[Bluetooth] Correct SCO buffer for another Broadcom based dongle
[linux-drm-fsl-dcu.git] / drivers / bluetooth / hci_usb.c
1 /* 
2    HCI USB driver for Linux Bluetooth protocol stack (BlueZ)
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
5
6    Copyright (C) 2003 Maxim Krasnyansky <maxk@qualcomm.com>
7
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License version 2 as
10    published by the Free Software Foundation;
11
12    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
17    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
18    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
19    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
21    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
22    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
23    SOFTWARE IS DISCLAIMED.
24 */
25
26 /*
27  * Bluetooth HCI USB driver.
28  * Based on original USB Bluetooth driver for Linux kernel
29  *    Copyright (c) 2000 Greg Kroah-Hartman        <greg@kroah.com>
30  *    Copyright (c) 2000 Mark Douglas Corner       <mcorner@umich.edu>
31  *
32  */
33
34 #include <linux/module.h>
35
36 #include <linux/kernel.h>
37 #include <linux/init.h>
38 #include <linux/unistd.h>
39 #include <linux/types.h>
40 #include <linux/interrupt.h>
41 #include <linux/moduleparam.h>
42
43 #include <linux/slab.h>
44 #include <linux/errno.h>
45 #include <linux/string.h>
46 #include <linux/skbuff.h>
47
48 #include <linux/usb.h>
49
50 #include <net/bluetooth/bluetooth.h>
51 #include <net/bluetooth/hci_core.h>
52
53 #include "hci_usb.h"
54
55 #ifndef CONFIG_BT_HCIUSB_DEBUG
56 #undef  BT_DBG
57 #define BT_DBG(D...)
58 #endif
59
60 #ifndef CONFIG_BT_HCIUSB_ZERO_PACKET
61 #undef  URB_ZERO_PACKET
62 #define URB_ZERO_PACKET 0
63 #endif
64
65 static int ignore = 0;
66 static int ignore_dga = 0;
67 static int ignore_csr = 0;
68 static int ignore_sniffer = 0;
69 static int disable_scofix = 0;
70 static int force_scofix = 0;
71 static int reset = 0;
72
73 #ifdef CONFIG_BT_HCIUSB_SCO
74 static int isoc = 2;
75 #endif
76
77 #define VERSION "2.9"
78
79 static struct usb_driver hci_usb_driver; 
80
81 static struct usb_device_id bluetooth_ids[] = {
82         /* Generic Bluetooth USB device */
83         { USB_DEVICE_INFO(HCI_DEV_CLASS, HCI_DEV_SUBCLASS, HCI_DEV_PROTOCOL) },
84
85         /* AVM BlueFRITZ! USB v2.0 */
86         { USB_DEVICE(0x057c, 0x3800) },
87
88         /* Bluetooth Ultraport Module from IBM */
89         { USB_DEVICE(0x04bf, 0x030a) },
90
91         /* ALPS Modules with non-standard id */
92         { USB_DEVICE(0x044e, 0x3001) },
93         { USB_DEVICE(0x044e, 0x3002) },
94
95         /* Ericsson with non-standard id */
96         { USB_DEVICE(0x0bdb, 0x1002) },
97
98         /* Canyon CN-BTU1 with HID interfaces */
99         { USB_DEVICE(0x0c10, 0x0000), .driver_info = HCI_RESET },
100
101         { }     /* Terminating entry */
102 };
103
104 MODULE_DEVICE_TABLE (usb, bluetooth_ids);
105
106 static struct usb_device_id blacklist_ids[] = {
107         /* CSR BlueCore devices */
108         { USB_DEVICE(0x0a12, 0x0001), .driver_info = HCI_CSR },
109
110         /* Broadcom BCM2033 without firmware */
111         { USB_DEVICE(0x0a5c, 0x2033), .driver_info = HCI_IGNORE },
112
113         /* Broadcom BCM2035 */
114         { USB_DEVICE(0x0a5c, 0x200a), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU },
115         { USB_DEVICE(0x0a5c, 0x2009), .driver_info = HCI_BCM92035 },
116
117         /* Broadcom BCM2045 */
118         { USB_DEVICE(0x0a5c, 0x2101), .driver_info = HCI_WRONG_SCO_MTU },
119
120         /* IBM/Lenovo ThinkPad with Broadcom chip */
121         { USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_WRONG_SCO_MTU },
122         { USB_DEVICE(0x0a5c, 0x2110), .driver_info = HCI_WRONG_SCO_MTU },
123
124         /* Targus ACB10US */
125         { USB_DEVICE(0x0a5c, 0x2100), .driver_info = HCI_RESET },
126
127         /* ANYCOM Bluetooth USB-200 and USB-250 */
128         { USB_DEVICE(0x0a5c, 0x2111), .driver_info = HCI_RESET },
129
130         /* HP laptop with Broadcom chip */
131         { USB_DEVICE(0x03f0, 0x171d), .driver_info = HCI_WRONG_SCO_MTU },
132
133         /* Dell laptop with Broadcom chip */
134         { USB_DEVICE(0x413c, 0x8126), .driver_info = HCI_WRONG_SCO_MTU },
135
136         /* Microsoft Wireless Transceiver for Bluetooth 2.0 */
137         { USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET },
138
139         /* Kensington Bluetooth USB adapter */
140         { USB_DEVICE(0x047d, 0x105d), .driver_info = HCI_RESET },
141         { USB_DEVICE(0x047d, 0x105e), .driver_info = HCI_WRONG_SCO_MTU },
142
143         /* ISSC Bluetooth Adapter v3.1 */
144         { USB_DEVICE(0x1131, 0x1001), .driver_info = HCI_RESET },
145
146         /* RTX Telecom based adapters with buggy SCO support */
147         { USB_DEVICE(0x0400, 0x0807), .driver_info = HCI_BROKEN_ISOC },
148         { USB_DEVICE(0x0400, 0x080a), .driver_info = HCI_BROKEN_ISOC },
149
150         /* Belkin F8T012 and F8T013 devices */
151         { USB_DEVICE(0x050d, 0x0012), .driver_info = HCI_WRONG_SCO_MTU },
152         { USB_DEVICE(0x050d, 0x0013), .driver_info = HCI_WRONG_SCO_MTU },
153
154         /* Digianswer devices */
155         { USB_DEVICE(0x08fd, 0x0001), .driver_info = HCI_DIGIANSWER },
156         { USB_DEVICE(0x08fd, 0x0002), .driver_info = HCI_IGNORE },
157
158         /* CSR BlueCore Bluetooth Sniffer */
