urb = usb_alloc_urb(0, GFP_KERNEL);
3878 return ERR_PTR(-ENOMEM);
3880 skb = bt_skb_alloc(2, GFP_KERNEL);
3883 return ERR_PTR(-ENOMEM);
3886 skb_put_u8(skb, 0xf0);
3887 skb_put_u8(skb, enable);
3889 pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress);
3891 usb_fill_bulk_urb(urb, data->udev, pipe,
3892 skb->data, skb->len, btusb_tx_complete, skb);
3894 skb->dev = (void *)hdev;
3899 static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable)
3901 struct btusb_data *data = hci_get_drvdata(hdev);
3907 if (!test_bit(HCI_RUNNING, &hdev->flags))
3910 urb = alloc_diag_urb(hdev, enable);
3912 return PTR_ERR(urb);
3914 return submit_or_queue_tx_urb(hdev, urb);
3918 static irqreturn_t btusb_oob_wake_handler(int irq, void *priv)
3920 struct btusb_data *data = priv;
3922 pm_wakeup_event(&data->udev->dev, 0);
3925 /* Disable only if not already disabled (keep it balanced) */
3926 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) {
3927 disable_irq_nosync(irq);
3928 disable_irq_wake(irq);
3933 static const struct of_device_id btusb_match_table[] = {
3934 { .compatible = "usb1286,204e" },
3935 { .compatible = "usbcf3,e300" }, /* QCA6174A */
3936 { .compatible = "usb4ca,301a" }, /* QCA6174A (Lite-On) */
3939 MODULE_DEVICE_TABLE(of, btusb_match_table);
3941 /* Use an oob wakeup pin? */
3942 static int btusb_config_oob_wake(struct hci_dev *hdev)
3944 struct btusb_data *data = hci_get_drvdata(hdev);
3945 struct device *dev = &data->udev->dev;
3948 clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags);
3950 if (!of_match_device(btusb_match_table, dev))
3953 /* Move on if no IRQ specified */
3954 irq = of_irq_get_byname(dev->of_node, "wakeup");
3956 bt_dev_dbg(hdev, "%s: no OOB Wakeup IRQ in DT", __func__);
3960 irq_set_status_flags(irq, IRQ_NOAUTOEN);
3961 ret = devm_request_irq(&hdev->dev, irq, btusb_oob_wake_handler,
3962 0, "OOB Wake-on-BT", data);
3964 bt_dev_err(hdev, "%s: IRQ request failed", __func__);
3968 ret = device_init_wakeup(dev, true);
3970 bt_dev_err(hdev, "%s: failed to init_wakeup", __func__);
3974 data->oob_wake_irq = irq;
3975 bt_dev_info(hdev, "OOB Wake-on-BT configured at IRQ %u", irq);
3980 static void btusb_check_needs_reset_resume(struct usb_interface *intf)
3982 if (dmi_check_system(btusb_needs_reset_resume_table))
3983 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME;
3986 static bool btusb_prevent_wake(struct hci_dev *hdev)
3988 struct btusb_data *data = hci_get_drvdata(hdev);
3990 if (test_bit(BTUSB_WAKEUP_DISABLE, &data->flags))
3993 return !device_may_wakeup(&data->udev->dev);
3996 static int btusb_probe(struct usb_interface *intf,
3997 const struct usb_device_id *id)
3999 struct usb_endpoint_descriptor *ep_desc;
4000 struct gpio_desc *reset_gpio;
4001 struct btusb_data *data;
4002 struct hci_dev *hdev;
4003 unsigned ifnum_base;
4006 BT_DBG("intf %p id %p", intf, id);
4008 /* interface numbers are hardcoded in the spec */
4009 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) {
4010 if (!(id->driver_info & BTUSB_IFNUM_2))
4012 if (intf->cur_altsetting->desc.bInterfaceNumber != 2)
4016 ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber;
4018 if (!id->driver_info) {
4019 const struct usb_device_id *match;
4021 match = usb_match_id(intf, blacklist_table);
4026 if (id->driver_info == BTUSB_IGNORE)
4029 if (id->driver_info & BTUSB_ATH3012) {
4030 struct usb_device *udev = interface_to_usbdev(intf);
4032 /* Old firmware would otherwise let ath3k driver load
4033 * patch and sysconfig files
4035 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001 &&
4036 !btusb_qca_need_patch(udev))
4040 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
4044 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
4045 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
4047 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
4048 data->intr_ep = ep_desc;
4052 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
4053 data->bulk_tx_ep = ep_desc;
