1 // SPDX-License-Identifier: GPL-2.0-or-later
4 * Generic Bluetooth USB driver
6 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
10 #include <linux/module.h>
11 #include <linux/usb.h>
12 #include <linux/usb/quirks.h>
13 #include <linux/firmware.h>
14 #include <linux/iopoll.h>
15 #include <linux/of_device.h>
16 #include <linux/of_irq.h>
17 #include <linux/suspend.h>
18 #include <linux/gpio/consumer.h>
19 #include <linux/debugfs.h>
20 #include <asm/unaligned.h>
22 #include <net/bluetooth/bluetooth.h>
23 #include <net/bluetooth/hci_core.h>
32 static bool disable_scofix;
33 static bool force_scofix;
34 static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND);
35 static bool reset = true;
37 static struct usb_driver btusb_driver;
39 #define BTUSB_IGNORE BIT(0)
40 #define BTUSB_DIGIANSWER BIT(1)
41 #define BTUSB_CSR BIT(2)
42 #define BTUSB_SNIFFER BIT(3)
43 #define BTUSB_BCM92035 BIT(4)
44 #define BTUSB_BROKEN_ISOC BIT(5)
45 #define BTUSB_WRONG_SCO_MTU BIT(6)
46 #define BTUSB_ATH3012 BIT(7)
47 #define BTUSB_INTEL_COMBINED BIT(8)
48 #define BTUSB_INTEL_BOOT BIT(9)
49 #define BTUSB_BCM_PATCHRAM BIT(10)
50 #define BTUSB_MARVELL BIT(11)
51 #define BTUSB_SWAVE BIT(12)
52 #define BTUSB_AMP BIT(13)
53 #define BTUSB_QCA_ROME BIT(14)
54 #define BTUSB_BCM_APPLE BIT(15)
55 #define BTUSB_REALTEK BIT(16)
56 #define BTUSB_BCM2045 BIT(17)
57 #define BTUSB_IFNUM_2 BIT(18)
58 #define BTUSB_CW6622 BIT(19)
59 #define BTUSB_MEDIATEK BIT(20)
60 #define BTUSB_WIDEBAND_SPEECH BIT(21)
61 #define BTUSB_VALID_LE_STATES BIT(22)
62 #define BTUSB_QCA_WCN6855 BIT(23)
63 #define BTUSB_INTEL_BROKEN_SHUTDOWN_LED BIT(24)
64 #define BTUSB_INTEL_BROKEN_INITIAL_NCMD BIT(25)
65 #define BTUSB_INTEL_NO_WBS_SUPPORT BIT(26)
67 static const struct usb_device_id btusb_table[] = {
68 /* Generic Bluetooth USB device */
69 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
71 /* Generic Bluetooth AMP device */
72 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP },
74 /* Generic Bluetooth USB interface */
75 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) },
77 /* Apple-specific (Broadcom) devices */
78 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01),
79 .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 },
81 /* MediaTek MT76x0E */
82 { USB_DEVICE(0x0e8d, 0x763f) },
84 /* Broadcom SoftSailing reporting vendor specific */
85 { USB_DEVICE(0x0a5c, 0x21e1) },
87 /* Apple MacBookPro 7,1 */
88 { USB_DEVICE(0x05ac, 0x8213) },
91 { USB_DEVICE(0x05ac, 0x8215) },
93 /* Apple MacBookPro6,2 */
94 { USB_DEVICE(0x05ac, 0x8218) },
96 /* Apple MacBookAir3,1, MacBookAir3,2 */
97 { USB_DEVICE(0x05ac, 0x821b) },
99 /* Apple MacBookAir4,1 */
100 { USB_DEVICE(0x05ac, 0x821f) },
102 /* Apple MacBookPro8,2 */
103 { USB_DEVICE(0x05ac, 0x821a) },
105 /* Apple MacMini5,1 */
106 { USB_DEVICE(0x05ac, 0x8281) },
108 /* AVM BlueFRITZ! USB v2.0 */
109 { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE },
111 /* Bluetooth Ultraport Module from IBM */
112 { USB_DEVICE(0x04bf, 0x030a) },
114 /* ALPS Modules with non-standard id */
115 { USB_DEVICE(0x044e, 0x3001) },
116 { USB_DEVICE(0x044e, 0x3002) },
118 /* Ericsson with non-standard id */
119 { USB_DEVICE(0x0bdb, 0x1002) },
121 /* Canyon CN-BTU1 with HID interfaces */
122 { USB_DEVICE(0x0c10, 0x0000) },
124 /* Broadcom BCM20702B0 (Dynex/Insignia) */
125 { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM },
127 /* Broadcom BCM43142A0 (Foxconn/Lenovo) */
128 { USB_VENDOR_AND_INTERFACE_INFO(0x105b, 0xff, 0x01, 0x01),
129 .driver_info = BTUSB_BCM_PATCHRAM },
131 /* Broadcom BCM920703 (HTC Vive) */
132 { USB_VENDOR_AND_INTERFACE_INFO(0x0bb4, 0xff, 0x01, 0x01),
133 .driver_info = BTUSB_BCM_PATCHRAM },
135 /* Foxconn - Hon Hai */
136 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01),
137 .driver_info = BTUSB_BCM_PATCHRAM },
139 /* Lite-On Technology - Broadcom based */
140 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01),
141 .driver_info = BTUSB_BCM_PATCHRAM },
143 /* Broadcom devices with vendor specific id */
144 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
145 .driver_info = BTUSB_BCM_PATCHRAM },
147 /* ASUSTek Computer - Broadcom based */
148 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01),
149 .driver_info = BTUSB_BCM_PATCHRAM },
151 /* Belkin F8065bf - Broadcom based */
152 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01),
153 .driver_info = BTUSB_BCM_PATCHRAM },
155 /* IMC Networks - Broadcom based */
156 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01),
157 .driver_info = BTUSB_BCM_PATCHRAM },
159 /* Dell Computer - Broadcom based */
160 { USB_VENDOR_AND_INTERFACE_INFO(0x413c, 0xff, 0x01, 0x01),
161 .driver_info = BTUSB_BCM_PATCHRAM },
163 /* Toshiba Corp - Broadcom based */
164 { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01),
165 .driver_info = BTUSB_BCM_PATCHRAM },
167 /* Intel Bluetooth USB Bootloader (RAM module) */
168 { USB_DEVICE(0x8087, 0x0a5a),
169 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC },
171 { } /* Terminating entry */
174 MODULE_DEVICE_TABLE(usb, btusb_table);
176 static const struct usb_device_id blacklist_table[] = {
177 /* CSR BlueCore devices */
178 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
180 /* Broadcom BCM2033 without firmware */
181 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
183 /* Broadcom BCM2045 devices */
184 { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 },
186 /* Atheros 3011 with sflash firmware */
187 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
188 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
189 { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE },
190 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
191 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
192 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
193 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
195 /* Atheros AR9285 Malbec with sflash firmware */
196 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
198 /* Atheros 3012 with sflash firmware */
199 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
200 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
201 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
202 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
203 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
204 { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
205 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
206 { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 },
207 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
208 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
209 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
210 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
211 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
212 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
213 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
214 { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 },
215 { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 },
216 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 },
217 { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 },
218 { USB_DEVICE(0x04ca, 0x3018), .driver_info = BTUSB_ATH3012 },
219 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
220 { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 },
221 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
222 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 },
223 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
224 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
225 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
226 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
227 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
228 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
229 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
230 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
231 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
232 { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 },
233 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
234 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
235 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
236 { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 },
237 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
238 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
239 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
240 { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 },
241 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
242 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
243 { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
244 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
245 { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 },
246 { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
247 { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 },
248 { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 },
250 /* Atheros AR5BBU12 with sflash firmware */
251 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
253 /* Atheros AR5BBU12 with sflash firmware */
254 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
255 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
257 /* QCA ROME chipset */
258 { USB_DEVICE(0x0cf3, 0x535b), .driver_info = BTUSB_QCA_ROME |
259 BTUSB_WIDEBAND_SPEECH },
260 { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME |
261 BTUSB_WIDEBAND_SPEECH },
262 { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME |
263 BTUSB_WIDEBAND_SPEECH },
264 { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME |
265 BTUSB_WIDEBAND_SPEECH },
266 { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME |
267 BTUSB_WIDEBAND_SPEECH },
268 { USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME |
269 BTUSB_WIDEBAND_SPEECH },
270 { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME |
271 BTUSB_WIDEBAND_SPEECH },
272 { USB_DEVICE(0x0cf3, 0xe500), .driver_info = BTUSB_QCA_ROME |
273 BTUSB_WIDEBAND_SPEECH },
274 { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME |
275 BTUSB_WIDEBAND_SPEECH },
276 { USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME |
277 BTUSB_WIDEBAND_SPEECH },
278 { USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME |
279 BTUSB_WIDEBAND_SPEECH },
280 { USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME |
281 BTUSB_WIDEBAND_SPEECH },
282 { USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME |
283 BTUSB_WIDEBAND_SPEECH },
284 { USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME |
285 BTUSB_WIDEBAND_SPEECH },
286 { USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME |
287 BTUSB_WIDEBAND_SPEECH },
288 { USB_DEVICE(0x04ca, 0x3021), .driver_info = BTUSB_QCA_ROME |
289 BTUSB_WIDEBAND_SPEECH },
290 { USB_DEVICE(0x13d3, 0x3491), .driver_info = BTUSB_QCA_ROME |
291 BTUSB_WIDEBAND_SPEECH },
292 { USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME |
293 BTUSB_WIDEBAND_SPEECH },
294 { USB_DEVICE(0x13d3, 0x3501), .driver_info = BTUSB_QCA_ROME |
295 BTUSB_WIDEBAND_SPEECH },
297 /* QCA WCN6855 chipset */
298 { USB_DEVICE(0x0cf3, 0xe600), .driver_info = BTUSB_QCA_WCN6855 |
299 BTUSB_WIDEBAND_SPEECH |
300 BTUSB_VALID_LE_STATES },
301 { USB_DEVICE(0x0489, 0xe0cc), .driver_info = BTUSB_QCA_WCN6855 |
302 BTUSB_WIDEBAND_SPEECH |
303 BTUSB_VALID_LE_STATES },
304 { USB_DEVICE(0x0489, 0xe0d6), .driver_info = BTUSB_QCA_WCN6855 |
305 BTUSB_WIDEBAND_SPEECH |
306 BTUSB_VALID_LE_STATES },
307 { USB_DEVICE(0x0489, 0xe0e3), .driver_info = BTUSB_QCA_WCN6855 |
308 BTUSB_WIDEBAND_SPEECH |
309 BTUSB_VALID_LE_STATES },
310 { USB_DEVICE(0x10ab, 0x9309), .driver_info = BTUSB_QCA_WCN6855 |
311 BTUSB_WIDEBAND_SPEECH |
312 BTUSB_VALID_LE_STATES },
313 { USB_DEVICE(0x10ab, 0x9409), .driver_info = BTUSB_QCA_WCN6855 |
314 BTUSB_WIDEBAND_SPEECH |
315 BTUSB_VALID_LE_STATES },
316 { USB_DEVICE(0x0489, 0xe0d0), .driver_info = BTUSB_QCA_WCN6855 |
317 BTUSB_WIDEBAND_SPEECH |
318 BTUSB_VALID_LE_STATES },
320 /* QCA WCN785x chipset */
321 { USB_DEVICE(0x0cf3, 0xe700), .driver_info = BTUSB_QCA_WCN6855 |
322 BTUSB_WIDEBAND_SPEECH |
323 BTUSB_VALID_LE_STATES },
325 /* Broadcom BCM2035 */
326 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
327 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
328 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
330 /* Broadcom BCM2045 */
331 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
332 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
334 /* IBM/Lenovo ThinkPad with Broadcom chip */
335 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
336 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
338 /* HP laptop with Broadcom chip */
339 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
341 /* Dell laptop with Broadcom chip */
342 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
344 /* Dell Wireless 370 and 410 devices */
345 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