159         { USB_DEVICE(0x0a12, 0x0002), .driver_info = HCI_SNIFFER },
160
161         /* Frontline ComProbe Bluetooth Sniffer */
162         { USB_DEVICE(0x16d3, 0x0002), .driver_info = HCI_SNIFFER },
163
164         { }     /* Terminating entry */
165 };
166
167 static struct _urb *_urb_alloc(int isoc, gfp_t gfp)
168 {
169         struct _urb *_urb = kmalloc(sizeof(struct _urb) +
170                                 sizeof(struct usb_iso_packet_descriptor) * isoc, gfp);
171         if (_urb) {
172                 memset(_urb, 0, sizeof(*_urb));
173                 usb_init_urb(&_urb->urb);
174         }
175         return _urb;
176 }
177
178 static struct _urb *_urb_dequeue(struct _urb_queue *q)
179 {
180         struct _urb *_urb = NULL;
181         unsigned long flags;
182         spin_lock_irqsave(&q->lock, flags);
183         {
184                 struct list_head *head = &q->head;
185                 struct list_head *next = head->next;
186                 if (next != head) {
187                         _urb = list_entry(next, struct _urb, list);
188                         list_del(next); _urb->queue = NULL;
189                 }
190         }
191         spin_unlock_irqrestore(&q->lock, flags);
192         return _urb;
193 }
194
195 static void hci_usb_rx_complete(struct urb *urb);
196 static void hci_usb_tx_complete(struct urb *urb);
197
198 #define __pending_tx(husb, type)  (&husb->pending_tx[type-1])
199 #define __pending_q(husb, type)   (&husb->pending_q[type-1])
200 #define __completed_q(husb, type) (&husb->completed_q[type-1])
201 #define __transmit_q(husb, type)  (&husb->transmit_q[type-1])
202 #define __reassembly(husb, type)  (husb->reassembly[type-1])
203
204 static inline struct _urb *__get_completed(struct hci_usb *husb, int type)
205 {
206         return _urb_dequeue(__completed_q(husb, type)); 
207 }
208
209 #ifdef CONFIG_BT_HCIUSB_SCO
210 static void __fill_isoc_desc(struct urb *urb, int len, int mtu)
211 {
212         int offset = 0, i;
213
214         BT_DBG("len %d mtu %d", len, mtu);
215
216         for (i=0; i < HCI_MAX_ISOC_FRAMES && len >= mtu; i++, offset += mtu, len -= mtu) {
217                 urb->iso_frame_desc[i].offset = offset;
218                 urb->iso_frame_desc[i].length = mtu;
219                 BT_DBG("desc %d offset %d len %d", i, offset, mtu);
220         }
221         if (len && i < HCI_MAX_ISOC_FRAMES) {
222                 urb->iso_frame_desc[i].offset = offset;
223                 urb->iso_frame_desc[i].length = len;
224                 BT_DBG("desc %d offset %d len %d", i, offset, len);
225                 i++;
226         }
227         urb->number_of_packets = i;
228 }
229 #endif
230
231 static int hci_usb_intr_rx_submit(struct hci_usb *husb)
232 {
233         struct _urb *_urb;
234         struct urb *urb;
235         int err, pipe, interval, size;
236         void *buf;
237
238         BT_DBG("%s", husb->hdev->name);
239
240         size = le16_to_cpu(husb->intr_in_ep->desc.wMaxPacketSize);
241
242         buf = kmalloc(size, GFP_ATOMIC);
243         if (!buf)
244                 return -ENOMEM;
245
246         _urb = _urb_alloc(0, GFP_ATOMIC);
247         if (!_urb) {
248                 kfree(buf);
249                 return -ENOMEM;
250         }
251         _urb->type = HCI_EVENT_PKT;
252         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
253
254         urb = &_urb->urb;
255         pipe     = usb_rcvintpipe(husb->udev, husb->intr_in_ep->desc.bEndpointAddress);
256         interval = husb->intr_in_ep->desc.bInterval;
257         usb_fill_int_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb, interval);
258         
259         err = usb_submit_urb(urb, GFP_ATOMIC);
260         if (err) {
261                 BT_ERR("%s intr rx submit failed urb %p err %d",
262                                 husb->hdev->name, urb, err);
263                 _urb_unlink(_urb);
264                 _urb_free(_urb);
265                 kfree(buf);
266         }
267         return err;
268 }
269
270 static int hci_usb_bulk_rx_submit(struct hci_usb *husb)
271 {
272         struct _urb *_urb;
273         struct urb *urb;
274         int err, pipe, size = HCI_MAX_FRAME_SIZE;
275         void *buf;
276
277         buf = kmalloc(size, GFP_ATOMIC);
278         if (!buf)
279                 return -ENOMEM;
280
281         _urb = _urb_alloc(0, GFP_ATOMIC);
282         if (!_urb) {
283                 kfree(buf);
284                 return -ENOMEM;
285         }
286         _urb->type = HCI_ACLDATA_PKT;
287         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
288
289         urb  = &_urb->urb;
290         pipe = usb_rcvbulkpipe(husb->udev, husb->bulk_in_ep->desc.bEndpointAddress);
291         usb_fill_bulk_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb);
292         urb->transfer_flags = 0;
293
294         BT_DBG("%s urb %p", husb->hdev->name, urb);
295
296         err = usb_submit_urb(urb, GFP_ATOMIC);
297         if (err) {
298                 BT_ERR("%s bulk rx submit failed urb %p err %d",
299                                 husb->hdev->name, urb, err);
300                 _urb_unlink(_urb);
301                 _urb_free(_urb);
302                 kfree(buf);
303         }
304         return err;
305 }
306
307 #ifdef CONFIG_BT_HCIUSB_SCO
308 static int hci_usb_isoc_rx_submit(struct hci_usb *husb)
309 {
310         struct _urb *_urb;
311         struct urb *urb;
312         int err, mtu, size;
313         void *buf;