4057 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
4058 data->bulk_rx_ep = ep_desc;
4063 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
4066 if (id->driver_info & BTUSB_AMP) {
4067 data->cmdreq_type = USB_TYPE_CLASS | 0x01;
4068 data->cmdreq = 0x2b;
4070 data->cmdreq_type = USB_TYPE_CLASS;
4071 data->cmdreq = 0x00;
4074 data->udev = interface_to_usbdev(intf);
4077 INIT_WORK(&data->work, btusb_work);
4078 INIT_WORK(&data->waker, btusb_waker);
4079 init_usb_anchor(&data->deferred);
4080 init_usb_anchor(&data->tx_anchor);
4081 spin_lock_init(&data->txlock);
4083 init_usb_anchor(&data->intr_anchor);
4084 init_usb_anchor(&data->bulk_anchor);
4085 init_usb_anchor(&data->isoc_anchor);
4086 init_usb_anchor(&data->diag_anchor);
4087 init_usb_anchor(&data->ctrl_anchor);
4088 spin_lock_init(&data->rxlock);
4090 if (id->driver_info & BTUSB_INTEL_NEW) {
4091 data->recv_event = btusb_recv_event_intel;
4092 data->recv_bulk = btusb_recv_bulk_intel;
4093 set_bit(BTUSB_BOOTLOADER, &data->flags);
4095 data->recv_event = hci_recv_frame;
4096 data->recv_bulk = btusb_recv_bulk;
4099 hdev = hci_alloc_dev();
4103 hdev->bus = HCI_USB;
4104 hci_set_drvdata(hdev, data);
4106 if (id->driver_info & BTUSB_AMP)
4107 hdev->dev_type = HCI_AMP;
4109 hdev->dev_type = HCI_PRIMARY;
4113 SET_HCIDEV_DEV(hdev, &intf->dev);
4115 reset_gpio = gpiod_get_optional(&data->udev->dev, "reset",
4117 if (IS_ERR(reset_gpio)) {
4118 err = PTR_ERR(reset_gpio);
4120 } else if (reset_gpio) {
4121 data->reset_gpio = reset_gpio;
4124 hdev->open = btusb_open;
4125 hdev->close = btusb_close;
4126 hdev->flush = btusb_flush;
4127 hdev->send = btusb_send_frame;
4128 hdev->notify = btusb_notify;
4129 hdev->prevent_wake = btusb_prevent_wake;
4132 err = btusb_config_oob_wake(hdev);
4136 /* Marvell devices may need a specific chip configuration */
4137 if (id->driver_info & BTUSB_MARVELL && data->oob_wake_irq) {
4138 err = marvell_config_oob_wake(hdev);
4143 if (id->driver_info & BTUSB_CW6622)
4144 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
4146 if (id->driver_info & BTUSB_BCM2045)
4147 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
4149 if (id->driver_info & BTUSB_BCM92035)
4150 hdev->setup = btusb_setup_bcm92035;
4152 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) &&
4153 (id->driver_info & BTUSB_BCM_PATCHRAM)) {
4154 hdev->manufacturer = 15;
4155 hdev->setup = btbcm_setup_patchram;
4156 hdev->set_diag = btusb_bcm_set_diag;
4157 hdev->set_bdaddr = btbcm_set_bdaddr;
4159 /* Broadcom LM_DIAG Interface numbers are hardcoded */
4160 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
4163 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) &&
4164 (id->driver_info & BTUSB_BCM_APPLE)) {
4165 hdev->manufacturer = 15;
4166 hdev->setup = btbcm_setup_apple;
4167 hdev->set_diag = btusb_bcm_set_diag;
4169 /* Broadcom LM_DIAG Interface numbers are hardcoded */
4170 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
4173 if (id->driver_info & BTUSB_INTEL) {
4174 hdev->manufacturer = 2;
4175 hdev->setup = btusb_setup_intel;
4176 hdev->shutdown = btusb_shutdown_intel;
4177 hdev->set_diag = btintel_set_diag_mfg;
4178 hdev->set_bdaddr = btintel_set_bdaddr;
4179 hdev->cmd_timeout = btusb_intel_cmd_timeout;
4180 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
4181 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
4182 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
4185 if (id->driver_info & BTUSB_INTEL_NEW) {
4186 hdev->manufacturer = 2;
4187 hdev->send = btusb_send_frame_intel;
4188 hdev->setup = btusb_setup_intel_new;
4189 hdev->shutdown = btusb_shutdown_intel_new;
4190 hdev->hw_error = btintel_hw_error;
4191 hdev->set_diag = btintel_set_diag;
4192 hdev->set_bdaddr = btintel_set_bdaddr;
4193 hdev->cmd_timeout = btusb_intel_cmd_timeout;
4194 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
4195 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
4196 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