346 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
348 /* Belkin F8T012 and F8T013 devices */
349 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
350 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
352 /* Asus WL-BTD202 device */
353 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
355 /* Kensington Bluetooth USB adapter */
356 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
358 /* RTX Telecom based adapters with buggy SCO support */
359 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
360 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
362 /* CONWISE Technology based adapters with buggy SCO support */
363 { USB_DEVICE(0x0e5e, 0x6622),
364 .driver_info = BTUSB_BROKEN_ISOC | BTUSB_CW6622},
366 /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */
367 { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE },
369 /* Digianswer devices */
370 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
371 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
373 /* CSR BlueCore Bluetooth Sniffer */
374 { USB_DEVICE(0x0a12, 0x0002),
375 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
377 /* Frontline ComProbe Bluetooth Sniffer */
378 { USB_DEVICE(0x16d3, 0x0002),
379 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
381 /* Marvell Bluetooth devices */
382 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL },
383 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL },
384 { USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL },
386 /* Intel Bluetooth devices */
387 { USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_COMBINED },
388 { USB_DEVICE(0x8087, 0x0026), .driver_info = BTUSB_INTEL_COMBINED },
389 { USB_DEVICE(0x8087, 0x0029), .driver_info = BTUSB_INTEL_COMBINED },
390 { USB_DEVICE(0x8087, 0x0032), .driver_info = BTUSB_INTEL_COMBINED },
391 { USB_DEVICE(0x8087, 0x0033), .driver_info = BTUSB_INTEL_COMBINED },
392 { USB_DEVICE(0x8087, 0x0035), .driver_info = BTUSB_INTEL_COMBINED },
393 { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR },
394 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL_COMBINED |
395 BTUSB_INTEL_NO_WBS_SUPPORT |
396 BTUSB_INTEL_BROKEN_INITIAL_NCMD |
397 BTUSB_INTEL_BROKEN_SHUTDOWN_LED },
398 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL_COMBINED |
399 BTUSB_INTEL_NO_WBS_SUPPORT |
400 BTUSB_INTEL_BROKEN_SHUTDOWN_LED },
401 { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_COMBINED },
402 { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL_COMBINED |
403 BTUSB_INTEL_BROKEN_SHUTDOWN_LED },
404 { USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_COMBINED },
406 /* Other Intel Bluetooth devices */
407 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01),
408 .driver_info = BTUSB_IGNORE },
410 /* Realtek 8822CE Bluetooth devices */
411 { USB_DEVICE(0x0bda, 0xb00c), .driver_info = BTUSB_REALTEK |
412 BTUSB_WIDEBAND_SPEECH },
413 { USB_DEVICE(0x0bda, 0xc822), .driver_info = BTUSB_REALTEK |
414 BTUSB_WIDEBAND_SPEECH },
416 /* Realtek 8852AE Bluetooth devices */
417 { USB_DEVICE(0x0bda, 0x2852), .driver_info = BTUSB_REALTEK |
418 BTUSB_WIDEBAND_SPEECH },
419 { USB_DEVICE(0x0bda, 0xc852), .driver_info = BTUSB_REALTEK |
420 BTUSB_WIDEBAND_SPEECH },
421 { USB_DEVICE(0x0bda, 0x385a), .driver_info = BTUSB_REALTEK |
422 BTUSB_WIDEBAND_SPEECH },
423 { USB_DEVICE(0x0bda, 0x4852), .driver_info = BTUSB_REALTEK |
424 BTUSB_WIDEBAND_SPEECH },
425 { USB_DEVICE(0x04c5, 0x165c), .driver_info = BTUSB_REALTEK |
426 BTUSB_WIDEBAND_SPEECH },
427 { USB_DEVICE(0x04ca, 0x4006), .driver_info = BTUSB_REALTEK |
428 BTUSB_WIDEBAND_SPEECH },
430 /* Realtek 8852CE Bluetooth devices */
431 { USB_DEVICE(0x04ca, 0x4007), .driver_info = BTUSB_REALTEK |
432 BTUSB_WIDEBAND_SPEECH },
433 { USB_DEVICE(0x04c5, 0x1675), .driver_info = BTUSB_REALTEK |
434 BTUSB_WIDEBAND_SPEECH },
435 { USB_DEVICE(0x0cb8, 0xc558), .driver_info = BTUSB_REALTEK |
436 BTUSB_WIDEBAND_SPEECH },
437 { USB_DEVICE(0x13d3, 0x3587), .driver_info = BTUSB_REALTEK |
438 BTUSB_WIDEBAND_SPEECH },
439 { USB_DEVICE(0x13d3, 0x3586), .driver_info = BTUSB_REALTEK |
440 BTUSB_WIDEBAND_SPEECH },
442 /* Realtek Bluetooth devices */
443 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01),
444 .driver_info = BTUSB_REALTEK },
446 /* MediaTek Bluetooth devices */
447 { USB_VENDOR_AND_INTERFACE_INFO(0x0e8d, 0xe0, 0x01, 0x01),
448 .driver_info = BTUSB_MEDIATEK |
449 BTUSB_WIDEBAND_SPEECH |
450 BTUSB_VALID_LE_STATES },
452 /* Additional MediaTek MT7615E Bluetooth devices */
453 { USB_DEVICE(0x13d3, 0x3560), .driver_info = BTUSB_MEDIATEK},
455 /* Additional MediaTek MT7663 Bluetooth devices */
456 { USB_DEVICE(0x043e, 0x310c), .driver_info = BTUSB_MEDIATEK |
457 BTUSB_WIDEBAND_SPEECH |
458 BTUSB_VALID_LE_STATES },
460 /* Additional MediaTek MT7668 Bluetooth devices */
461 { USB_DEVICE(0x043e, 0x3109), .driver_info = BTUSB_MEDIATEK |
462 BTUSB_WIDEBAND_SPEECH |
463 BTUSB_VALID_LE_STATES },
465 /* Additional MediaTek MT7921 Bluetooth devices */
466 { USB_DEVICE(0x0489, 0xe0c8), .driver_info = BTUSB_MEDIATEK |
467 BTUSB_WIDEBAND_SPEECH |
468 BTUSB_VALID_LE_STATES },
469 { USB_DEVICE(0x04ca, 0x3802), .driver_info = BTUSB_MEDIATEK |
470 BTUSB_WIDEBAND_SPEECH |
471 BTUSB_VALID_LE_STATES },
472 { USB_DEVICE(0x13d3, 0x3563), .driver_info = BTUSB_MEDIATEK |
473 BTUSB_WIDEBAND_SPEECH |
474 BTUSB_VALID_LE_STATES },
475 { USB_DEVICE(0x13d3, 0x3564), .driver_info = BTUSB_MEDIATEK |
476 BTUSB_WIDEBAND_SPEECH |
477 BTUSB_VALID_LE_STATES },
478 { USB_DEVICE(0x13d3, 0x3567), .driver_info = BTUSB_MEDIATEK |
479 BTUSB_WIDEBAND_SPEECH |
480 BTUSB_VALID_LE_STATES },
481 { USB_DEVICE(0x0489, 0xe0cd), .driver_info = BTUSB_MEDIATEK |
482 BTUSB_WIDEBAND_SPEECH |
483 BTUSB_VALID_LE_STATES },
485 /* MediaTek MT7922A Bluetooth devices */
486 { USB_DEVICE(0x0489, 0xe0d8), .driver_info = BTUSB_MEDIATEK |
487 BTUSB_WIDEBAND_SPEECH |
488 BTUSB_VALID_LE_STATES },
489 { USB_DEVICE(0x0489, 0xe0d9), .driver_info = BTUSB_MEDIATEK |
490 BTUSB_WIDEBAND_SPEECH |
491 BTUSB_VALID_LE_STATES },
492 { USB_DEVICE(0x13d3, 0x3568), .driver_info = BTUSB_MEDIATEK |
493 BTUSB_WIDEBAND_SPEECH |
494 BTUSB_VALID_LE_STATES },
495 { USB_DEVICE(0x0489, 0xe0e2), .driver_info = BTUSB_MEDIATEK |
496 BTUSB_WIDEBAND_SPEECH |
497 BTUSB_VALID_LE_STATES },
499 /* Additional Realtek 8723AE Bluetooth devices */
500 { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK },
501 { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK },
503 /* Additional Realtek 8723BE Bluetooth devices */
504 { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK },
505 { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK },
506 { USB_DEVICE(0x04f2, 0xb49f), .driver_info = BTUSB_REALTEK },
507 { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK },
508 { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK },
509 { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK },
510 { USB_DEVICE(0x13d3, 0x3494), .driver_info = BTUSB_REALTEK },
512 /* Additional Realtek 8723BU Bluetooth devices */
513 { USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK },
515 /* Additional Realtek 8723DE Bluetooth devices */
516 { USB_DEVICE(0x0bda, 0xb009), .driver_info = BTUSB_REALTEK },
517 { USB_DEVICE(0x2ff8, 0xb011), .driver_info = BTUSB_REALTEK },
519 /* Additional Realtek 8761B Bluetooth devices */
520 { USB_DEVICE(0x2357, 0x0604), .driver_info = BTUSB_REALTEK |
521 BTUSB_WIDEBAND_SPEECH },
523 /* Additional Realtek 8761BU Bluetooth devices */
524 { USB_DEVICE(0x0b05, 0x190e), .driver_info = BTUSB_REALTEK |
525 BTUSB_WIDEBAND_SPEECH },
526 { USB_DEVICE(0x2550, 0x8761), .driver_info = BTUSB_REALTEK |
527 BTUSB_WIDEBAND_SPEECH },
529 /* Additional Realtek 8761BUV Bluetooth devices */
530 { USB_DEVICE(0x0bda, 0x8771), .driver_info = BTUSB_REALTEK |
531 BTUSB_WIDEBAND_SPEECH },
533 /* Additional Realtek 8821AE Bluetooth devices */
534 { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK },
535 { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK },
536 { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK },
537 { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK },
538 { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK },
540 /* Additional Realtek 8822BE Bluetooth devices */
541 { USB_DEVICE(0x13d3, 0x3526), .driver_info = BTUSB_REALTEK },
542 { USB_DEVICE(0x0b05, 0x185c), .driver_info = BTUSB_REALTEK },
544 /* Additional Realtek 8822CE Bluetooth devices */
545 { USB_DEVICE(0x04ca, 0x4005), .driver_info = BTUSB_REALTEK |
546 BTUSB_WIDEBAND_SPEECH },
547 { USB_DEVICE(0x04c5, 0x161f), .driver_info = BTUSB_REALTEK |
548 BTUSB_WIDEBAND_SPEECH },
549 { USB_DEVICE(0x0b05, 0x18ef), .driver_info = BTUSB_REALTEK |
550 BTUSB_WIDEBAND_SPEECH },
551 { USB_DEVICE(0x13d3, 0x3548), .driver_info = BTUSB_REALTEK |
552 BTUSB_WIDEBAND_SPEECH },
553 { USB_DEVICE(0x13d3, 0x3549), .driver_info = BTUSB_REALTEK |
554 BTUSB_WIDEBAND_SPEECH },
555 { USB_DEVICE(0x13d3, 0x3553), .driver_info = BTUSB_REALTEK |
556 BTUSB_WIDEBAND_SPEECH },
557 { USB_DEVICE(0x13d3, 0x3555), .driver_info = BTUSB_REALTEK |
558 BTUSB_WIDEBAND_SPEECH },
559 { USB_DEVICE(0x2ff8, 0x3051), .driver_info = BTUSB_REALTEK |
560 BTUSB_WIDEBAND_SPEECH },
561 { USB_DEVICE(0x1358, 0xc123), .driver_info = BTUSB_REALTEK |
562 BTUSB_WIDEBAND_SPEECH },
563 { USB_DEVICE(0x0bda, 0xc123), .driver_info = BTUSB_REALTEK |
564 BTUSB_WIDEBAND_SPEECH },
565 { USB_DEVICE(0x0cb5, 0xc547), .driver_info = BTUSB_REALTEK |
566 BTUSB_WIDEBAND_SPEECH },
568 /* Silicon Wave based devices */
569 { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE },
571 { } /* Terminating entry */
574 /* The Bluetooth USB module build into some devices needs to be reset on resume,
575 * this is a problem with the platform (likely shutting off all power) not with
576 * the module itself. So we use a DMI list to match known broken platforms.
578 static const struct dmi_system_id btusb_needs_reset_resume_table[] = {
580 /* Dell OptiPlex 3060 (QCA ROME device 0cf3:e007) */
582 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
583 DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 3060"),
587 /* Dell XPS 9360 (QCA ROME device 0cf3:e300) */
589 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
590 DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9360"),
594 /* Dell Inspiron 5565 (QCA ROME device 0cf3:e009) */
596 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
597 DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5565"),
603 #define BTUSB_MAX_ISOC_FRAMES 10
605 #define BTUSB_INTR_RUNNING 0
606 #define BTUSB_BULK_RUNNING 1
607 #define BTUSB_ISOC_RUNNING 2
608 #define BTUSB_SUSPENDING 3
609 #define BTUSB_DID_ISO_RESUME 4
610 #define BTUSB_BOOTLOADER 5
611 #define BTUSB_DOWNLOADING 6
612 #define BTUSB_FIRMWARE_LOADED 7
613 #define BTUSB_FIRMWARE_FAILED 8
614 #define BTUSB_BOOTING 9
615 #define BTUSB_DIAG_RUNNING 10
616 #define BTUSB_OOB_WAKE_ENABLED 11
617 #define BTUSB_HW_RESET_ACTIVE 12
618 #define BTUSB_TX_WAIT_VND_EVT 13
619 #define BTUSB_WAKEUP_AUTOSUSPEND 14
620 #define BTUSB_USE_ALT3_FOR_WBS 15
623 struct hci_dev *hdev;
624 struct usb_device *udev;
625 struct usb_interface *intf;
626 struct usb_interface *isoc;
627 struct usb_interface *diag;
634 struct work_struct work;
635 struct work_struct waker;
636 struct delayed_work rx_work;
638 struct sk_buff_head acl_q;
640 struct usb_anchor deferred;
641 struct usb_anchor tx_anchor;
645 struct usb_anchor intr_anchor;
646 struct usb_anchor bulk_anchor;
647 struct usb_anchor isoc_anchor;
648 struct usb_anchor diag_anchor;
649 struct usb_anchor ctrl_anchor;
652 struct sk_buff *evt_skb;
653 struct sk_buff *acl_skb;
654 struct sk_buff *sco_skb;
656 struct usb_endpoint_descriptor *intr_ep;
657 struct usb_endpoint_descriptor *bulk_tx_ep;
658 struct usb_endpoint_descriptor *bulk_rx_ep;
659 struct usb_endpoint_descriptor *isoc_tx_ep;
660 struct usb_endpoint_descriptor *isoc_rx_ep;
661 struct usb_endpoint_descriptor *diag_tx_ep;
662 struct usb_endpoint_descriptor *diag_rx_ep;
664 struct gpio_desc *reset_gpio;
669 unsigned int sco_num;
670 unsigned int air_mode;
671 bool usb_alt6_packet_flow;
675 int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb);
676 int (*recv_acl)(struct hci_dev *hdev, struct sk_buff *skb);
677 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count);
679 int (*setup_on_usb)(struct hci_dev *hdev);
681 int oob_wake_irq; /* irq for out-of-band wake-on-bt */
682 unsigned cmd_timeout_cnt;
685 static void btusb_intel_cmd_timeout(struct hci_dev *hdev)
687 struct btusb_data *data = hci_get_drvdata(hdev);
688 struct gpio_desc *reset_gpio = data->reset_gpio;
690 if (++data->cmd_timeout_cnt < 5)
694 bt_dev_err(hdev, "No way to reset. Ignoring and continuing");
699 * Toggle the hard reset line if the platform provides one. The reset
700 * is going to yank the device off the USB and then replug. So doing
701 * once is enough. The cleanup is handled correctly on the way out
702 * (standard USB disconnect), and the new device is detected cleanly
703 * and bound to the driver again like it should be.