314
315         mtu  = le16_to_cpu(husb->isoc_in_ep->desc.wMaxPacketSize);
316         size = mtu * HCI_MAX_ISOC_FRAMES;
317
318         buf = kmalloc(size, GFP_ATOMIC);
319         if (!buf)
320                 return -ENOMEM;
321
322         _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
323         if (!_urb) {
324                 kfree(buf);
325                 return -ENOMEM;
326         }
327         _urb->type = HCI_SCODATA_PKT;
328         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
329
330         urb = &_urb->urb;
331
332         urb->context  = husb;
333         urb->dev      = husb->udev;
334         urb->pipe     = usb_rcvisocpipe(husb->udev, husb->isoc_in_ep->desc.bEndpointAddress);
335         urb->complete = hci_usb_rx_complete;
336
337         urb->interval = husb->isoc_in_ep->desc.bInterval;
338
339         urb->transfer_buffer_length = size;
340         urb->transfer_buffer = buf;
341         urb->transfer_flags  = URB_ISO_ASAP;
342
343         __fill_isoc_desc(urb, size, mtu);
344
345         BT_DBG("%s urb %p", husb->hdev->name, urb);
346
347         err = usb_submit_urb(urb, GFP_ATOMIC);
348         if (err) {
349                 BT_ERR("%s isoc rx submit failed urb %p err %d",
350                                 husb->hdev->name, urb, err);
351                 _urb_unlink(_urb);
352                 _urb_free(_urb);
353                 kfree(buf);
354         }
355         return err;
356 }
357 #endif
358
359 /* Initialize device */
360 static int hci_usb_open(struct hci_dev *hdev)
361 {
362         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
363         int i, err;
364         unsigned long flags;
365
366         BT_DBG("%s", hdev->name);
367
368         if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
369                 return 0;
370
371         write_lock_irqsave(&husb->completion_lock, flags);
372
373         err = hci_usb_intr_rx_submit(husb);
374         if (!err) {
375                 for (i = 0; i < HCI_MAX_BULK_RX; i++)
376                         hci_usb_bulk_rx_submit(husb);
377
378 #ifdef CONFIG_BT_HCIUSB_SCO
379                 if (husb->isoc_iface)
380                         for (i = 0; i < HCI_MAX_ISOC_RX; i++)
381                                 hci_usb_isoc_rx_submit(husb);
382 #endif
383         } else {
384                 clear_bit(HCI_RUNNING, &hdev->flags);
385         }
386
387         write_unlock_irqrestore(&husb->completion_lock, flags);
388         return err;
389 }
390
391 /* Reset device */
392 static int hci_usb_flush(struct hci_dev *hdev)
393 {
394         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
395         int i;
396
397         BT_DBG("%s", hdev->name);
398
399         for (i = 0; i < 4; i++)
400                 skb_queue_purge(&husb->transmit_q[i]);
401         return 0;
402 }
403
404 static void hci_usb_unlink_urbs(struct hci_usb *husb)
405 {
406         int i;
407
408         BT_DBG("%s", husb->hdev->name);
409
410         for (i = 0; i < 4; i++) {
411                 struct _urb *_urb;
412                 struct urb *urb;
413
414                 /* Kill pending requests */
415                 while ((_urb = _urb_dequeue(&husb->pending_q[i]))) {
416                         urb = &_urb->urb;
417                         BT_DBG("%s unlinking _urb %p type %d urb %p", 
418                                         husb->hdev->name, _urb, _urb->type, urb);
419                         usb_kill_urb(urb);
420                         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
421                 }
422
423                 /* Release completed requests */
424                 while ((_urb = _urb_dequeue(&husb->completed_q[i]))) {
425                         urb = &_urb->urb;
426                         BT_DBG("%s freeing _urb %p type %d urb %p",
427                                         husb->hdev->name, _urb, _urb->type, urb);
428                         kfree(urb->setup_packet);
429                         kfree(urb->transfer_buffer);
430                         _urb_free(_urb);
431                 }
432
433                 /* Release reassembly buffers */
434                 if (husb->reassembly[i]) {
435                         kfree_skb(husb->reassembly[i]);
436                         husb->reassembly[i] = NULL;
437                 }
438         }
439 }
440
441 /* Close device */
442 static int hci_usb_close(struct hci_dev *hdev)
443 {
444         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
445         unsigned long flags;
446
447         if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
448                 return 0;
449
450         BT_DBG("%s", hdev->name);
451
452         /* Synchronize with completion handlers */
453         write_lock_irqsave(&husb->completion_lock, flags);
454         write_unlock_irqrestore(&husb->completion_lock, flags);
455
456         hci_usb_unlink_urbs(husb);
457         hci_usb_flush(hdev);
458         return 0;
459 }
460
461 static int __tx_submit(struct hci_usb *husb, struct _urb *_urb)
462 {
463         struct urb *urb = &_urb->urb;
464         int err;
465
466         BT_DBG("%s urb %p type %d", husb->hdev->name, urb, _urb->type);
467
468         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
469         err = usb_submit_urb(urb, GFP_ATOMIC);
470         if (err) {
471                 BT_ERR("%s tx submit failed urb %p type %d err %d",
472                                 husb->hdev->name, urb, _urb->type, err);