4199 if (id->driver_info & BTUSB_MARVELL)
4200 hdev->set_bdaddr = btusb_set_bdaddr_marvell;
4202 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK) &&
4203 (id->driver_info & BTUSB_MEDIATEK)) {
4204 hdev->setup = btusb_mtk_setup;
4205 hdev->shutdown = btusb_mtk_shutdown;
4206 hdev->manufacturer = 70;
4207 set_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks);
4210 if (id->driver_info & BTUSB_SWAVE) {
4211 set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks);
4212 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks);
4215 if (id->driver_info & BTUSB_INTEL_BOOT) {
4216 hdev->manufacturer = 2;
4217 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
4220 if (id->driver_info & BTUSB_ATH3012) {
4221 data->setup_on_usb = btusb_setup_qca;
4222 hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
4223 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
4224 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
4227 if (id->driver_info & BTUSB_QCA_ROME) {
4228 data->setup_on_usb = btusb_setup_qca;
4229 hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
4230 hdev->cmd_timeout = btusb_qca_cmd_timeout;
4231 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
4232 btusb_check_needs_reset_resume(intf);
4235 if (id->driver_info & BTUSB_QCA_WCN6855) {
4236 data->setup_on_usb = btusb_setup_qca;
4237 hdev->set_bdaddr = btusb_set_bdaddr_wcn6855;
4238 hdev->cmd_timeout = btusb_qca_cmd_timeout;
4239 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
4242 if (id->driver_info & BTUSB_AMP) {
4243 /* AMP controllers do not support SCO packets */
4246 /* Interface orders are hardcoded in the specification */
4247 data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1);
4248 data->isoc_ifnum = ifnum_base + 1;
4251 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_RTL) &&
4252 (id->driver_info & BTUSB_REALTEK)) {
4253 hdev->setup = btrtl_setup_realtek;
4254 hdev->shutdown = btrtl_shutdown_realtek;
4255 hdev->cmd_timeout = btusb_rtl_cmd_timeout;
4257 /* Realtek devices lose their updated firmware over global
4258 * suspend that means host doesn't send SET_FEATURE
4259 * (DEVICE_REMOTE_WAKEUP)
4261 set_bit(BTUSB_WAKEUP_DISABLE, &data->flags);
4262 set_bit(BTUSB_USE_ALT3_FOR_WBS, &data->flags);
4266 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
4268 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
4269 if (!disable_scofix)
4270 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
4273 if (id->driver_info & BTUSB_BROKEN_ISOC)
4276 if (id->driver_info & BTUSB_WIDEBAND_SPEECH)
4277 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
4279 if (id->driver_info & BTUSB_VALID_LE_STATES)
4280 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
4282 if (id->driver_info & BTUSB_DIGIANSWER) {
4283 data->cmdreq_type = USB_TYPE_VENDOR;
4284 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
4287 if (id->driver_info & BTUSB_CSR) {
4288 struct usb_device *udev = data->udev;
4289 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice);
4291 /* Old firmware would otherwise execute USB reset */
4292 if (bcdDevice < 0x117)
4293 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
4295 /* This must be set first in case we disable it for fakes */
4296 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
4298 /* Fake CSR devices with broken commands */
4299 if (le16_to_cpu(udev->descriptor.idVendor) == 0x0a12 &&
4300 le16_to_cpu(udev->descriptor.idProduct) == 0x0001)
4301 hdev->setup = btusb_setup_csr;
4304 if (id->driver_info & BTUSB_SNIFFER) {
4305 struct usb_device *udev = data->udev;
4307 /* New sniffer firmware has crippled HCI interface */
4308 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
4309 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
4312 if (id->driver_info & BTUSB_INTEL_BOOT) {
4313 /* A bug in the bootloader causes that interrupt interface is
4314 * only enabled after receiving SetInterface(0, AltSetting=0).