705 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) {
706 bt_dev_err(hdev, "last reset failed? Not resetting again");
710 bt_dev_err(hdev, "Initiating HW reset via gpio");
711 gpiod_set_value_cansleep(reset_gpio, 1);
713 gpiod_set_value_cansleep(reset_gpio, 0);
716 static void btusb_rtl_cmd_timeout(struct hci_dev *hdev)
718 struct btusb_data *data = hci_get_drvdata(hdev);
719 struct gpio_desc *reset_gpio = data->reset_gpio;
721 if (++data->cmd_timeout_cnt < 5)
725 bt_dev_err(hdev, "No gpio to reset Realtek device, ignoring");
729 /* Toggle the hard reset line. The Realtek device is going to
730 * yank itself off the USB and then replug. The cleanup is handled
731 * correctly on the way out (standard USB disconnect), and the new
732 * device is detected cleanly and bound to the driver again like
735 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) {
736 bt_dev_err(hdev, "last reset failed? Not resetting again");
740 bt_dev_err(hdev, "Reset Realtek device via gpio");
741 gpiod_set_value_cansleep(reset_gpio, 1);
743 gpiod_set_value_cansleep(reset_gpio, 0);
746 static void btusb_qca_cmd_timeout(struct hci_dev *hdev)
748 struct btusb_data *data = hci_get_drvdata(hdev);
749 struct gpio_desc *reset_gpio = data->reset_gpio;
752 if (++data->cmd_timeout_cnt < 5)
756 bt_dev_err(hdev, "Reset qca device via bt_en gpio");
758 /* Toggle the hard reset line. The qca bt device is going to
759 * yank itself off the USB and then replug. The cleanup is handled
760 * correctly on the way out (standard USB disconnect), and the new
761 * device is detected cleanly and bound to the driver again like
764 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) {
765 bt_dev_err(hdev, "last reset failed? Not resetting again");
769 gpiod_set_value_cansleep(reset_gpio, 0);
771 gpiod_set_value_cansleep(reset_gpio, 1);
776 bt_dev_err(hdev, "Multiple cmd timeouts seen. Resetting usb device.");
777 /* This is not an unbalanced PM reference since the device will reset */
778 err = usb_autopm_get_interface(data->intf);
780 usb_queue_reset_device(data->intf);
782 bt_dev_err(hdev, "Failed usb_autopm_get_interface with %d", err);
785 static inline void btusb_free_frags(struct btusb_data *data)
789 spin_lock_irqsave(&data->rxlock, flags);
791 kfree_skb(data->evt_skb);
792 data->evt_skb = NULL;
794 kfree_skb(data->acl_skb);
795 data->acl_skb = NULL;
797 kfree_skb(data->sco_skb);
798 data->sco_skb = NULL;
800 spin_unlock_irqrestore(&data->rxlock, flags);
803 static int btusb_recv_event(struct btusb_data *data, struct sk_buff *skb)
805 if (data->intr_interval) {
806 /* Trigger dequeue immediatelly if an event is received */
807 schedule_delayed_work(&data->rx_work, 0);
810 return data->recv_event(data->hdev, skb);
813 static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count)
819 spin_lock_irqsave(&data->rxlock, flags);
826 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC);
832 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
833 hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE;
836 len = min_t(uint, hci_skb_expect(skb), count);
837 skb_put_data(skb, buffer, len);
841 hci_skb_expect(skb) -= len;
843 if (skb->len == HCI_EVENT_HDR_SIZE) {
844 /* Complete event header */
845 hci_skb_expect(skb) = hci_event_hdr(skb)->plen;
847 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
856 if (!hci_skb_expect(skb)) {
858 btusb_recv_event(data, skb);
864 spin_unlock_irqrestore(&data->rxlock, flags);
869 static int btusb_recv_acl(struct btusb_data *data, struct sk_buff *skb)
871 /* Only queue ACL packet if intr_interval is set as it means
872 * force_poll_sync has been enabled.
874 if (!data->intr_interval)
875 return data->recv_acl(data->hdev, skb);
877 skb_queue_tail(&data->acl_q, skb);
878 schedule_delayed_work(&data->rx_work, data->intr_interval);
883 static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count)
889 spin_lock_irqsave(&data->rxlock, flags);
896 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC);
902 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
903 hci_skb_expect(skb) = HCI_ACL_HDR_SIZE;
906 len = min_t(uint, hci_skb_expect(skb), count);
907 skb_put_data(skb, buffer, len);
911 hci_skb_expect(skb) -= len;
913 if (skb->len == HCI_ACL_HDR_SIZE) {
914 __le16 dlen = hci_acl_hdr(skb)->dlen;
916 /* Complete ACL header */
917 hci_skb_expect(skb) = __le16_to_cpu(dlen);
919 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
928 if (!hci_skb_expect(skb)) {
930 btusb_recv_acl(data, skb);
936 spin_unlock_irqrestore(&data->rxlock, flags);
941 static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count)
947 spin_lock_irqsave(&data->rxlock, flags);
954 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC);
960 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
961 hci_skb_expect(skb) = HCI_SCO_HDR_SIZE;
964 len = min_t(uint, hci_skb_expect(skb), count);
965 skb_put_data(skb, buffer, len);
969 hci_skb_expect(skb) -= len;
971 if (skb->len == HCI_SCO_HDR_SIZE) {
972 /* Complete SCO header */
973 hci_skb_expect(skb) = hci_sco_hdr(skb)->dlen;
975 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
984 if (!hci_skb_expect(skb)) {
986 hci_recv_frame(data->hdev, skb);
992 spin_unlock_irqrestore(&data->rxlock, flags);
997 static void btusb_intr_complete(struct urb *urb)
999 struct hci_dev *hdev = urb->context;
1000 struct btusb_data *data = hci_get_drvdata(hdev);
1003 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1004 urb->actual_length);
1006 if (!test_bit(HCI_RUNNING, &hdev->flags))
1009 if (urb->status == 0) {
1010 hdev->stat.byte_rx += urb->actual_length;
1012 if (btusb_recv_intr(data, urb->transfer_buffer,
1013 urb->actual_length) < 0) {
1014 bt_dev_err(hdev, "corrupted event packet");
1015 hdev->stat.err_rx++;
1017 } else if (urb->status == -ENOENT) {
1018 /* Avoid suspend failed when usb_kill_urb */
1022 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
1025 usb_mark_last_busy(data->udev);
1026 usb_anchor_urb(urb, &data->intr_anchor);
1028 err = usb_submit_urb(urb, GFP_ATOMIC);
1030 /* -EPERM: urb is being killed;
1031 * -ENODEV: device got disconnected
1033 if (err != -EPERM && err != -ENODEV)
1034 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1037 hci_cmd_sync_cancel(hdev, -err);
1038 usb_unanchor_urb(urb);
1042 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
1044 struct btusb_data *data = hci_get_drvdata(hdev);
1050 BT_DBG("%s", hdev->name);
1055 urb = usb_alloc_urb(0, mem_flags);
1059 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
1061 buf = kmalloc(size, mem_flags);
1067 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
1069 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
1070 btusb_intr_complete, hdev, data->intr_ep->bInterval);
1072 urb->transfer_flags |= URB_FREE_BUFFER;
1074 usb_anchor_urb(urb, &data->intr_anchor);
1076 err = usb_submit_urb(urb, mem_flags);
1078 if (err != -EPERM && err != -ENODEV)
1079 bt_dev_err(hdev, "urb %p submission failed (%d)",
1082 hci_cmd_sync_cancel(hdev, -err);
1083 usb_unanchor_urb(urb);
1086 /* Only initialize intr_interval if URB poll sync is enabled */
1087 if (!data->poll_sync)
1090 /* The units are frames (milliseconds) for full and low speed devices,
1091 * and microframes (1/8 millisecond) for highspeed and SuperSpeed
1094 * This is done once on open/resume so it shouldn't change even if
1095 * force_poll_sync changes.
1097 switch (urb->dev->speed) {
1098 case USB_SPEED_SUPER_PLUS:
1099 case USB_SPEED_SUPER: /* units are 125us */
1100 data->intr_interval = usecs_to_jiffies(urb->interval * 125);
1103 data->intr_interval = msecs_to_jiffies(urb->interval);
1113 static void btusb_bulk_complete(struct urb *urb)
1115 struct hci_dev *hdev = urb->context;
1116 struct btusb_data *data = hci_get_drvdata(hdev);
1119 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1120 urb->actual_length);
1122 if (!test_bit(HCI_RUNNING, &hdev->flags))
1125 if (urb->status == 0) {
1126 hdev->stat.byte_rx += urb->actual_length;
1128 if (data->recv_bulk(data, urb->transfer_buffer,
1129 urb->actual_length) < 0) {
1130 bt_dev_err(hdev, "corrupted ACL packet");
1131 hdev->stat.err_rx++;
1133 } else if (urb->status == -ENOENT) {
1134 /* Avoid suspend failed when usb_kill_urb */
1138 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
1141 usb_anchor_urb(urb, &data->bulk_anchor);
1142 usb_mark_last_busy(data->udev);
1144 err = usb_submit_urb(urb, GFP_ATOMIC);
1146 /* -EPERM: urb is being killed;
1147 * -ENODEV: device got disconnected
1149 if (err != -EPERM && err != -ENODEV)
1150 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1152 usb_unanchor_urb(urb);
1156 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
1158 struct btusb_data *data = hci_get_drvdata(hdev);
1162 int err, size = HCI_MAX_FRAME_SIZE;
1164 BT_DBG("%s", hdev->name);
1166 if (!data->bulk_rx_ep)
1169 urb = usb_alloc_urb(0, mem_flags);
1173 buf = kmalloc(size, mem_flags);
1179 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
1181 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
1182 btusb_bulk_complete, hdev);
1184 urb->transfer_flags |= URB_FREE_BUFFER;
1186 usb_mark_last_busy(data->udev);
1187 usb_anchor_urb(urb, &data->bulk_anchor);
1189 err = usb_submit_urb(urb, mem_flags);
1191 if (err != -EPERM && err != -ENODEV)
1192 bt_dev_err(hdev, "urb %p submission failed (%d)",
1194 usb_unanchor_urb(urb);
1202 static void btusb_isoc_complete(struct urb *urb)
1204 struct hci_dev *hdev = urb->context;
1205 struct btusb_data *data = hci_get_drvdata(hdev);
1208 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1209 urb->actual_length);
1211 if (!test_bit(HCI_RUNNING, &hdev->flags))
1214 if (urb->status == 0) {
1215 for (i = 0; i < urb->number_of_packets; i++) {
1216 unsigned int offset = urb->iso_frame_desc[i].offset;
1217 unsigned int length = urb->iso_frame_desc[i].actual_length;
1219 if (urb->iso_frame_desc[i].status)
1222 hdev->stat.byte_rx += length;
1224 if (btusb_recv_isoc(data, urb->transfer_buffer + offset,
1226 bt_dev_err(hdev, "corrupted SCO packet");
1227 hdev->stat.err_rx++;
1230 } else if (urb->status == -ENOENT) {
1231 /* Avoid suspend failed when usb_kill_urb */
1235 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
1238 usb_anchor_urb(urb, &data->isoc_anchor);
1240 err = usb_submit_urb(urb, GFP_ATOMIC);
1242 /* -EPERM: urb is being killed;
1243 * -ENODEV: device got disconnected
1245 if (err != -EPERM && err != -ENODEV)
1246 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1248 usb_unanchor_urb(urb);
1252 static inline void __fill_isoc_descriptor_msbc(struct urb *urb, int len,
1253 int mtu, struct btusb_data *data)
1256 unsigned int interval;
1258 BT_DBG("len %d mtu %d", len, mtu);
1260 /* For mSBC ALT 6 setting the host will send the packet at continuous
1261 * flow. As per core spec 5, vol 4, part B, table 2.1. For ALT setting
1262 * 6 the HCI PACKET INTERVAL should be 7.5ms for every usb packets.
1263 * To maintain the rate we send 63bytes of usb packets alternatively for
1264 * 7ms and 8ms to maintain the rate as 7.5ms.