473                 _urb_unlink(_urb);
474                 _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
475         } else
476                 atomic_inc(__pending_tx(husb, _urb->type));
477
478         return err;
479 }
480
481 static inline int hci_usb_send_ctrl(struct hci_usb *husb, struct sk_buff *skb)
482 {
483         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
484         struct usb_ctrlrequest *dr;
485         struct urb *urb;
486
487         if (!_urb) {
488                 _urb = _urb_alloc(0, GFP_ATOMIC);
489                 if (!_urb)
490                         return -ENOMEM;
491                 _urb->type = bt_cb(skb)->pkt_type;
492
493                 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
494                 if (!dr) {
495                         _urb_free(_urb);
496                         return -ENOMEM;
497                 }
498         } else
499                 dr = (void *) _urb->urb.setup_packet;
500
501         dr->bRequestType = husb->ctrl_req;
502         dr->bRequest = 0;
503         dr->wIndex   = 0;
504         dr->wValue   = 0;
505         dr->wLength  = __cpu_to_le16(skb->len);
506
507         urb = &_urb->urb;
508         usb_fill_control_urb(urb, husb->udev, usb_sndctrlpipe(husb->udev, 0),
509                 (void *) dr, skb->data, skb->len, hci_usb_tx_complete, husb);
510
511         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
512         
513         _urb->priv = skb;
514         return __tx_submit(husb, _urb);
515 }
516
517 static inline int hci_usb_send_bulk(struct hci_usb *husb, struct sk_buff *skb)
518 {
519         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
520         struct urb *urb;
521         int pipe;
522
523         if (!_urb) {
524                 _urb = _urb_alloc(0, GFP_ATOMIC);
525                 if (!_urb)
526                         return -ENOMEM;
527                 _urb->type = bt_cb(skb)->pkt_type;
528         }
529
530         urb  = &_urb->urb;
531         pipe = usb_sndbulkpipe(husb->udev, husb->bulk_out_ep->desc.bEndpointAddress);
532         usb_fill_bulk_urb(urb, husb->udev, pipe, skb->data, skb->len, 
533                         hci_usb_tx_complete, husb);
534         urb->transfer_flags = URB_ZERO_PACKET;
535
536         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
537
538         _urb->priv = skb;
539         return __tx_submit(husb, _urb);
540 }
541
542 #ifdef CONFIG_BT_HCIUSB_SCO
543 static inline int hci_usb_send_isoc(struct hci_usb *husb, struct sk_buff *skb)
544 {
545         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
546         struct urb *urb;
547
548         if (!_urb) {
549                 _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
550                 if (!_urb)
551                         return -ENOMEM;
552                 _urb->type = bt_cb(skb)->pkt_type;
553         }
554
555         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
556
557         urb = &_urb->urb;
558
559         urb->context  = husb;
560         urb->dev      = husb->udev;
561         urb->pipe     = usb_sndisocpipe(husb->udev, husb->isoc_out_ep->desc.bEndpointAddress);
562         urb->complete = hci_usb_tx_complete;
563         urb->transfer_flags = URB_ISO_ASAP;
564
565         urb->interval = husb->isoc_out_ep->desc.bInterval;
566
567         urb->transfer_buffer = skb->data;
568         urb->transfer_buffer_length = skb->len;
569
570         __fill_isoc_desc(urb, skb->len, le16_to_cpu(husb->isoc_out_ep->desc.wMaxPacketSize));
571
572         _urb->priv = skb;
573         return __tx_submit(husb, _urb);
574 }
575 #endif
576
577 static void hci_usb_tx_process(struct hci_usb *husb)
578 {
579         struct sk_buff_head *q;
580         struct sk_buff *skb;
581
582         BT_DBG("%s", husb->hdev->name);
583
584         do {
585                 clear_bit(HCI_USB_TX_WAKEUP, &husb->state);
586
587                 /* Process command queue */
588                 q = __transmit_q(husb, HCI_COMMAND_PKT);
589                 if (!atomic_read(__pending_tx(husb, HCI_COMMAND_PKT)) &&
590                                 (skb = skb_dequeue(q))) {
591                         if (hci_usb_send_ctrl(husb, skb) < 0)
592                                 skb_queue_head(q, skb);
593                 }
594
595 #ifdef CONFIG_BT_HCIUSB_SCO
596                 /* Process SCO queue */
597                 q = __transmit_q(husb, HCI_SCODATA_PKT);
598                 if (atomic_read(__pending_tx(husb, HCI_SCODATA_PKT)) < HCI_MAX_ISOC_TX &&
599                                 (skb = skb_dequeue(q))) {
600                         if (hci_usb_send_isoc(husb, skb) < 0)
601                                 skb_queue_head(q, skb);
602                 }
603 #endif
604
605                 /* Process ACL queue */
606                 q = __transmit_q(husb, HCI_ACLDATA_PKT);
607                 while (atomic_read(__pending_tx(husb, HCI_ACLDATA_PKT)) < HCI_MAX_BULK_TX &&
608                                 (skb = skb_dequeue(q))) {
609                         if (hci_usb_send_bulk(husb, skb) < 0) {
610                                 skb_queue_head(q, skb);
611                                 break;
612                         }
613                 }
614         } while(test_bit(HCI_USB_TX_WAKEUP, &husb->state));
615 }
616
617 static inline void hci_usb_tx_wakeup(struct hci_usb *husb)
618 {
619         /* Serialize TX queue processing to avoid data reordering */