4316 err = usb_set_interface(data->udev, 0, 0);
4318 BT_ERR("failed to set interface 0, alt 0 %d", err);
4324 err = usb_driver_claim_interface(&btusb_driver,
4330 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && data->diag) {
4331 if (!usb_driver_claim_interface(&btusb_driver,
4333 __set_diag_interface(hdev);
4338 if (enable_autosuspend)
4339 usb_enable_autosuspend(data->udev);
4341 err = hci_register_dev(hdev);
4345 usb_set_intfdata(intf, data);
4350 if (data->reset_gpio)
4351 gpiod_put(data->reset_gpio);
4356 static void btusb_disconnect(struct usb_interface *intf)
4358 struct btusb_data *data = usb_get_intfdata(intf);
4359 struct hci_dev *hdev;
4361 BT_DBG("intf %p", intf);
4367 usb_set_intfdata(data->intf, NULL);
4370 usb_set_intfdata(data->isoc, NULL);
4373 usb_set_intfdata(data->diag, NULL);
4375 hci_unregister_dev(hdev);
4377 if (intf == data->intf) {
4379 usb_driver_release_interface(&btusb_driver, data->isoc);
4381 usb_driver_release_interface(&btusb_driver, data->diag);
4382 } else if (intf == data->isoc) {
4384 usb_driver_release_interface(&btusb_driver, data->diag);
4385 usb_driver_release_interface(&btusb_driver, data->intf);
4386 } else if (intf == data->diag) {
4387 usb_driver_release_interface(&btusb_driver, data->intf);
4389 usb_driver_release_interface(&btusb_driver, data->isoc);
4392 if (data->oob_wake_irq)
4393 device_init_wakeup(&data->udev->dev, false);
4395 if (data->reset_gpio)
4396 gpiod_put(data->reset_gpio);
4402 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
4404 struct btusb_data *data = usb_get_intfdata(intf);
4406 BT_DBG("intf %p", intf);
4408 if (data->suspend_count++)
4411 spin_lock_irq(&data->txlock);
4412 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
4413 set_bit(BTUSB_SUSPENDING, &data->flags);
4414 spin_unlock_irq(&data->txlock);
4416 spin_unlock_irq(&data->txlock);
4417 data->suspend_count--;
4421 cancel_work_sync(&data->work);
4423 btusb_stop_traffic(data);
4424 usb_kill_anchored_urbs(&data->tx_anchor);
4426 if (data->oob_wake_irq && device_may_wakeup(&data->udev->dev)) {
4427 set_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags);
4428 enable_irq_wake(data->oob_wake_irq);
4429 enable_irq(data->oob_wake_irq);
4432 /* For global suspend, Realtek devices lose the loaded fw
4433 * in them. But for autosuspend, firmware should remain.
4434 * Actually, it depends on whether the usb host sends
4435 * set feature (enable wakeup) or not.
4437 if (test_bit(BTUSB_WAKEUP_DISABLE, &data->flags)) {
4438 if (PMSG_IS_AUTO(message) &&
4439 device_can_wakeup(&data->udev->dev))
4440 data->udev->do_remote_wakeup = 1;
4441 else if (!PMSG_IS_AUTO(message))
4442 data->udev->reset_resume = 1;
4448 static void play_deferred(struct btusb_data *data)
4453 while ((urb = usb_get_from_anchor(&data->deferred))) {
4454 usb_anchor_urb(urb, &data->tx_anchor);
4456 err = usb_submit_urb(urb, GFP_ATOMIC);
4458 if (err != -EPERM && err != -ENODEV)
4459 BT_ERR("%s urb %p submission failed (%d)",
4460 data->hdev->name, urb, -err);
4461 kfree(urb->setup_packet);
4462 usb_unanchor_urb(urb);
4467 data->tx_in_flight++;
4471 /* Cleanup the rest deferred urbs. */
4472 while ((urb = usb_get_from_anchor(&data->deferred))) {
4473 kfree(urb->setup_packet);
4478 static int btusb_resume(struct usb_interface *intf)
4480 struct btusb_data *data = usb_get_intfdata(intf);
4481 struct hci_dev *hdev = data->hdev;
4484 BT_DBG("intf %p", intf);
4486 if (--data->suspend_count)
4489 /* Disable only if not already disabled (keep it balanced) */
4490 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) {
4491 disable_irq(data->oob_wake_irq);
4492 disable_irq_wake(data->oob_wake_irq);
4495 if (!test_bit(HCI_RUNNING, &hdev->flags))
4498 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
4499 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
4501 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
4506 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
4507 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
4509 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
4513 btusb_submit_bulk_urb(hdev, GFP_NOIO);
4516 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
4517 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
4518 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
4520 btusb_submit_isoc_urb(hdev, GFP_NOIO);
4523 spin_lock_irq(&data->txlock);
4524 play_deferred(data);
4525 clear_bit(BTUSB_SUSPENDING, &data->flags);
4526 spin_unlock_irq(&data->txlock);
4527 schedule_work(&data->work);
4532 usb_scuttle_anchored_urbs(&data->deferred);
4534 spin_lock_irq(&data->txlock);
4535 clear_bit(BTUSB_SUSPENDING, &data->flags);
4536 spin_unlock_irq(&data->txlock);
4542 static struct usb_driver btusb_driver = {
4544 .probe = btusb_probe,
4545 .disconnect = btusb_disconnect,
4547 .suspend = btusb_suspend,
4548 .resume = btusb_resume,
4550 .id_table = btusb_table,
4551 .supports_autosuspend = 1,
4552 .disable_hub_initiated_lpm = 1,
4555 module_usb_driver(btusb_driver);
4557 module_param(disable_scofix, bool, 0644);
4558 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
4560 module_param(force_scofix, bool, 0644);
4561 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
4563 module_param(enable_autosuspend, bool, 0644);
4564 MODULE_PARM_DESC(enable_autosuspend, "Enable USB autosuspend by default");
4566 module_param(reset, bool, 0644);
4567 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
4569 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4570 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
4571 MODULE_VERSION(VERSION);
4572 MODULE_LICENSE("GPL");
projects / releases.git / blob