1266 if (data->usb_alt6_packet_flow) {
1268 data->usb_alt6_packet_flow = false;
1271 data->usb_alt6_packet_flow = true;
1274 for (i = 0; i < interval; i++) {
1275 urb->iso_frame_desc[i].offset = offset;
1276 urb->iso_frame_desc[i].length = offset;
1279 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
1280 urb->iso_frame_desc[i].offset = offset;
1281 urb->iso_frame_desc[i].length = len;
1285 urb->number_of_packets = i;
1288 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
1292 BT_DBG("len %d mtu %d", len, mtu);
1294 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
1295 i++, offset += mtu, len -= mtu) {
1296 urb->iso_frame_desc[i].offset = offset;
1297 urb->iso_frame_desc[i].length = mtu;
1300 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
1301 urb->iso_frame_desc[i].offset = offset;
1302 urb->iso_frame_desc[i].length = len;
1306 urb->number_of_packets = i;
1309 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
1311 struct btusb_data *data = hci_get_drvdata(hdev);
1317 BT_DBG("%s", hdev->name);
1319 if (!data->isoc_rx_ep)
1322 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
1326 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
1327 BTUSB_MAX_ISOC_FRAMES;
1329 buf = kmalloc(size, mem_flags);
1335 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
1337 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
1338 hdev, data->isoc_rx_ep->bInterval);
1340 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
1342 __fill_isoc_descriptor(urb, size,
1343 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
1345 usb_anchor_urb(urb, &data->isoc_anchor);
1347 err = usb_submit_urb(urb, mem_flags);
1349 if (err != -EPERM && err != -ENODEV)
1350 bt_dev_err(hdev, "urb %p submission failed (%d)",
1352 usb_unanchor_urb(urb);
1360 static void btusb_diag_complete(struct urb *urb)
1362 struct hci_dev *hdev = urb->context;
1363 struct btusb_data *data = hci_get_drvdata(hdev);
1366 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1367 urb->actual_length);
1369 if (urb->status == 0) {
1370 struct sk_buff *skb;
1372 skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC);
1374 skb_put_data(skb, urb->transfer_buffer,
1375 urb->actual_length);
1376 hci_recv_diag(hdev, skb);
1378 } else if (urb->status == -ENOENT) {
1379 /* Avoid suspend failed when usb_kill_urb */
1383 if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags))
1386 usb_anchor_urb(urb, &data->diag_anchor);
1387 usb_mark_last_busy(data->udev);
1389 err = usb_submit_urb(urb, GFP_ATOMIC);
1391 /* -EPERM: urb is being killed;
1392 * -ENODEV: device got disconnected
1394 if (err != -EPERM && err != -ENODEV)
1395 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1397 usb_unanchor_urb(urb);
1401 static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags)
1403 struct btusb_data *data = hci_get_drvdata(hdev);
1407 int err, size = HCI_MAX_FRAME_SIZE;
1409 BT_DBG("%s", hdev->name);
1411 if (!data->diag_rx_ep)
1414 urb = usb_alloc_urb(0, mem_flags);
1418 buf = kmalloc(size, mem_flags);
1424 pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress);
1426 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
1427 btusb_diag_complete, hdev);
1429 urb->transfer_flags |= URB_FREE_BUFFER;
1431 usb_mark_last_busy(data->udev);
1432 usb_anchor_urb(urb, &data->diag_anchor);
1434 err = usb_submit_urb(urb, mem_flags);
1436 if (err != -EPERM && err != -ENODEV)
1437 bt_dev_err(hdev, "urb %p submission failed (%d)",
1439 usb_unanchor_urb(urb);
1447 static void btusb_tx_complete(struct urb *urb)
1449 struct sk_buff *skb = urb->context;
1450 struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1451 struct btusb_data *data = hci_get_drvdata(hdev);
1452 unsigned long flags;
1454 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1455 urb->actual_length);
1457 if (!test_bit(HCI_RUNNING, &hdev->flags))
1461 hdev->stat.byte_tx += urb->transfer_buffer_length;
1463 if (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT)
1464 hci_cmd_sync_cancel(hdev, -urb->status);
1465 hdev->stat.err_tx++;
1469 spin_lock_irqsave(&data->txlock, flags);
1470 data->tx_in_flight--;
1471 spin_unlock_irqrestore(&data->txlock, flags);
1473 kfree(urb->setup_packet);
1478 static void btusb_isoc_tx_complete(struct urb *urb)
1480 struct sk_buff *skb = urb->context;
1481 struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1483 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1484 urb->actual_length);
1486 if (!test_bit(HCI_RUNNING, &hdev->flags))
1490 hdev->stat.byte_tx += urb->transfer_buffer_length;
1492 hdev->stat.err_tx++;
1495 kfree(urb->setup_packet);
1500 static int btusb_open(struct hci_dev *hdev)
1502 struct btusb_data *data = hci_get_drvdata(hdev);
1505 BT_DBG("%s", hdev->name);
1507 err = usb_autopm_get_interface(data->intf);
1511 /* Patching USB firmware files prior to starting any URBs of HCI path
1512 * It is more safe to use USB bulk channel for downloading USB patch
1514 if (data->setup_on_usb) {
1515 err = data->setup_on_usb(hdev);
1520 data->intf->needs_remote_wakeup = 1;
1522 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
1525 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
1529 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1531 usb_kill_anchored_urbs(&data->intr_anchor);
1535 set_bit(BTUSB_BULK_RUNNING, &data->flags);
1536 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1539 if (!btusb_submit_diag_urb(hdev, GFP_KERNEL))
1540 set_bit(BTUSB_DIAG_RUNNING, &data->flags);
1544 usb_autopm_put_interface(data->intf);
1548 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1550 usb_autopm_put_interface(data->intf);
1554 static void btusb_stop_traffic(struct btusb_data *data)
1556 usb_kill_anchored_urbs(&data->intr_anchor);
1557 usb_kill_anchored_urbs(&data->bulk_anchor);
1558 usb_kill_anchored_urbs(&data->isoc_anchor);
1559 usb_kill_anchored_urbs(&data->diag_anchor);
1560 usb_kill_anchored_urbs(&data->ctrl_anchor);
1563 static int btusb_close(struct hci_dev *hdev)
1565 struct btusb_data *data = hci_get_drvdata(hdev);
1568 BT_DBG("%s", hdev->name);
1570 cancel_delayed_work(&data->rx_work);
1571 cancel_work_sync(&data->work);
1572 cancel_work_sync(&data->waker);
1574 skb_queue_purge(&data->acl_q);
1576 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1577 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1578 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1579 clear_bit(BTUSB_DIAG_RUNNING, &data->flags);
1581 btusb_stop_traffic(data);
1582 btusb_free_frags(data);
1584 err = usb_autopm_get_interface(data->intf);
1588 data->intf->needs_remote_wakeup = 0;
1590 /* Enable remote wake up for auto-suspend */
1591 if (test_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags))
1592 data->intf->needs_remote_wakeup = 1;
1594 usb_autopm_put_interface(data->intf);
1597 usb_scuttle_anchored_urbs(&data->deferred);
1601 static int btusb_flush(struct hci_dev *hdev)
1603 struct btusb_data *data = hci_get_drvdata(hdev);
1605 BT_DBG("%s", hdev->name);
1607 cancel_delayed_work(&data->rx_work);
1609 skb_queue_purge(&data->acl_q);
1611 usb_kill_anchored_urbs(&data->tx_anchor);
1612 btusb_free_frags(data);
1617 static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb)
1619 struct btusb_data *data = hci_get_drvdata(hdev);
1620 struct usb_ctrlrequest *dr;
1624 urb = usb_alloc_urb(0, GFP_KERNEL);
1626 return ERR_PTR(-ENOMEM);
1628 dr = kmalloc(sizeof(*dr), GFP_KERNEL);
1631 return ERR_PTR(-ENOMEM);
1634 dr->bRequestType = data->cmdreq_type;
1635 dr->bRequest = data->cmdreq;
1638 dr->wLength = __cpu_to_le16(skb->len);
1640 pipe = usb_sndctrlpipe(data->udev, 0x00);
1642 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
1643 skb->data, skb->len, btusb_tx_complete, skb);
1645 skb->dev = (void *)hdev;
1650 static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb)
1652 struct btusb_data *data = hci_get_drvdata(hdev);
1656 if (!data->bulk_tx_ep)
1657 return ERR_PTR(-ENODEV);
1659 urb = usb_alloc_urb(0, GFP_KERNEL);
1661 return ERR_PTR(-ENOMEM);
1663 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress);
1665 usb_fill_bulk_urb(urb, data->udev, pipe,
1666 skb->data, skb->len, btusb_tx_complete, skb);
1668 skb->dev = (void *)hdev;
1673 static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb)
1675 struct btusb_data *data = hci_get_drvdata(hdev);
1679 if (!data->isoc_tx_ep)
1680 return ERR_PTR(-ENODEV);
1682 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL);
1684 return ERR_PTR(-ENOMEM);
1686 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress);
1688 usb_fill_int_urb(urb, data->udev, pipe,
1689 skb->data, skb->len, btusb_isoc_tx_complete,
1690 skb, data->isoc_tx_ep->bInterval);
1692 urb->transfer_flags = URB_ISO_ASAP;
1694 if (data->isoc_altsetting == 6)
1695 __fill_isoc_descriptor_msbc(urb, skb->len,
1696 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize),
1699 __fill_isoc_descriptor(urb, skb->len,
1700 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
1701 skb->dev = (void *)hdev;
1706 static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb)
1708 struct btusb_data *data = hci_get_drvdata(hdev);
1711 usb_anchor_urb(urb, &data->tx_anchor);
1713 err = usb_submit_urb(urb, GFP_KERNEL);
1715 if (err != -EPERM && err != -ENODEV)
1716 bt_dev_err(hdev, "urb %p submission failed (%d)",
1718 kfree(urb->setup_packet);
1719 usb_unanchor_urb(urb);
1721 usb_mark_last_busy(data->udev);
1728 static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb)
1730 struct btusb_data *data = hci_get_drvdata(hdev);
1731 unsigned long flags;
1734 spin_lock_irqsave(&data->txlock, flags);
1735 suspending = test_bit(BTUSB_SUSPENDING, &data->flags);
1737 data->tx_in_flight++;
1738 spin_unlock_irqrestore(&data->txlock, flags);
1741 return submit_tx_urb(hdev, urb);
1743 usb_anchor_urb(urb, &data->deferred);
1744 schedule_work(&data->waker);
1750 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
1754 BT_DBG("%s", hdev->name);
1756 switch (hci_skb_pkt_type(skb)) {
1757 case HCI_COMMAND_PKT:
1758 urb = alloc_ctrl_urb(hdev, skb);
1760 return PTR_ERR(urb);
1762 hdev->stat.cmd_tx++;
1763 return submit_or_queue_tx_urb(hdev, urb);
1765 case HCI_ACLDATA_PKT:
1766 urb = alloc_bulk_urb(hdev, skb);
1768 return PTR_ERR(urb);
1770 hdev->stat.acl_tx++;
1771 return submit_or_queue_tx_urb(hdev, urb);
1773 case HCI_SCODATA_PKT:
1774 if (hci_conn_num(hdev, SCO_LINK) < 1)
1777 urb = alloc_isoc_urb(hdev, skb);
1779 return PTR_ERR(urb);
1781 hdev->stat.sco_tx++;
1782 return submit_tx_urb(hdev, urb);
1788 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
1790 struct btusb_data *data = hci_get_drvdata(hdev);
1792 BT_DBG("%s evt %d", hdev->name, evt);
1794 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) {
1795 data->sco_num = hci_conn_num(hdev, SCO_LINK);
1796 data->air_mode = evt;
1797 schedule_work(&data->work);
1801 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
1803 struct btusb_data *data = hci_get_drvdata(hdev);
1804 struct usb_interface *intf = data->isoc;
1805 struct usb_endpoint_descriptor *ep_desc;
1811 err = usb_set_interface(data->udev, data->isoc_ifnum, altsetting);
1813 bt_dev_err(hdev, "setting interface failed (%d)", -err);
1817 data->isoc_altsetting = altsetting;
1819 data->isoc_tx_ep = NULL;
1820 data->isoc_rx_ep = NULL;
1822 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1823 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1825 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
1826 data->isoc_tx_ep = ep_desc;
1830 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
1831 data->isoc_rx_ep = ep_desc;
1836 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
1837 bt_dev_err(hdev, "invalid SCO descriptors");
1844 static int btusb_switch_alt_setting(struct hci_dev *hdev, int new_alts)
1846 struct btusb_data *data = hci_get_drvdata(hdev);
1849 if (data->isoc_altsetting != new_alts) {
1850 unsigned long flags;
1852 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1853 usb_kill_anchored_urbs(&data->isoc_anchor);
1855 /* When isochronous alternate setting needs to be
1856 * changed, because SCO connection has been added
1857 * or removed, a packet fragment may be left in the
1858 * reassembling state. This could lead to wrongly
1859 * assembled fragments.
1861 * Clear outstanding fragment when selecting a new
1862 * alternate setting.
1864 spin_lock_irqsave(&data->rxlock, flags);
1865 kfree_skb(data->sco_skb);
1866 data->sco_skb = NULL;
1867 spin_unlock_irqrestore(&data->rxlock, flags);
1869 err = __set_isoc_interface(hdev, new_alts);
1874 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1875 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
1876 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1878 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
1884 static struct usb_host_interface *btusb_find_altsetting(struct btusb_data *data,
1887 struct usb_interface *intf = data->isoc;
1890 BT_DBG("Looking for Alt no :%d", alt);
1895 for (i = 0; i < intf->num_altsetting; i++) {
1896 if (intf->altsetting[i].desc.bAlternateSetting == alt)
1897 return &intf->altsetting[i];
1903 static void btusb_work(struct work_struct *work)
1905 struct btusb_data *data = container_of(work, struct btusb_data, work);
1906 struct hci_dev *hdev = data->hdev;
1910 if (data->sco_num > 0) {
1911 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
1912 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
1914 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1915 usb_kill_anchored_urbs(&data->isoc_anchor);
1919 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
1922 if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_CVSD) {
1923 if (hdev->voice_setting & 0x0020) {
1924 static const int alts[3] = { 2, 4, 5 };
1926 new_alts = alts[data->sco_num - 1];
1928 new_alts = data->sco_num;
1930 } else if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_TRANSP) {
1931 /* Bluetooth USB spec recommends alt 6 (63 bytes), but
1932 * many adapters do not support it. Alt 1 appears to
1933 * work for all adapters that do not have alt 6, and
1934 * which work with WBS at all. Some devices prefer
1935 * alt 3 (HCI payload >= 60 Bytes let air packet
1936 * data satisfy 60 bytes), requiring
1937 * MTU >= 3 (packets) * 25 (size) - 3 (headers) = 72
1938 * see also Core spec 5, vol 4, B 2.1.1 & Table 2.1.
1940 if (btusb_find_altsetting(data, 6))
1942 else if (btusb_find_altsetting(data, 3) &&
1943 hdev->sco_mtu >= 72 &&
1944 test_bit(BTUSB_USE_ALT3_FOR_WBS, &data->flags))
1950 if (btusb_switch_alt_setting(hdev, new_alts) < 0)
1951 bt_dev_err(hdev, "set USB alt:(%d) failed!", new_alts);
1953 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1954 usb_kill_anchored_urbs(&data->isoc_anchor);
1956 __set_isoc_interface(hdev, 0);
1957 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
1958 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
1962 static void btusb_waker(struct work_struct *work)
1964 struct btusb_data *data = container_of(work, struct btusb_data, waker);
1967 err = usb_autopm_get_interface(data->intf);
1971 usb_autopm_put_interface(data->intf);
1974 static void btusb_rx_work(struct work_struct *work)
1976 struct btusb_data *data = container_of(work, struct btusb_data,
1978 struct sk_buff *skb;
1980 /* Dequeue ACL data received during the interval */
1981 while ((skb = skb_dequeue(&data->acl_q)))
1982 data->recv_acl(data->hdev, skb);
1985 static int btusb_setup_bcm92035(struct hci_dev *hdev)
1987 struct sk_buff *skb;
1990 BT_DBG("%s", hdev->name);
1992 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT);
1994 bt_dev_err(hdev, "BCM92035 command failed (%ld)", PTR_ERR(skb));
2001 static int btusb_setup_csr(struct hci_dev *hdev)
2003 struct btusb_data *data = hci_get_drvdata(hdev);
2004 u16 bcdDevice = le16_to_cpu(data->udev->descriptor.bcdDevice);
2005 struct hci_rp_read_local_version *rp;
2006 struct sk_buff *skb;
2007 bool is_fake = false;
2010 BT_DBG("%s", hdev->name);
2012 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
2015 int err = PTR_ERR(skb);
2016 bt_dev_err(hdev, "CSR: Local version failed (%d)", err);
2020 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
2021 bt_dev_err(hdev, "CSR: Local version length mismatch");
2026 rp = (struct hci_rp_read_local_version *)skb->data;
2028 /* Detect a wide host of Chinese controllers that aren't CSR.
2030 * Known fake bcdDevices: 0x0100, 0x0134, 0x1915, 0x2520, 0x7558, 0x8891
2032 * The main thing they have in common is that these are really popular low-cost
2033 * options that support newer Bluetooth versions but rely on heavy VID/PID
2034 * squatting of this poor old Bluetooth 1.1 device. Even sold as such.
2036 * We detect actual CSR devices by checking that the HCI manufacturer code
2037 * is Cambridge Silicon Radio (10) and ensuring that LMP sub-version and
2038 * HCI rev values always match. As they both store the firmware number.