620         if (!test_and_set_bit(HCI_USB_TX_PROCESS, &husb->state)) {
621                 hci_usb_tx_process(husb);
622                 clear_bit(HCI_USB_TX_PROCESS, &husb->state);
623         } else
624                 set_bit(HCI_USB_TX_WAKEUP, &husb->state);
625 }
626
627 /* Send frames from HCI layer */
628 static int hci_usb_send_frame(struct sk_buff *skb)
629 {
630         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
631         struct hci_usb *husb;
632
633         if (!hdev) {
634                 BT_ERR("frame for uknown device (hdev=NULL)");
635                 return -ENODEV;
636         }
637
638         if (!test_bit(HCI_RUNNING, &hdev->flags))
639                 return -EBUSY;
640
641         BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
642
643         husb = (struct hci_usb *) hdev->driver_data;
644
645         switch (bt_cb(skb)->pkt_type) {
646         case HCI_COMMAND_PKT:
647                 hdev->stat.cmd_tx++;
648                 break;
649
650         case HCI_ACLDATA_PKT:
651                 hdev->stat.acl_tx++;
652                 break;
653
654 #ifdef CONFIG_BT_HCIUSB_SCO
655         case HCI_SCODATA_PKT:
656                 hdev->stat.sco_tx++;
657                 break;
658 #endif
659
660         default:
661                 kfree_skb(skb);
662                 return 0;
663         }
664
665         read_lock(&husb->completion_lock);
666
667         skb_queue_tail(__transmit_q(husb, bt_cb(skb)->pkt_type), skb);
668         hci_usb_tx_wakeup(husb);
669
670         read_unlock(&husb->completion_lock);
671         return 0;
672 }
673
674 static inline int __recv_frame(struct hci_usb *husb, int type, void *data, int count)
675 {
676         BT_DBG("%s type %d data %p count %d", husb->hdev->name, type, data, count);
677
678         husb->hdev->stat.byte_rx += count;
679
680         while (count) {
681                 struct sk_buff *skb = __reassembly(husb, type);
682                 struct { int expect; } *scb;
683                 int len = 0;
684         
685                 if (!skb) {
686                         /* Start of the frame */
687
688                         switch (type) {
689                         case HCI_EVENT_PKT:
690                                 if (count >= HCI_EVENT_HDR_SIZE) {
691                                         struct hci_event_hdr *h = data;
692                                         len = HCI_EVENT_HDR_SIZE + h->plen;
693                                 } else
694                                         return -EILSEQ;
695                                 break;
696
697                         case HCI_ACLDATA_PKT:
698                                 if (count >= HCI_ACL_HDR_SIZE) {
699                                         struct hci_acl_hdr *h = data;
700                                         len = HCI_ACL_HDR_SIZE + __le16_to_cpu(h->dlen);
701                                 } else
702                                         return -EILSEQ;
703                                 break;
704 #ifdef CONFIG_BT_HCIUSB_SCO
705                         case HCI_SCODATA_PKT:
706                                 if (count >= HCI_SCO_HDR_SIZE) {
707                                         struct hci_sco_hdr *h = data;
708                                         len = HCI_SCO_HDR_SIZE + h->dlen;
709                                 } else
710                                         return -EILSEQ;
711                                 break;
712 #endif
713                         }
714                         BT_DBG("new packet len %d", len);
715
716                         skb = bt_skb_alloc(len, GFP_ATOMIC);
717                         if (!skb) {
718                                 BT_ERR("%s no memory for the packet", husb->hdev->name);
719                                 return -ENOMEM;
720                         }
721                         skb->dev = (void *) husb->hdev;
722                         bt_cb(skb)->pkt_type = type;
723         
724                         __reassembly(husb, type) = skb;
725
726                         scb = (void *) skb->cb;
727                         scb->expect = len;
728                 } else {
729                         /* Continuation */
730                         scb = (void *) skb->cb;
731                         len = scb->expect;
732                 }
733
734                 len = min(len, count);
735                 
736                 memcpy(skb_put(skb, len), data, len);
737
738                 scb->expect -= len;
739                 if (!scb->expect) {
740                         /* Complete frame */
741                         __reassembly(husb, type) = NULL;
742                         bt_cb(skb)->pkt_type = type;
743                         hci_recv_frame(skb);
744                 }
745
746                 count -= len; data += len;
747         }
748         return 0;
749 }
750
751 static void hci_usb_rx_complete(struct urb *urb)
752 {
753         struct _urb *_urb = container_of(urb, struct _urb, urb);
754         struct hci_usb *husb = (void *) urb->context;
755         struct hci_dev *hdev = husb->hdev;
756         int err, count = urb->actual_length;
757
758         BT_DBG("%s urb %p type %d status %d count %d flags %x", hdev->name, urb,
759                         _urb->type, urb->status, count, urb->transfer_flags);
760
761         read_lock(&husb->completion_lock);
762
763         if (!test_bit(HCI_RUNNING, &hdev->flags))