2040 if (le16_to_cpu(rp->manufacturer) != 10 ||
2041 le16_to_cpu(rp->hci_rev) != le16_to_cpu(rp->lmp_subver))
2044 /* Known legit CSR firmware build numbers and their supported BT versions:
2045 * - 1.1 (0x1) -> 0x0073, 0x020d, 0x033c, 0x034e
2046 * - 1.2 (0x2) -> 0x04d9, 0x0529
2047 * - 2.0 (0x3) -> 0x07a6, 0x07ad, 0x0c5c
2048 * - 2.1 (0x4) -> 0x149c, 0x1735, 0x1899 (0x1899 is a BlueCore4-External)
2049 * - 4.0 (0x6) -> 0x1d86, 0x2031, 0x22bb
2051 * e.g. Real CSR dongles with LMP subversion 0x73 are old enough that
2052 * support BT 1.1 only; so it's a dead giveaway when some
2053 * third-party BT 4.0 dongle reuses it.
2055 else if (le16_to_cpu(rp->lmp_subver) <= 0x034e &&
2056 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_1)
2059 else if (le16_to_cpu(rp->lmp_subver) <= 0x0529 &&
2060 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_2)
2063 else if (le16_to_cpu(rp->lmp_subver) <= 0x0c5c &&
2064 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_0)
2067 else if (le16_to_cpu(rp->lmp_subver) <= 0x1899 &&
2068 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_1)
2071 else if (le16_to_cpu(rp->lmp_subver) <= 0x22bb &&
2072 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_4_0)
2075 /* Other clones which beat all the above checks */
2076 else if (bcdDevice == 0x0134 &&
2077 le16_to_cpu(rp->lmp_subver) == 0x0c5c &&
2078 le16_to_cpu(rp->hci_ver) == BLUETOOTH_VER_2_0)
2082 bt_dev_warn(hdev, "CSR: Unbranded CSR clone detected; adding workarounds and force-suspending once...");
2084 /* Generally these clones have big discrepancies between
2085 * advertised features and what's actually supported.
2086 * Probably will need to be expanded in the future;
2087 * without these the controller will lock up.
2089 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
2090 set_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks);
2091 set_bit(HCI_QUIRK_BROKEN_FILTER_CLEAR_ALL, &hdev->quirks);
2092 set_bit(HCI_QUIRK_NO_SUSPEND_NOTIFIER, &hdev->quirks);
2094 /* Clear the reset quirk since this is not an actual
2095 * early Bluetooth 1.1 device from CSR.
2097 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
2098 clear_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
2101 * Special workaround for these BT 4.0 chip clones, and potentially more:
2103 * - 0x0134: a Barrot 8041a02 (HCI rev: 0x0810 sub: 0x1012)
2104 * - 0x7558: IC markings FR3191AHAL 749H15143 (HCI rev/sub-version: 0x0709)
2106 * These controllers are really messed-up.
2108 * 1. Their bulk RX endpoint will never report any data unless
2109 * the device was suspended at least once (yes, really).
2110 * 2. They will not wakeup when autosuspended and receiving data
2111 * on their bulk RX endpoint from e.g. a keyboard or mouse
2112 * (IOW remote-wakeup support is broken for the bulk endpoint).
2114 * To fix 1. enable runtime-suspend, force-suspend the
2115 * HCI and then wake-it up by disabling runtime-suspend.
2117 * To fix 2. clear the HCI's can_wake flag, this way the HCI
2118 * will still be autosuspended when it is not open.
2122 * Because these are widespread problems we prefer generic solutions; so
2123 * apply this initialization quirk to every controller that gets here,
2124 * it should be harmless. The alternative is to not work at all.
2126 pm_runtime_allow(&data->udev->dev);
2128 ret = pm_runtime_suspend(&data->udev->dev);
2132 bt_dev_warn(hdev, "CSR: Couldn't suspend the device for our Barrot 8041a02 receive-issue workaround");
2134 pm_runtime_forbid(&data->udev->dev);
2136 device_set_wakeup_capable(&data->udev->dev, false);
2138 /* Re-enable autosuspend if this was requested */
2139 if (enable_autosuspend)
2140 usb_enable_autosuspend(data->udev);
2148 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
2150 struct sk_buff *skb;
2151 struct hci_event_hdr *hdr;
2152 struct hci_ev_cmd_complete *evt;
2154 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
2158 hdr = skb_put(skb, sizeof(*hdr));
2159 hdr->evt = HCI_EV_CMD_COMPLETE;
2160 hdr->plen = sizeof(*evt) + 1;
2162 evt = skb_put(skb, sizeof(*evt));
2164 evt->opcode = cpu_to_le16(opcode);
2166 skb_put_u8(skb, 0x00);
2168 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
2170 return hci_recv_frame(hdev, skb);
2173 static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer,
2176 struct hci_dev *hdev = data->hdev;
2178 /* When the device is in bootloader mode, then it can send
2179 * events via the bulk endpoint. These events are treated the
2180 * same way as the ones received from the interrupt endpoint.
2182 if (btintel_test_flag(hdev, INTEL_BOOTLOADER))
2183 return btusb_recv_intr(data, buffer, count);
2185 return btusb_recv_bulk(data, buffer, count);
2188 static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb)
2190 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
2191 struct hci_event_hdr *hdr = (void *)skb->data;
2193 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
2195 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
2196 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
2198 switch (skb->data[2]) {
2200 /* When switching to the operational firmware
2201 * the device sends a vendor specific event
2202 * indicating that the bootup completed.
2204 btintel_bootup(hdev, ptr, len);
2207 /* When the firmware loading completes the
2208 * device sends out a vendor specific event
2209 * indicating the result of the firmware
2212 btintel_secure_send_result(hdev, ptr, len);
2218 return hci_recv_frame(hdev, skb);
2221 static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb)
2225 BT_DBG("%s", hdev->name);
2227 switch (hci_skb_pkt_type(skb)) {
2228 case HCI_COMMAND_PKT:
2229 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
2230 struct hci_command_hdr *cmd = (void *)skb->data;
2231 __u16 opcode = le16_to_cpu(cmd->opcode);
2233 /* When in bootloader mode and the command 0xfc09
2234 * is received, it needs to be send down the
2235 * bulk endpoint. So allocate a bulk URB instead.
2237 if (opcode == 0xfc09)
2238 urb = alloc_bulk_urb(hdev, skb);
2240 urb = alloc_ctrl_urb(hdev, skb);
2242 /* When the 0xfc01 command is issued to boot into
2243 * the operational firmware, it will actually not
2244 * send a command complete event. To keep the flow
2245 * control working inject that event here.
2247 if (opcode == 0xfc01)
2248 inject_cmd_complete(hdev, opcode);
2250 urb = alloc_ctrl_urb(hdev, skb);
2253 return PTR_ERR(urb);
2255 hdev->stat.cmd_tx++;
2256 return submit_or_queue_tx_urb(hdev, urb);
2258 case HCI_ACLDATA_PKT:
2259 urb = alloc_bulk_urb(hdev, skb);
2261 return PTR_ERR(urb);
2263 hdev->stat.acl_tx++;
2264 return submit_or_queue_tx_urb(hdev, urb);
2266 case HCI_SCODATA_PKT:
2267 if (hci_conn_num(hdev, SCO_LINK) < 1)
2270 urb = alloc_isoc_urb(hdev, skb);
2272 return PTR_ERR(urb);
2274 hdev->stat.sco_tx++;
2275 return submit_tx_urb(hdev, urb);
2281 /* UHW CR mapping */
2282 #define MTK_BT_MISC 0x70002510
2283 #define MTK_BT_SUBSYS_RST 0x70002610
2284 #define MTK_UDMA_INT_STA_BT 0x74000024
2285 #define MTK_UDMA_INT_STA_BT1 0x74000308
2286 #define MTK_BT_WDT_STATUS 0x740003A0
2287 #define MTK_EP_RST_OPT 0x74011890
2288 #define MTK_EP_RST_IN_OUT_OPT 0x00010001
2289 #define MTK_BT_RST_DONE 0x00000100
2290 #define MTK_BT_RESET_WAIT_MS 100
2291 #define MTK_BT_RESET_NUM_TRIES 10
2293 static void btusb_mtk_wmt_recv(struct urb *urb)
2295 struct hci_dev *hdev = urb->context;
2296 struct btusb_data *data = hci_get_drvdata(hdev);
2297 struct sk_buff *skb;
2300 if (urb->status == 0 && urb->actual_length > 0) {
2301 hdev->stat.byte_rx += urb->actual_length;
2303 /* WMT event shouldn't be fragmented and the size should be
2304 * less than HCI_WMT_MAX_EVENT_SIZE.
2306 skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC);
2308 hdev->stat.err_rx++;
2309 kfree(urb->setup_packet);
2313 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
2314 skb_put_data(skb, urb->transfer_buffer, urb->actual_length);
2316 /* When someone waits for the WMT event, the skb is being cloned
2317 * and being processed the events from there then.
2319 if (test_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags)) {
2320 data->evt_skb = skb_clone(skb, GFP_ATOMIC);
2321 if (!data->evt_skb) {
2323 kfree(urb->setup_packet);
2328 err = hci_recv_frame(hdev, skb);
2330 kfree_skb(data->evt_skb);
2331 data->evt_skb = NULL;
2332 kfree(urb->setup_packet);
2336 if (test_and_clear_bit(BTUSB_TX_WAIT_VND_EVT,
2338 /* Barrier to sync with other CPUs */
2339 smp_mb__after_atomic();
2340 wake_up_bit(&data->flags,
2341 BTUSB_TX_WAIT_VND_EVT);
2343 kfree(urb->setup_packet);
2345 } else if (urb->status == -ENOENT) {
2346 /* Avoid suspend failed when usb_kill_urb */
2350 usb_mark_last_busy(data->udev);
2352 /* The URB complete handler is still called with urb->actual_length = 0
2353 * when the event is not available, so we should keep re-submitting
2354 * URB until WMT event returns, Also, It's necessary to wait some time
2355 * between the two consecutive control URBs to relax the target device
2356 * to generate the event. Otherwise, the WMT event cannot return from
2357 * the device successfully.
2361 usb_anchor_urb(urb, &data->ctrl_anchor);
2362 err = usb_submit_urb(urb, GFP_ATOMIC);
2364 kfree(urb->setup_packet);
2365 /* -EPERM: urb is being killed;
2366 * -ENODEV: device got disconnected
2368 if (err != -EPERM && err != -ENODEV)
2369 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
2371 usb_unanchor_urb(urb);
2375 static int btusb_mtk_submit_wmt_recv_urb(struct hci_dev *hdev)
2377 struct btusb_data *data = hci_get_drvdata(hdev);
2378 struct usb_ctrlrequest *dr;
2384 urb = usb_alloc_urb(0, GFP_KERNEL);
2388 dr = kmalloc(sizeof(*dr), GFP_KERNEL);
2394 dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN;
2396 dr->wIndex = cpu_to_le16(0);
2397 dr->wValue = cpu_to_le16(48);
2398 dr->wLength = cpu_to_le16(size);
2400 buf = kmalloc(size, GFP_KERNEL);
2407 pipe = usb_rcvctrlpipe(data->udev, 0);
2409 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
2410 buf, size, btusb_mtk_wmt_recv, hdev);
2412 urb->transfer_flags |= URB_FREE_BUFFER;
2414 usb_anchor_urb(urb, &data->ctrl_anchor);
2415 err = usb_submit_urb(urb, GFP_KERNEL);
2417 if (err != -EPERM && err != -ENODEV)
2418 bt_dev_err(hdev, "urb %p submission failed (%d)",
2420 usb_unanchor_urb(urb);
2428 static int btusb_mtk_hci_wmt_sync(struct hci_dev *hdev,
2429 struct btmtk_hci_wmt_params *wmt_params)
2431 struct btusb_data *data = hci_get_drvdata(hdev);
2432 struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc;
2433 u32 hlen, status = BTMTK_WMT_INVALID;
2434 struct btmtk_hci_wmt_evt *wmt_evt;
2435 struct btmtk_hci_wmt_cmd *wc;
2436 struct btmtk_wmt_hdr *hdr;
2439 /* Send the WMT command and wait until the WMT event returns */
2440 hlen = sizeof(*hdr) + wmt_params->dlen;
2444 wc = kzalloc(hlen, GFP_KERNEL);
2450 hdr->op = wmt_params->op;
2451 hdr->dlen = cpu_to_le16(wmt_params->dlen + 1);
2452 hdr->flag = wmt_params->flag;
2453 memcpy(wc->data, wmt_params->data, wmt_params->dlen);
2455 set_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
2457 err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc);
2460 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
2464 /* Submit control IN URB on demand to process the WMT event */
2465 err = btusb_mtk_submit_wmt_recv_urb(hdev);
2469 /* The vendor specific WMT commands are all answered by a vendor
2470 * specific event and will have the Command Status or Command
2471 * Complete as with usual HCI command flow control.
2473 * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT
2474 * state to be cleared. The driver specific event receive routine
2475 * will clear that state and with that indicate completion of the
2478 err = wait_on_bit_timeout(&data->flags, BTUSB_TX_WAIT_VND_EVT,
2479 TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT);
2480 if (err == -EINTR) {
2481 bt_dev_err(hdev, "Execution of wmt command interrupted");
2482 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
2487 bt_dev_err(hdev, "Execution of wmt command timed out");
2488 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
2493 /* Parse and handle the return WMT event */
2494 wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data;
2495 if (wmt_evt->whdr.op != hdr->op) {
2496 bt_dev_err(hdev, "Wrong op received %d expected %d",
2497 wmt_evt->whdr.op, hdr->op);
2502 switch (wmt_evt->whdr.op) {
2503 case BTMTK_WMT_SEMAPHORE:
2504 if (wmt_evt->whdr.flag == 2)
2505 status = BTMTK_WMT_PATCH_UNDONE;
2507 status = BTMTK_WMT_PATCH_DONE;
2509 case BTMTK_WMT_FUNC_CTRL:
2510 wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt;
2511 if (be16_to_cpu(wmt_evt_funcc->status) == 0x404)
2512 status = BTMTK_WMT_ON_DONE;
2513 else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420)
2514 status = BTMTK_WMT_ON_PROGRESS;
2516 status = BTMTK_WMT_ON_UNDONE;
2518 case BTMTK_WMT_PATCH_DWNLD:
2519 if (wmt_evt->whdr.flag == 2)
2520 status = BTMTK_WMT_PATCH_DONE;
2521 else if (wmt_evt->whdr.flag == 1)
2522 status = BTMTK_WMT_PATCH_PROGRESS;
2524 status = BTMTK_WMT_PATCH_UNDONE;
2528 if (wmt_params->status)
2529 *wmt_params->status = status;
2532 kfree_skb(data->evt_skb);
2533 data->evt_skb = NULL;
2539 static int btusb_mtk_func_query(struct hci_dev *hdev)
2541 struct btmtk_hci_wmt_params wmt_params;
2545 /* Query whether the function is enabled */
2546 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
2547 wmt_params.flag = 4;
2548 wmt_params.dlen = sizeof(param);
2549 wmt_params.data = ¶m;
2550 wmt_params.status = &status;
2552 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2554 bt_dev_err(hdev, "Failed to query function status (%d)", err);
2561 static int btusb_mtk_uhw_reg_write(struct btusb_data *data, u32 reg, u32 val)
2563 struct hci_dev *hdev = data->hdev;
2567 buf = kzalloc(4, GFP_KERNEL);
2571 put_unaligned_le32(val, buf);
2573 pipe = usb_sndctrlpipe(data->udev, 0);
2574 err = usb_control_msg(data->udev, pipe, 0x02,
2576 reg >> 16, reg & 0xffff,
2577 buf, 4, USB_CTRL_SET_TIMEOUT);
2579 bt_dev_err(hdev, "Failed to write uhw reg(%d)", err);
2589 static int btusb_mtk_uhw_reg_read(struct btusb_data *data, u32 reg, u32 *val)
2591 struct hci_dev *hdev = data->hdev;
2595 buf = kzalloc(4, GFP_KERNEL);
2599 pipe = usb_rcvctrlpipe(data->udev, 0);
2600 err = usb_control_msg(data->udev, pipe, 0x01,
2602 reg >> 16, reg & 0xffff,
2603 buf, 4, USB_CTRL_SET_TIMEOUT);
2605 bt_dev_err(hdev, "Failed to read uhw reg(%d)", err);
2609 *val = get_unaligned_le32(buf);
2610 bt_dev_dbg(hdev, "reg=%x, value=0x%08x", reg, *val);
2618 static int btusb_mtk_reg_read(struct btusb_data *data, u32 reg, u32 *val)
2620 int pipe, err, size = sizeof(u32);
2623 buf = kzalloc(size, GFP_KERNEL);
2627 pipe = usb_rcvctrlpipe(data->udev, 0);
2628 err = usb_control_msg(data->udev, pipe, 0x63,
2629 USB_TYPE_VENDOR | USB_DIR_IN,
2630 reg >> 16, reg & 0xffff,
2631 buf, size, USB_CTRL_SET_TIMEOUT);
2635 *val = get_unaligned_le32(buf);
2643 static int btusb_mtk_id_get(struct btusb_data *data, u32 reg, u32 *id)
2645 return btusb_mtk_reg_read(data, reg, id);
2648 static int btusb_mtk_setup(struct hci_dev *hdev)
2650 struct btusb_data *data = hci_get_drvdata(hdev);
2651 struct btmtk_hci_wmt_params wmt_params;
2652 ktime_t calltime, delta, rettime;
2653 struct btmtk_tci_sleep tci_sleep;
2654 unsigned long long duration;
2655 struct sk_buff *skb;
2659 char fw_bin_name[64];
2663 calltime = ktime_get();
2665 err = btusb_mtk_id_get(data, 0x80000008, &dev_id);
2667 bt_dev_err(hdev, "Failed to get device id (%d)", err);
2672 err = btusb_mtk_id_get(data, 0x70010200, &dev_id);
2674 bt_dev_err(hdev, "Failed to get device id (%d)", err);
2677 err = btusb_mtk_id_get(data, 0x80021004, &fw_version);
2679 bt_dev_err(hdev, "Failed to get fw version (%d)", err);
2686 fwname = FIRMWARE_MT7663;
2689 fwname = FIRMWARE_MT7668;
2693 snprintf(fw_bin_name, sizeof(fw_bin_name),
2694 "mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
2695 dev_id & 0xffff, (fw_version & 0xff) + 1);
2696 err = btmtk_setup_firmware_79xx(hdev, fw_bin_name,
2697 btusb_mtk_hci_wmt_sync);
2699 bt_dev_err(hdev, "Failed to set up firmware (%d)", err);
2703 /* It's Device EndPoint Reset Option Register */
2704 btusb_mtk_uhw_reg_write(data, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT);
2706 /* Enable Bluetooth protocol */
2708 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
2709 wmt_params.flag = 0;
2710 wmt_params.dlen = sizeof(param);
2711 wmt_params.data = ¶m;
2712 wmt_params.status = NULL;
2714 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2716 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
2720 hci_set_msft_opcode(hdev, 0xFD30);
2721 hci_set_aosp_capable(hdev);
2724 bt_dev_err(hdev, "Unsupported hardware variant (%08x)",
2729 /* Query whether the firmware is already download */
2730 wmt_params.op = BTMTK_WMT_SEMAPHORE;
2731 wmt_params.flag = 1;
2732 wmt_params.dlen = 0;
2733 wmt_params.data = NULL;
2734 wmt_params.status = &status;
2736 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2738 bt_dev_err(hdev, "Failed to query firmware status (%d)", err);
2742 if (status == BTMTK_WMT_PATCH_DONE) {
2743 bt_dev_info(hdev, "firmware already downloaded");
2744 goto ignore_setup_fw;
2747 /* Setup a firmware which the device definitely requires */
2748 err = btmtk_setup_firmware(hdev, fwname,
2749 btusb_mtk_hci_wmt_sync);
2754 err = readx_poll_timeout(btusb_mtk_func_query, hdev, status,
2755 status < 0 || status != BTMTK_WMT_ON_PROGRESS,
2757 /* -ETIMEDOUT happens */
2761 /* The other errors happen in btusb_mtk_func_query */
2765 if (status == BTMTK_WMT_ON_DONE) {
2766 bt_dev_info(hdev, "function already on");
2767 goto ignore_func_on;
2770 /* Enable Bluetooth protocol */
2772 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
2773 wmt_params.flag = 0;
2774 wmt_params.dlen = sizeof(param);
2775 wmt_params.data = ¶m;
2776 wmt_params.status = NULL;
2778 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2780 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
2785 /* Apply the low power environment setup */
2786 tci_sleep.mode = 0x5;
2787 tci_sleep.duration = cpu_to_le16(0x640);
2788 tci_sleep.host_duration = cpu_to_le16(0x640);
2789 tci_sleep.host_wakeup_pin = 0;
2790 tci_sleep.time_compensation = 0;
2792 skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep,
2796 bt_dev_err(hdev, "Failed to apply low power setting (%d)", err);
2802 rettime = ktime_get();
2803 delta = ktime_sub(rettime, calltime);
2804 duration = (unsigned long long)ktime_to_ns(delta) >> 10;
2806 bt_dev_info(hdev, "Device setup in %llu usecs", duration);
2811 static int btusb_mtk_shutdown(struct hci_dev *hdev)
2813 struct btmtk_hci_wmt_params wmt_params;
2817 /* Disable the device */
2818 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
2819 wmt_params.flag = 0;
2820 wmt_params.dlen = sizeof(param);
2821 wmt_params.data = ¶m;
2822 wmt_params.status = NULL;
2824 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2826 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
2833 static void btusb_mtk_cmd_timeout(struct hci_dev *hdev)
2835 struct btusb_data *data = hci_get_drvdata(hdev);
2839 /* It's MediaTek specific bluetooth reset mechanism via USB */
2840 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) {
2841 bt_dev_err(hdev, "last reset failed? Not resetting again");
2845 err = usb_autopm_get_interface(data->intf);
2849 btusb_stop_traffic(data);
2850 usb_kill_anchored_urbs(&data->tx_anchor);
2852 /* It's Device EndPoint Reset Option Register */
2853 bt_dev_dbg(hdev, "Initiating reset mechanism via uhw");
2854 btusb_mtk_uhw_reg_write(data, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT);
2855 btusb_mtk_uhw_reg_read(data, MTK_BT_WDT_STATUS, &val);
2857 /* Reset the bluetooth chip via USB interface. */
2858 btusb_mtk_uhw_reg_write(data, MTK_BT_SUBSYS_RST, 1);
2859 btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT, 0x000000FF);
2860 btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT, &val);
2861 btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT1, 0x000000FF);
2862 btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT1, &val);
2863 /* MT7921 need to delay 20ms between toggle reset bit */
2865 btusb_mtk_uhw_reg_write(data, MTK_BT_SUBSYS_RST, 0);
2866 btusb_mtk_uhw_reg_read(data, MTK_BT_SUBSYS_RST, &val);
2868 /* Poll the register until reset is completed */
2870 btusb_mtk_uhw_reg_read(data, MTK_BT_MISC, &val);
2871 if (val & MTK_BT_RST_DONE) {
2872 bt_dev_dbg(hdev, "Bluetooth Reset Successfully");
2876 bt_dev_dbg(hdev, "Polling Bluetooth Reset CR");
2878 msleep(MTK_BT_RESET_WAIT_MS);
2879 } while (retry < MTK_BT_RESET_NUM_TRIES);
2881 btusb_mtk_id_get(data, 0x70010200, &val);
2883 bt_dev_err(hdev, "Can't get device id, subsys reset fail.");
2885 usb_queue_reset_device(data->intf);
2887 clear_bit(BTUSB_HW_RESET_ACTIVE, &data->flags);
2890 static int btusb_recv_acl_mtk(struct hci_dev *hdev, struct sk_buff *skb)
2892 struct btusb_data *data = hci_get_drvdata(hdev);
2893 u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle);
2896 case 0xfc6f: /* Firmware dump from device */
2897 /* When the firmware hangs, the device can no longer
2898 * suspend and thus disable auto-suspend.
2900 usb_disable_autosuspend(data->udev);
2902 case 0x05ff: /* Firmware debug logging 1 */
2903 case 0x05fe: /* Firmware debug logging 2 */
2904 return hci_recv_diag(hdev, skb);
2907 return hci_recv_frame(hdev, skb);
2911 /* Configure an out-of-band gpio as wake-up pin, if specified in device tree */
2912 static int marvell_config_oob_wake(struct hci_dev *hdev)
2914 struct sk_buff *skb;
2915 struct btusb_data *data = hci_get_drvdata(hdev);
2916 struct device *dev = &data->udev->dev;
2917 u16 pin, gap, opcode;
2921 /* Move on if no wakeup pin specified */
2922 if (of_property_read_u16(dev->of_node, "marvell,wakeup-pin", &pin) ||
2923 of_property_read_u16(dev->of_node, "marvell,wakeup-gap-ms", &gap))
2926 /* Vendor specific command to configure a GPIO as wake-up pin */
2927 opcode = hci_opcode_pack(0x3F, 0x59);
2928 cmd[0] = opcode & 0xFF;
2929 cmd[1] = opcode >> 8;
2930 cmd[2] = 2; /* length of parameters that follow */
2932 cmd[4] = gap; /* time in ms, for which wakeup pin should be asserted */
2934 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
2936 bt_dev_err(hdev, "%s: No memory", __func__);
2940 skb_put_data(skb, cmd, sizeof(cmd));
2941 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
2943 ret = btusb_send_frame(hdev, skb);
2945 bt_dev_err(hdev, "%s: configuration failed", __func__);
2954 static int btusb_set_bdaddr_marvell(struct hci_dev *hdev,
2955 const bdaddr_t *bdaddr)
2957 struct sk_buff *skb;
2962 buf[1] = sizeof(bdaddr_t);
2963 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t));
2965 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT);
2968 bt_dev_err(hdev, "changing Marvell device address failed (%ld)",
2977 static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev,
2978 const bdaddr_t *bdaddr)
2980 struct sk_buff *skb;
2987 buf[3] = sizeof(bdaddr_t);
2988 memcpy(buf + 4, bdaddr, sizeof(bdaddr_t));
2990 skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT);
2993 bt_dev_err(hdev, "Change address command failed (%ld)", ret);
3001 static int btusb_set_bdaddr_wcn6855(struct hci_dev *hdev,
3002 const bdaddr_t *bdaddr)
3004 struct sk_buff *skb;
3008 memcpy(buf, bdaddr, sizeof(bdaddr_t));
3010 skb = __hci_cmd_sync_ev(hdev, 0xfc14, sizeof(buf), buf,
3011 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
3014 bt_dev_err(hdev, "Change address command failed (%ld)", ret);
3022 #define QCA_DFU_PACKET_LEN 4096
3024 #define QCA_GET_TARGET_VERSION 0x09
3025 #define QCA_CHECK_STATUS 0x05
3026 #define QCA_DFU_DOWNLOAD 0x01
3028 #define QCA_SYSCFG_UPDATED 0x40
3029 #define QCA_PATCH_UPDATED 0x80
3030 #define QCA_DFU_TIMEOUT 3000
3031 #define QCA_FLAG_MULTI_NVM 0x80
3032 #define QCA_BT_RESET_WAIT_MS 100
3034 #define WCN6855_2_0_RAM_VERSION_GF 0x400c1200
3035 #define WCN6855_2_1_RAM_VERSION_GF 0x400c1211
3037 struct qca_version {
3039 __le32 patch_version;
3047 struct qca_rampatch_version {
3048 __le16 rom_version_high;
3049 __le16 rom_version_low;
3050 __le16 patch_version;
3053 struct qca_device_info {
3055 u8 rampatch_hdr; /* length of header in rampatch */
3056 u8 nvm_hdr; /* length of header in NVM */
3057 u8 ver_offset; /* offset of version structure in rampatch */
3060 static const struct qca_device_info qca_devices_table[] = {
3061 { 0x00000100, 20, 4, 8 }, /* Rome 1.0 */
3062 { 0x00000101, 20, 4, 8 }, /* Rome 1.1 */
3063 { 0x00000200, 28, 4, 16 }, /* Rome 2.0 */
3064 { 0x00000201, 28, 4, 16 }, /* Rome 2.1 */
3065 { 0x00000300, 28, 4, 16 }, /* Rome 3.0 */
3066 { 0x00000302, 28, 4, 16 }, /* Rome 3.2 */
3067 { 0x00130100, 40, 4, 16 }, /* WCN6855 1.0 */
3068 { 0x00130200, 40, 4, 16 }, /* WCN6855 2.0 */
3069 { 0x00130201, 40, 4, 16 }, /* WCN6855 2.1 */
3070 { 0x00190200, 40, 4, 16 }, /* WCN785x 2.0 */
3073 static int btusb_qca_send_vendor_req(struct usb_device *udev, u8 request,
3074 void *data, u16 size)
3079 buf = kmalloc(size, GFP_KERNEL);
3083 /* Found some of USB hosts have IOT issues with ours so that we should
3084 * not wait until HCI layer is ready.