764                 goto unlock;
765
766         if (urb->status || !count)
767                 goto resubmit;
768
769         if (_urb->type == HCI_SCODATA_PKT) {
770 #ifdef CONFIG_BT_HCIUSB_SCO
771                 int i;
772                 for (i=0; i < urb->number_of_packets; i++) {
773                         BT_DBG("desc %d status %d offset %d len %d", i,
774                                         urb->iso_frame_desc[i].status,
775                                         urb->iso_frame_desc[i].offset,
776                                         urb->iso_frame_desc[i].actual_length);
777         
778                         if (!urb->iso_frame_desc[i].status)
779                                 __recv_frame(husb, _urb->type, 
780                                         urb->transfer_buffer + urb->iso_frame_desc[i].offset,
781                                         urb->iso_frame_desc[i].actual_length);
782                 }
783 #else
784                 ;
785 #endif
786         } else {
787                 err = __recv_frame(husb, _urb->type, urb->transfer_buffer, count);
788                 if (err < 0) { 
789                         BT_ERR("%s corrupted packet: type %d count %d",
790                                         husb->hdev->name, _urb->type, count);
791                         hdev->stat.err_rx++;
792                 }
793         }
794
795 resubmit:
796         urb->dev = husb->udev;
797         err = usb_submit_urb(urb, GFP_ATOMIC);
798         BT_DBG("%s urb %p type %d resubmit status %d", hdev->name, urb,
799                         _urb->type, err);
800
801 unlock:
802         read_unlock(&husb->completion_lock);
803 }
804
805 static void hci_usb_tx_complete(struct urb *urb)
806 {
807         struct _urb *_urb = container_of(urb, struct _urb, urb);
808         struct hci_usb *husb = (void *) urb->context;
809         struct hci_dev *hdev = husb->hdev;
810
811         BT_DBG("%s urb %p status %d flags %x", hdev->name, urb,
812                         urb->status, urb->transfer_flags);
813
814         atomic_dec(__pending_tx(husb, _urb->type));
815
816         urb->transfer_buffer = NULL;
817         kfree_skb((struct sk_buff *) _urb->priv);
818
819         if (!test_bit(HCI_RUNNING, &hdev->flags))
820                 return;
821
822         if (!urb->status)
823                 hdev->stat.byte_tx += urb->transfer_buffer_length;
824         else
825                 hdev->stat.err_tx++;
826
827         read_lock(&husb->completion_lock);
828
829         _urb_unlink(_urb);
830         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
831
832         hci_usb_tx_wakeup(husb);
833
834         read_unlock(&husb->completion_lock);
835 }
836
837 static void hci_usb_destruct(struct hci_dev *hdev)
838 {
839         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
840
841         BT_DBG("%s", hdev->name);
842
843         kfree(husb);
844 }
845
846 static void hci_usb_notify(struct hci_dev *hdev, unsigned int evt)
847 {
848         BT_DBG("%s evt %d", hdev->name, evt);
849 }
850
851 static int hci_usb_probe(struct usb_interface *intf, const struct usb_device_id *id)
852 {
853         struct usb_device *udev = interface_to_usbdev(intf);
854         struct usb_host_endpoint *bulk_out_ep = NULL;
855         struct usb_host_endpoint *bulk_in_ep = NULL;
856         struct usb_host_endpoint *intr_in_ep = NULL;
857         struct usb_host_endpoint  *ep;
858         struct usb_host_interface *uif;
859         struct usb_interface *isoc_iface;
860         struct hci_usb *husb;
861         struct hci_dev *hdev;
862         int i, e, size, isoc_ifnum, isoc_alts;
863
864         BT_DBG("udev %p intf %p", udev, intf);
865
866         if (!id->driver_info) {
867                 const struct usb_device_id *match;
868                 match = usb_match_id(intf, blacklist_ids);
869                 if (match)
870                         id = match;
871         }
872
873         if (ignore || id->driver_info & HCI_IGNORE)
874                 return -ENODEV;
875
876         if (ignore_dga && id->driver_info & HCI_DIGIANSWER)
877                 return -ENODEV;
878
879         if (ignore_csr && id->driver_info & HCI_CSR)
880                 return -ENODEV;
881
882         if (ignore_sniffer && id->driver_info & HCI_SNIFFER)
883                 return -ENODEV;
884
885         if (intf->cur_altsetting->desc.bInterfaceNumber > 0)
886                 return -ENODEV;
887
888         /* Find endpoints that we need */
889         uif = intf->cur_altsetting;
890         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
891                 ep = &uif->endpoint[e];
892
893                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
894                 case USB_ENDPOINT_XFER_INT:
895                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
896                                 intr_in_ep = ep;
897                         break;
898
899                 case USB_ENDPOINT_XFER_BULK:
900                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
901                                 bulk_in_ep  = ep;
902                         else
903                                 bulk_out_ep = ep;
904                         break;
905                 }
906         }
907
908         if (!bulk_in_ep || !bulk_out_ep || !intr_in_ep) {
909                 BT_DBG("Bulk endpoints not found");
910                 goto done;
911         }
912
913         if (!(husb = kzalloc(sizeof(struct hci_usb), GFP_KERNEL))) {
914                 BT_ERR("Can't allocate: control structure");
915                 goto done;
916         }
917
918         husb->udev = udev;
919         husb->bulk_out_ep = bulk_out_ep;
920         husb->bulk_in_ep  = bulk_in_ep;
921         husb->intr_in_ep  = intr_in_ep;
922
923         if (id->driver_info & HCI_DIGIANSWER)
924                 husb->ctrl_req = USB_TYPE_VENDOR;
925         else
926                 husb->ctrl_req = USB_TYPE_CLASS;
927
928         /* Find isochronous endpoints that we can use */
929         size = 0; 
930         isoc_iface = NULL;
931         isoc_alts  = 0;
932         isoc_ifnum = 1;
933
934 #ifdef CONFIG_BT_HCIUSB_SCO
935         if (isoc && !(id->driver_info & (HCI_BROKEN_ISOC | HCI_SNIFFER)))
936                 isoc_iface = usb_ifnum_to_if(udev, isoc_ifnum);
937
938         if (isoc_iface) {
939                 int a;
940                 struct usb_host_endpoint *isoc_out_ep = NULL;
941                 struct usb_host_endpoint *isoc_in_ep = NULL;
942
943                 for (a = 0; a < isoc_iface->num_altsetting; a++) {
944                         uif = &isoc_iface->altsetting[a];
945                         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
946                                 ep = &uif->endpoint[e];
947
948                                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
949                                 case USB_ENDPOINT_XFER_ISOC:
950                                         if (le16_to_cpu(ep->desc.wMaxPacketSize) < size ||
951                                                         uif->desc.bAlternateSetting != isoc)
952                                                 break;
953                                         size = le16_to_cpu(ep->desc.wMaxPacketSize);
954
955                                         isoc_alts = uif->desc.bAlternateSetting;
956
957                                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
958                                                 isoc_in_ep  = ep;
959                                         else
960                                                 isoc_out_ep = ep;
961                                         break;
962                                 }
963                         }
964                 }
965
966                 if (!isoc_in_ep || !isoc_out_ep)
967                         BT_DBG("Isoc endpoints not found");
968                 else {
969                         BT_DBG("isoc ifnum %d alts %d", isoc_ifnum, isoc_alts);
970                         if (usb_driver_claim_interface(&hci_usb_driver, isoc_iface, husb) != 0)
971                                 BT_ERR("Can't claim isoc interface");
972                         else if (usb_set_interface(udev, isoc_ifnum, isoc_alts)) {
973                                 BT_ERR("Can't set isoc interface settings");
974                                 husb->isoc_iface = isoc_iface;
975                                 usb_driver_release_interface(&hci_usb_driver, isoc_iface);
976                                 husb->isoc_iface = NULL;
977                         } else {
978                                 husb->isoc_iface  = isoc_iface;
979                                 husb->isoc_in_ep  = isoc_in_ep;
980                                 husb->isoc_out_ep = isoc_out_ep;
981                         }
982                 }
983         }
984 #endif
985
986         rwlock_init(&husb->completion_lock);
987
988         for (i = 0; i < 4; i++) {
989                 skb_queue_head_init(&husb->transmit_q[i]);
990                 _urb_queue_init(&husb->pending_q[i]);
991                 _urb_queue_init(&husb->completed_q[i]);
992         }
993
994         /* Initialize and register HCI device */
995         hdev = hci_alloc_dev();
996         if (!hdev) {
997                 BT_ERR("Can't allocate HCI device");
998                 goto probe_error;
999         }
1000
1001         husb->hdev = hdev;
1002
1003         hdev->type = HCI_USB;
1004         hdev->driver_data = husb;
1005         SET_HCIDEV_DEV(hdev, &intf->dev);
1006
1007         hdev->open     = hci_usb_open;
1008         hdev->close    = hci_usb_close;
1009         hdev->flush    = hci_usb_flush;
1010         hdev->send     = hci_usb_send_frame;
1011         hdev->destruct = hci_usb_destruct;
1012         hdev->notify   = hci_usb_notify;
1013
1014         hdev->owner = THIS_MODULE;
1015
1016         if (reset || id->driver_info & HCI_RESET)
1017                 set_bit(HCI_QUIRK_RESET_ON_INIT, &hdev->quirks);
1018
1019         if (force_scofix || id->driver_info & HCI_WRONG_SCO_MTU) {
1020                 if (!disable_scofix)
1021                         set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1022         }
1023
1024         if (id->driver_info & HCI_SNIFFER) {
1025                 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1026                         set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1027         }
1028
1029         if (id->driver_info & HCI_BCM92035) {
1030                 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1031                 struct sk_buff *skb;
1032
1033                 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1034                 if (skb) {
1035                         memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1036                         skb_queue_tail(&hdev->driver_init, skb);