3086 pipe = usb_rcvctrlpipe(udev, 0);
3087 err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN,
3088 0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
3090 dev_err(&udev->dev, "Failed to access otp area (%d)", err);
3094 memcpy(data, buf, size);
3102 static int btusb_setup_qca_download_fw(struct hci_dev *hdev,
3103 const struct firmware *firmware,
3106 struct btusb_data *btdata = hci_get_drvdata(hdev);
3107 struct usb_device *udev = btdata->udev;
3108 size_t count, size, sent = 0;
3112 buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL);
3116 count = firmware->size;
3118 size = min_t(size_t, count, hdr_size);
3119 memcpy(buf, firmware->data, size);
3121 /* USB patches should go down to controller through USB path
3122 * because binary format fits to go down through USB channel.
3123 * USB control path is for patching headers and USB bulk is for
3126 pipe = usb_sndctrlpipe(udev, 0);
3127 err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR,
3128 0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
3130 bt_dev_err(hdev, "Failed to send headers (%d)", err);
3137 /* ep2 need time to switch from function acl to function dfu,
3138 * so we add 20ms delay here.
3143 size = min_t(size_t, count, QCA_DFU_PACKET_LEN);
3145 memcpy(buf, firmware->data + sent, size);
3147 pipe = usb_sndbulkpipe(udev, 0x02);
3148 err = usb_bulk_msg(udev, pipe, buf, size, &len,
3151 bt_dev_err(hdev, "Failed to send body at %zd of %zd (%d)",
3152 sent, firmware->size, err);
3157 bt_dev_err(hdev, "Failed to get bulk buffer");
3171 static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev,
3172 struct qca_version *ver,
3173 const struct qca_device_info *info)
3175 struct qca_rampatch_version *rver;
3176 const struct firmware *fw;
3177 u32 ver_rom, ver_patch, rver_rom;
3178 u16 rver_rom_low, rver_rom_high, rver_patch;
3182 ver_rom = le32_to_cpu(ver->rom_version);
3183 ver_patch = le32_to_cpu(ver->patch_version);
3185 snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", ver_rom);
3187 err = request_firmware(&fw, fwname, &hdev->dev);
3189 bt_dev_err(hdev, "failed to request rampatch file: %s (%d)",
3194 bt_dev_info(hdev, "using rampatch file: %s", fwname);
3196 rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset);
3197 rver_rom_low = le16_to_cpu(rver->rom_version_low);
3198 rver_patch = le16_to_cpu(rver->patch_version);
3200 if (ver_rom & ~0xffffU) {
3201 rver_rom_high = le16_to_cpu(rver->rom_version_high);
3202 rver_rom = le32_to_cpu(rver_rom_high << 16 | rver_rom_low);
3204 rver_rom = rver_rom_low;
3207 bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, "
3208 "firmware rome 0x%x build 0x%x",
3209 rver_rom, rver_patch, ver_rom, ver_patch);
3211 if (rver_rom != ver_rom || rver_patch <= ver_patch) {
3212 bt_dev_err(hdev, "rampatch file version did not match with firmware");
3217 err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr);
3220 release_firmware(fw);
3225 static void btusb_generate_qca_nvm_name(char *fwname, size_t max_size,
3226 const struct qca_version *ver)
3228 u32 rom_version = le32_to_cpu(ver->rom_version);
3229 u16 flag = le16_to_cpu(ver->flag);
3231 if (((flag >> 8) & 0xff) == QCA_FLAG_MULTI_NVM) {
3232 /* The board_id should be split into two bytes
3233 * The 1st byte is chip ID, and the 2nd byte is platform ID
3234 * For example, board ID 0x010A, 0x01 is platform ID. 0x0A is chip ID
3235 * we have several platforms, and platform IDs are continuously added
3237 * 0x00 is for Mobile
3239 * 0x02 is for Automotive
3240 * 0x03 is for Consumer electronic
3242 u16 board_id = (ver->chip_id << 8) + ver->platform_id;
3243 const char *variant;
3245 switch (le32_to_cpu(ver->ram_version)) {
3246 case WCN6855_2_0_RAM_VERSION_GF:
3247 case WCN6855_2_1_RAM_VERSION_GF:
3255 if (board_id == 0) {
3256 snprintf(fwname, max_size, "qca/nvm_usb_%08x%s.bin",
3257 rom_version, variant);
3259 snprintf(fwname, max_size, "qca/nvm_usb_%08x%s_%04x.bin",
3260 rom_version, variant, board_id);
3263 snprintf(fwname, max_size, "qca/nvm_usb_%08x.bin",
3269 static int btusb_setup_qca_load_nvm(struct hci_dev *hdev,
3270 struct qca_version *ver,
3271 const struct qca_device_info *info)
3273 const struct firmware *fw;
3277 btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver);
3279 err = request_firmware(&fw, fwname, &hdev->dev);
3281 bt_dev_err(hdev, "failed to request NVM file: %s (%d)",
3286 bt_dev_info(hdev, "using NVM file: %s", fwname);
3288 err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr);
3290 release_firmware(fw);
3295 /* identify the ROM version and check whether patches are needed */
3296 static bool btusb_qca_need_patch(struct usb_device *udev)
3298 struct qca_version ver;
3300 if (btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
3303 /* only low ROM versions need patches */
3304 return !(le32_to_cpu(ver.rom_version) & ~0xffffU);
3307 static int btusb_setup_qca(struct hci_dev *hdev)
3309 struct btusb_data *btdata = hci_get_drvdata(hdev);
3310 struct usb_device *udev = btdata->udev;
3311 const struct qca_device_info *info = NULL;
3312 struct qca_version ver;
3317 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
3322 ver_rom = le32_to_cpu(ver.rom_version);
3324 for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) {
3325 if (ver_rom == qca_devices_table[i].rom_version)
3326 info = &qca_devices_table[i];
3329 /* If the rom_version is not matched in the qca_devices_table
3330 * and the high ROM version is not zero, we assume this chip no
3331 * need to load the rampatch and nvm.
3333 if (ver_rom & ~0xffffU)
3336 bt_dev_err(hdev, "don't support firmware rome 0x%x", ver_rom);
3340 err = btusb_qca_send_vendor_req(udev, QCA_CHECK_STATUS, &status,
3345 if (!(status & QCA_PATCH_UPDATED)) {
3346 err = btusb_setup_qca_load_rampatch(hdev, &ver, info);
3351 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
3356 if (!(status & QCA_SYSCFG_UPDATED)) {
3357 err = btusb_setup_qca_load_nvm(hdev, &ver, info);
3361 /* WCN6855 2.1 and later will reset to apply firmware downloaded here, so
3362 * wait ~100ms for reset Done then go ahead, otherwise, it maybe
3363 * cause potential enable failure.
3365 if (info->rom_version >= 0x00130201)
3366 msleep(QCA_BT_RESET_WAIT_MS);
3369 /* Mark HCI_OP_ENHANCED_SETUP_SYNC_CONN as broken as it doesn't seem to
3370 * work with the likes of HSP/HFP mSBC.
3372 set_bit(HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN, &hdev->quirks);
3373 set_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks);
3378 static inline int __set_diag_interface(struct hci_dev *hdev)
3380 struct btusb_data *data = hci_get_drvdata(hdev);
3381 struct usb_interface *intf = data->diag;
3387 data->diag_tx_ep = NULL;
3388 data->diag_rx_ep = NULL;
3390 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
3391 struct usb_endpoint_descriptor *ep_desc;
3393 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
3395 if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
3396 data->diag_tx_ep = ep_desc;
3400 if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
3401 data->diag_rx_ep = ep_desc;
3406 if (!data->diag_tx_ep || !data->diag_rx_ep) {
3407 bt_dev_err(hdev, "invalid diagnostic descriptors");
3414 static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable)
3416 struct btusb_data *data = hci_get_drvdata(hdev);
3417 struct sk_buff *skb;
3421 if (!data->diag_tx_ep)
3422 return ERR_PTR(-ENODEV);
3424 urb = usb_alloc_urb(0, GFP_KERNEL);
3426 return ERR_PTR(-ENOMEM);
3428 skb = bt_skb_alloc(2, GFP_KERNEL);
3431 return ERR_PTR(-ENOMEM);
3434 skb_put_u8(skb, 0xf0);
3435 skb_put_u8(skb, enable);
3437 pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress);
3439 usb_fill_bulk_urb(urb, data->udev, pipe,
3440 skb->data, skb->len, btusb_tx_complete, skb);
3442 skb->dev = (void *)hdev;
3447 static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable)
3449 struct btusb_data *data = hci_get_drvdata(hdev);
3455 if (!test_bit(HCI_RUNNING, &hdev->flags))
3458 urb = alloc_diag_urb(hdev, enable);
3460 return PTR_ERR(urb);
3462 return submit_or_queue_tx_urb(hdev, urb);
3466 static irqreturn_t btusb_oob_wake_handler(int irq, void *priv)
3468 struct btusb_data *data = priv;
3470 pm_wakeup_event(&data->udev->dev, 0);
3473 /* Disable only if not already disabled (keep it balanced) */
3474 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) {
3475 disable_irq_nosync(irq);
3476 disable_irq_wake(irq);
3481 static const struct of_device_id btusb_match_table[] = {
3482 { .compatible = "usb1286,204e" },
3483 { .compatible = "usbcf3,e300" }, /* QCA6174A */
3484 { .compatible = "usb4ca,301a" }, /* QCA6174A (Lite-On) */
3487 MODULE_DEVICE_TABLE(of, btusb_match_table);
3489 /* Use an oob wakeup pin? */
3490 static int btusb_config_oob_wake(struct hci_dev *hdev)
3492 struct btusb_data *data = hci_get_drvdata(hdev);
3493 struct device *dev = &data->udev->dev;
3496 clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags);
3498 if (!of_match_device(btusb_match_table, dev))
3501 /* Move on if no IRQ specified */
3502 irq = of_irq_get_byname(dev->of_node, "wakeup");
3504 bt_dev_dbg(hdev, "%s: no OOB Wakeup IRQ in DT", __func__);
3508 irq_set_status_flags(irq, IRQ_NOAUTOEN);
3509 ret = devm_request_irq(&hdev->dev, irq, btusb_oob_wake_handler,
3510 0, "OOB Wake-on-BT", data);
3512 bt_dev_err(hdev, "%s: IRQ request failed", __func__);
3516 ret = device_init_wakeup(dev, true);
3518 bt_dev_err(hdev, "%s: failed to init_wakeup", __func__);
3522 data->oob_wake_irq = irq;
3523 bt_dev_info(hdev, "OOB Wake-on-BT configured at IRQ %u", irq);
3528 static void btusb_check_needs_reset_resume(struct usb_interface *intf)
3530 if (dmi_check_system(btusb_needs_reset_resume_table))
3531 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME;
3534 static bool btusb_wakeup(struct hci_dev *hdev)
3536 struct btusb_data *data = hci_get_drvdata(hdev);
3538 return device_may_wakeup(&data->udev->dev);
3541 static int btusb_shutdown_qca(struct hci_dev *hdev)
3543 struct sk_buff *skb;
3545 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
3547 bt_dev_err(hdev, "HCI reset during shutdown failed");
3548 return PTR_ERR(skb);
3555 static ssize_t force_poll_sync_read(struct file *file, char __user *user_buf,
3556 size_t count, loff_t *ppos)
3558 struct btusb_data *data = file->private_data;
3561 buf[0] = data->poll_sync ? 'Y' : 'N';
3564 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
3567 static ssize_t force_poll_sync_write(struct file *file,
3568 const char __user *user_buf,
3569 size_t count, loff_t *ppos)
3571 struct btusb_data *data = file->private_data;
3575 err = kstrtobool_from_user(user_buf, count, &enable);
3579 /* Only allow changes while the adapter is down */
3580 if (test_bit(HCI_UP, &data->hdev->flags))
3583 if (data->poll_sync == enable)
3586 data->poll_sync = enable;
3591 static const struct file_operations force_poll_sync_fops = {
3592 .open = simple_open,
3593 .read = force_poll_sync_read,
3594 .write = force_poll_sync_write,
3595 .llseek = default_llseek,
3598 static int btusb_probe(struct usb_interface *intf,
3599 const struct usb_device_id *id)
3601 struct usb_endpoint_descriptor *ep_desc;
3602 struct gpio_desc *reset_gpio;
3603 struct btusb_data *data;
3604 struct hci_dev *hdev;
3605 unsigned ifnum_base;
3606 int i, err, priv_size;
3608 BT_DBG("intf %p id %p", intf, id);
3610 /* interface numbers are hardcoded in the spec */
3611 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) {
3612 if (!(id->driver_info & BTUSB_IFNUM_2))
3614 if (intf->cur_altsetting->desc.bInterfaceNumber != 2)
3618 ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber;
3620 if (!id->driver_info) {
3621 const struct usb_device_id *match;
3623 match = usb_match_id(intf, blacklist_table);
3628 if (id->driver_info == BTUSB_IGNORE)
3631 if (id->driver_info & BTUSB_ATH3012) {
3632 struct usb_device *udev = interface_to_usbdev(intf);
3634 /* Old firmware would otherwise let ath3k driver load
3635 * patch and sysconfig files
3637 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001 &&
3638 !btusb_qca_need_patch(udev))
3642 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
3646 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
3647 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
3649 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
3650 data->intr_ep = ep_desc;
3654 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
3655 data->bulk_tx_ep = ep_desc;
3659 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
3660 data->bulk_rx_ep = ep_desc;
3665 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
3668 if (id->driver_info & BTUSB_AMP) {
3669 data->cmdreq_type = USB_TYPE_CLASS | 0x01;
3670 data->cmdreq = 0x2b;
3672 data->cmdreq_type = USB_TYPE_CLASS;
3673 data->cmdreq = 0x00;
3676 data->udev = interface_to_usbdev(intf);
3679 INIT_WORK(&data->work, btusb_work);
3680 INIT_WORK(&data->waker, btusb_waker);
3681 INIT_DELAYED_WORK(&data->rx_work, btusb_rx_work);
3683 skb_queue_head_init(&data->acl_q);
3685 init_usb_anchor(&data->deferred);
3686 init_usb_anchor(&data->tx_anchor);
3687 spin_lock_init(&data->txlock);
3689 init_usb_anchor(&data->intr_anchor);
3690 init_usb_anchor(&data->bulk_anchor);
3691 init_usb_anchor(&data->isoc_anchor);
3692 init_usb_anchor(&data->diag_anchor);
3693 init_usb_anchor(&data->ctrl_anchor);
3694 spin_lock_init(&data->rxlock);
3698 data->recv_event = hci_recv_frame;
3699 data->recv_bulk = btusb_recv_bulk;
3701 if (id->driver_info & BTUSB_INTEL_COMBINED) {
3702 /* Allocate extra space for Intel device */
3703 priv_size += sizeof(struct btintel_data);
3705 /* Override the rx handlers */
3706 data->recv_event = btusb_recv_event_intel;
3707 data->recv_bulk = btusb_recv_bulk_intel;
3710 data->recv_acl = hci_recv_frame;
3712 hdev = hci_alloc_dev_priv(priv_size);
3716 hdev->bus = HCI_USB;
3717 hci_set_drvdata(hdev, data);
3719 if (id->driver_info & BTUSB_AMP)
3720 hdev->dev_type = HCI_AMP;
3722 hdev->dev_type = HCI_PRIMARY;
3726 SET_HCIDEV_DEV(hdev, &intf->dev);
3728 reset_gpio = gpiod_get_optional(&data->udev->dev, "reset",
3730 if (IS_ERR(reset_gpio)) {
3731 err = PTR_ERR(reset_gpio);
3733 } else if (reset_gpio) {
3734 data->reset_gpio = reset_gpio;
3737 hdev->open = btusb_open;
3738 hdev->close = btusb_close;
3739 hdev->flush = btusb_flush;
3740 hdev->send = btusb_send_frame;
3741 hdev->notify = btusb_notify;
3742 hdev->wakeup = btusb_wakeup;
3745 err = btusb_config_oob_wake(hdev);
3749 /* Marvell devices may need a specific chip configuration */
3750 if (id->driver_info & BTUSB_MARVELL && data->oob_wake_irq) {
3751 err = marvell_config_oob_wake(hdev);
3756 if (id->driver_info & BTUSB_CW6622)
3757 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
3759 if (id->driver_info & BTUSB_BCM2045)
3760 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
3762 if (id->driver_info & BTUSB_BCM92035)
3763 hdev->setup = btusb_setup_bcm92035;
3765 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) &&
3766 (id->driver_info & BTUSB_BCM_PATCHRAM)) {
3767 hdev->manufacturer = 15;
3768 hdev->setup = btbcm_setup_patchram;
3769 hdev->set_diag = btusb_bcm_set_diag;
3770 hdev->set_bdaddr = btbcm_set_bdaddr;
3772 /* Broadcom LM_DIAG Interface numbers are hardcoded */
3773 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
3776 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) &&
3777 (id->driver_info & BTUSB_BCM_APPLE)) {
3778 hdev->manufacturer = 15;
3779 hdev->setup = btbcm_setup_apple;
3780 hdev->set_diag = btusb_bcm_set_diag;
3782 /* Broadcom LM_DIAG Interface numbers are hardcoded */
3783 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
3786 /* Combined Intel Device setup to support multiple setup routine */
3787 if (id->driver_info & BTUSB_INTEL_COMBINED) {
3788 err = btintel_configure_setup(hdev);
3792 /* Transport specific configuration */
3793 hdev->send = btusb_send_frame_intel;
3794 hdev->cmd_timeout = btusb_intel_cmd_timeout;
3796 if (id->driver_info & BTUSB_INTEL_NO_WBS_SUPPORT)
3797 btintel_set_flag(hdev, INTEL_ROM_LEGACY_NO_WBS_SUPPORT);
3799 if (id->driver_info & BTUSB_INTEL_BROKEN_INITIAL_NCMD)
3800 btintel_set_flag(hdev, INTEL_BROKEN_INITIAL_NCMD);
3802 if (id->driver_info & BTUSB_INTEL_BROKEN_SHUTDOWN_LED)
3803 btintel_set_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED);
3806 if (id->driver_info & BTUSB_MARVELL)
3807 hdev->set_bdaddr = btusb_set_bdaddr_marvell;
3809 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK) &&
3810 (id->driver_info & BTUSB_MEDIATEK)) {
3811 hdev->setup = btusb_mtk_setup;
3812 hdev->shutdown = btusb_mtk_shutdown;
3813 hdev->manufacturer = 70;
3814 hdev->cmd_timeout = btusb_mtk_cmd_timeout;
3815 hdev->set_bdaddr = btmtk_set_bdaddr;
3816 set_bit(HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN, &hdev->quirks);
3817 set_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks);
3818 data->recv_acl = btusb_recv_acl_mtk;
3821 if (id->driver_info & BTUSB_SWAVE) {
3822 set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks);
3823 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks);
3826 if (id->driver_info & BTUSB_INTEL_BOOT) {
3827 hdev->manufacturer = 2;
3828 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
3831 if (id->driver_info & BTUSB_ATH3012) {
3832 data->setup_on_usb = btusb_setup_qca;
3833 hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
3834 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3835 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
3838 if (id->driver_info & BTUSB_QCA_ROME) {
3839 data->setup_on_usb = btusb_setup_qca;
3840 hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
3841 hdev->cmd_timeout = btusb_qca_cmd_timeout;
3842 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3843 btusb_check_needs_reset_resume(intf);
3846 if (id->driver_info & BTUSB_QCA_WCN6855) {
3847 data->setup_on_usb = btusb_setup_qca;
3848 hdev->shutdown = btusb_shutdown_qca;
3849 hdev->set_bdaddr = btusb_set_bdaddr_wcn6855;
3850 hdev->cmd_timeout = btusb_qca_cmd_timeout;
3851 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3852 hci_set_msft_opcode(hdev, 0xFD70);
3855 if (id->driver_info & BTUSB_AMP) {
3856 /* AMP controllers do not support SCO packets */
3859 /* Interface orders are hardcoded in the specification */
3860 data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1);
3861 data->isoc_ifnum = ifnum_base + 1;
3864 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_RTL) &&
3865 (id->driver_info & BTUSB_REALTEK)) {
3866 hdev->setup = btrtl_setup_realtek;
3867 hdev->shutdown = btrtl_shutdown_realtek;
3868 hdev->cmd_timeout = btusb_rtl_cmd_timeout;
3870 /* Realtek devices need to set remote wakeup on auto-suspend */
3871 set_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags);
3872 set_bit(BTUSB_USE_ALT3_FOR_WBS, &data->flags);
3876 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3878 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
3879 if (!disable_scofix)
3880 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
3883 if (id->driver_info & BTUSB_BROKEN_ISOC)
3886 if (id->driver_info & BTUSB_WIDEBAND_SPEECH)
3887 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
3889 if (id->driver_info & BTUSB_VALID_LE_STATES)
3890 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
3892 if (id->driver_info & BTUSB_DIGIANSWER) {
3893 data->cmdreq_type = USB_TYPE_VENDOR;
3894 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3897 if (id->driver_info & BTUSB_CSR) {
3898 struct usb_device *udev = data->udev;
3899 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice);
3901 /* Old firmware would otherwise execute USB reset */
3902 if (bcdDevice < 0x117)
3903 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3905 /* This must be set first in case we disable it for fakes */
3906 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3908 /* Fake CSR devices with broken commands */
3909 if (le16_to_cpu(udev->descriptor.idVendor) == 0x0a12 &&
3910 le16_to_cpu(udev->descriptor.idProduct) == 0x0001)
3911 hdev->setup = btusb_setup_csr;
3914 if (id->driver_info & BTUSB_SNIFFER) {
3915 struct usb_device *udev = data->udev;
3917 /* New sniffer firmware has crippled HCI interface */
3918 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
3919 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
3922 if (id->driver_info & BTUSB_INTEL_BOOT) {
3923 /* A bug in the bootloader causes that interrupt interface is
3924 * only enabled after receiving SetInterface(0, AltSetting=0).
3926 err = usb_set_interface(data->udev, 0, 0);
3928 BT_ERR("failed to set interface 0, alt 0 %d", err);
3934 err = usb_driver_claim_interface(&btusb_driver,
3940 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && data->diag) {
3941 if (!usb_driver_claim_interface(&btusb_driver,
3943 __set_diag_interface(hdev);
3948 if (enable_autosuspend)
3949 usb_enable_autosuspend(data->udev);
3951 err = hci_register_dev(hdev);
3955 usb_set_intfdata(intf, data);
3957 debugfs_create_file("force_poll_sync", 0644, hdev->debugfs, data,
3958 &force_poll_sync_fops);
3963 if (data->reset_gpio)
3964 gpiod_put(data->reset_gpio);
3969 static void btusb_disconnect(struct usb_interface *intf)
3971 struct btusb_data *data = usb_get_intfdata(intf);
3972 struct hci_dev *hdev;
3974 BT_DBG("intf %p", intf);
3980 usb_set_intfdata(data->intf, NULL);
3983 usb_set_intfdata(data->isoc, NULL);
3986 usb_set_intfdata(data->diag, NULL);
3988 hci_unregister_dev(hdev);
3990 if (intf == data->intf) {
3992 usb_driver_release_interface(&btusb_driver, data->isoc);
3994 usb_driver_release_interface(&btusb_driver, data->diag);
3995 } else if (intf == data->isoc) {
3997 usb_driver_release_interface(&btusb_driver, data->diag);
3998 usb_driver_release_interface(&btusb_driver, data->intf);
3999 } else if (intf == data->diag) {
4000 usb_driver_release_interface(&btusb_driver, data->intf);
4002 usb_driver_release_interface(&btusb_driver, data->isoc);
4005 if (data->oob_wake_irq)
4006 device_init_wakeup(&data->udev->dev, false);
4008 if (data->reset_gpio)
4009 gpiod_put(data->reset_gpio);
4015 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
4017 struct btusb_data *data = usb_get_intfdata(intf);
4019 BT_DBG("intf %p", intf);
4021 if (data->suspend_count++)
4024 spin_lock_irq(&data->txlock);
4025 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
4026 set_bit(BTUSB_SUSPENDING, &data->flags);
4027 spin_unlock_irq(&data->txlock);
4029 spin_unlock_irq(&data->txlock);
4030 data->suspend_count--;
4034 cancel_work_sync(&data->work);
4036 btusb_stop_traffic(data);
4037 usb_kill_anchored_urbs(&data->tx_anchor);
4039 if (data->oob_wake_irq && device_may_wakeup(&data->udev->dev)) {
4040 set_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags);
4041 enable_irq_wake(data->oob_wake_irq);
4042 enable_irq(data->oob_wake_irq);
4045 /* For global suspend, Realtek devices lose the loaded fw
4046 * in them. But for autosuspend, firmware should remain.
4047 * Actually, it depends on whether the usb host sends
4048 * set feature (enable wakeup) or not.
4050 if (test_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags)) {
4051 if (PMSG_IS_AUTO(message) &&
4052 device_can_wakeup(&data->udev->dev))
4053 data->udev->do_remote_wakeup = 1;
4054 else if (!PMSG_IS_AUTO(message) &&
4055 !device_may_wakeup(&data->udev->dev)) {
4056 data->udev->do_remote_wakeup = 0;
4057 data->udev->reset_resume = 1;
4064 static void play_deferred(struct btusb_data *data)
4069 while ((urb = usb_get_from_anchor(&data->deferred))) {
4070 usb_anchor_urb(urb, &data->tx_anchor);
4072 err = usb_submit_urb(urb, GFP_ATOMIC);
4074 if (err != -EPERM && err != -ENODEV)
4075 BT_ERR("%s urb %p submission failed (%d)",
4076 data->hdev->name, urb, -err);
4077 kfree(urb->setup_packet);
4078 usb_unanchor_urb(urb);
4083 data->tx_in_flight++;
4087 /* Cleanup the rest deferred urbs. */
4088 while ((urb = usb_get_from_anchor(&data->deferred))) {
4089 kfree(urb->setup_packet);
4094 static int btusb_resume(struct usb_interface *intf)
4096 struct btusb_data *data = usb_get_intfdata(intf);
4097 struct hci_dev *hdev = data->hdev;
4100 BT_DBG("intf %p", intf);
4102 if (--data->suspend_count)
4105 /* Disable only if not already disabled (keep it balanced) */
4106 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) {
4107 disable_irq(data->oob_wake_irq);
4108 disable_irq_wake(data->oob_wake_irq);
4111 if (!test_bit(HCI_RUNNING, &hdev->flags))
4114 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
4115 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
4117 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
4122 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
4123 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
4125 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
4129 btusb_submit_bulk_urb(hdev, GFP_NOIO);
4132 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
4133 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
4134 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
4136 btusb_submit_isoc_urb(hdev, GFP_NOIO);
4139 spin_lock_irq(&data->txlock);
4140 play_deferred(data);
4141 clear_bit(BTUSB_SUSPENDING, &data->flags);
4142 spin_unlock_irq(&data->txlock);
4143 schedule_work(&data->work);
4148 usb_scuttle_anchored_urbs(&data->deferred);
4150 spin_lock_irq(&data->txlock);
4151 clear_bit(BTUSB_SUSPENDING, &data->flags);
4152 spin_unlock_irq(&data->txlock);
4158 static struct usb_driver btusb_driver = {
4160 .probe = btusb_probe,
4161 .disconnect = btusb_disconnect,
4163 .suspend = btusb_suspend,
4164 .resume = btusb_resume,
4166 .id_table = btusb_table,
4167 .supports_autosuspend = 1,
4168 .disable_hub_initiated_lpm = 1,
4171 module_usb_driver(btusb_driver);
4173 module_param(disable_scofix, bool, 0644);
4174 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
4176 module_param(force_scofix, bool, 0644);
4177 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
4179 module_param(enable_autosuspend, bool, 0644);
4180 MODULE_PARM_DESC(enable_autosuspend, "Enable USB autosuspend by default");
4182 module_param(reset, bool, 0644);
4183 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
4185 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4186 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
4187 MODULE_VERSION(VERSION);
4188 MODULE_LICENSE("GPL");
projects / linux-2.6-microblaze.git / blob