1037                 }
1038         }
1039
1040         if (hci_register_dev(hdev) < 0) {
1041                 BT_ERR("Can't register HCI device");
1042                 hci_free_dev(hdev);
1043                 goto probe_error;
1044         }
1045
1046         usb_set_intfdata(intf, husb);
1047         return 0;
1048
1049 probe_error:
1050         if (husb->isoc_iface)
1051                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1052         kfree(husb);
1053
1054 done:
1055         return -EIO;
1056 }
1057
1058 static void hci_usb_disconnect(struct usb_interface *intf)
1059 {
1060         struct hci_usb *husb = usb_get_intfdata(intf);
1061         struct hci_dev *hdev;
1062
1063         if (!husb || intf == husb->isoc_iface)
1064                 return;
1065
1066         usb_set_intfdata(intf, NULL);
1067         hdev = husb->hdev;
1068
1069         BT_DBG("%s", hdev->name);
1070
1071         hci_usb_close(hdev);
1072
1073         if (husb->isoc_iface)
1074                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1075
1076         if (hci_unregister_dev(hdev) < 0)
1077                 BT_ERR("Can't unregister HCI device %s", hdev->name);
1078
1079         hci_free_dev(hdev);
1080 }
1081
1082 static int hci_usb_suspend(struct usb_interface *intf, pm_message_t message)
1083 {
1084         struct hci_usb *husb = usb_get_intfdata(intf);
1085         struct list_head killed;
1086         unsigned long flags;
1087         int i;
1088
1089         if (!husb || intf == husb->isoc_iface)
1090                 return 0;
1091
1092         hci_suspend_dev(husb->hdev);
1093
1094         INIT_LIST_HEAD(&killed);
1095
1096         for (i = 0; i < 4; i++) {
1097                 struct _urb_queue *q = &husb->pending_q[i];
1098                 struct _urb *_urb, *_tmp;
1099
1100                 while ((_urb = _urb_dequeue(q))) {
1101                         /* reset queue since _urb_dequeue sets it to NULL */
1102                         _urb->queue = q;
1103                         usb_kill_urb(&_urb->urb);
1104                         list_add(&_urb->list, &killed);
1105                 }
1106
1107                 spin_lock_irqsave(&q->lock, flags);
1108
1109                 list_for_each_entry_safe(_urb, _tmp, &killed, list) {
1110                         list_move_tail(&_urb->list, &q->head);
1111                 }
1112
1113                 spin_unlock_irqrestore(&q->lock, flags);
1114         }
1115
1116         return 0;
1117 }
1118
1119 static int hci_usb_resume(struct usb_interface *intf)
1120 {
1121         struct hci_usb *husb = usb_get_intfdata(intf);
1122         unsigned long flags;
1123         int i, err = 0;
1124
1125         if (!husb || intf == husb->isoc_iface)
1126                 return 0;
1127         
1128         for (i = 0; i < 4; i++) {
1129                 struct _urb_queue *q = &husb->pending_q[i];
1130                 struct _urb *_urb;
1131
1132                 spin_lock_irqsave(&q->lock, flags);
1133
1134                 list_for_each_entry(_urb, &q->head, list) {
1135                         err = usb_submit_urb(&_urb->urb, GFP_ATOMIC);
1136                         if (err)
1137                                 break;
1138                 }
1139
1140                 spin_unlock_irqrestore(&q->lock, flags);
1141
1142                 if (err)
1143                         return -EIO;
1144         }
1145
1146         hci_resume_dev(husb->hdev);
1147
1148         return 0;
1149 }
1150
1151 static struct usb_driver hci_usb_driver = {
1152         .name           = "hci_usb",
1153         .probe          = hci_usb_probe,
1154         .disconnect     = hci_usb_disconnect,
1155         .suspend        = hci_usb_suspend,
1156         .resume         = hci_usb_resume,
1157         .id_table       = bluetooth_ids,
1158 };
1159
1160 static int __init hci_usb_init(void)
1161 {
1162         int err;
1163
1164         BT_INFO("HCI USB driver ver %s", VERSION);
1165
1166         if ((err = usb_register(&hci_usb_driver)) < 0)
1167                 BT_ERR("Failed to register HCI USB driver");
1168
1169         return err;
1170 }
1171
1172 static void __exit hci_usb_exit(void)
1173 {
1174         usb_deregister(&hci_usb_driver);
1175 }
1176
1177 module_init(hci_usb_init);
1178 module_exit(hci_usb_exit);
1179
1180 module_param(ignore, bool, 0644);
1181 MODULE_PARM_DESC(ignore, "Ignore devices from the matching table");
1182
1183 module_param(ignore_dga, bool, 0644);
1184 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1185
1186 module_param(ignore_csr, bool, 0644);
1187 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1188
1189 module_param(ignore_sniffer, bool, 0644);
1190 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1191
1192 module_param(disable_scofix, bool, 0644);
1193 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1194
1195 module_param(force_scofix, bool, 0644);
1196 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1197
1198 module_param(reset, bool, 0644);
1199 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1200
1201 #ifdef CONFIG_BT_HCIUSB_SCO
1202 module_param(isoc, int, 0644);
1203 MODULE_PARM_DESC(isoc, "Set isochronous transfers for SCO over HCI support");
1204 #endif
1205
1206 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
1207 MODULE_DESCRIPTION("Bluetooth HCI USB driver ver " VERSION);
1208 MODULE_VERSION(VERSION);
1209 MODULE_LICENSE("GPL");