Merge rsync://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
[linux-2.6] / drivers / bluetooth / hci_usb.c
1 /* 
2    HCI USB driver for Linux Bluetooth protocol stack (BlueZ)
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
5
6    Copyright (C) 2003 Maxim Krasnyansky <maxk@qualcomm.com>
7
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License version 2 as
10    published by the Free Software Foundation;
11
12    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
17    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
18    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
19    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
21    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
22    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
23    SOFTWARE IS DISCLAIMED.
24 */
25
26 /*
27  * Bluetooth HCI USB driver.
28  * Based on original USB Bluetooth driver for Linux kernel
29  *    Copyright (c) 2000 Greg Kroah-Hartman        <greg@kroah.com>
30  *    Copyright (c) 2000 Mark Douglas Corner       <mcorner@umich.edu>
31  *
32  */
33
34 #include <linux/module.h>
35
36 #include <linux/kernel.h>
37 #include <linux/init.h>
38 #include <linux/sched.h>
39 #include <linux/unistd.h>
40 #include <linux/types.h>
41 #include <linux/interrupt.h>
42 #include <linux/moduleparam.h>
43
44 #include <linux/slab.h>
45 #include <linux/errno.h>
46 #include <linux/string.h>
47 #include <linux/skbuff.h>
48
49 #include <linux/usb.h>
50
51 #include <net/bluetooth/bluetooth.h>
52 #include <net/bluetooth/hci_core.h>
53
54 #include "hci_usb.h"
55
56 #ifndef CONFIG_BT_HCIUSB_DEBUG
57 #undef  BT_DBG
58 #define BT_DBG(D...)
59 #endif
60
61 #ifndef CONFIG_BT_HCIUSB_ZERO_PACKET
62 #undef  URB_ZERO_PACKET
63 #define URB_ZERO_PACKET 0
64 #endif
65
66 static int ignore = 0;
67 static int ignore_dga = 0;
68 static int ignore_csr = 0;
69 static int ignore_sniffer = 0;
70 static int reset = 0;
71
72 #ifdef CONFIG_BT_HCIUSB_SCO
73 static int isoc = 2;
74 #endif
75
76 #define VERSION "2.9"
77
78 static struct usb_driver hci_usb_driver; 
79
80 static struct usb_device_id bluetooth_ids[] = {
81         /* Generic Bluetooth USB device */
82         { USB_DEVICE_INFO(HCI_DEV_CLASS, HCI_DEV_SUBCLASS, HCI_DEV_PROTOCOL) },
83
84         /* AVM BlueFRITZ! USB v2.0 */
85         { USB_DEVICE(0x057c, 0x3800) },
86
87         /* Bluetooth Ultraport Module from IBM */
88         { USB_DEVICE(0x04bf, 0x030a) },
89
90         /* ALPS Modules with non-standard id */
91         { USB_DEVICE(0x044e, 0x3001) },
92         { USB_DEVICE(0x044e, 0x3002) },
93
94         /* Ericsson with non-standard id */
95         { USB_DEVICE(0x0bdb, 0x1002) },
96
97         { }     /* Terminating entry */
98 };
99
100 MODULE_DEVICE_TABLE (usb, bluetooth_ids);
101
102 static struct usb_device_id blacklist_ids[] = {
103         /* CSR BlueCore devices */
104         { USB_DEVICE(0x0a12, 0x0001), .driver_info = HCI_CSR },
105
106         /* Broadcom BCM2033 without firmware */
107         { USB_DEVICE(0x0a5c, 0x2033), .driver_info = HCI_IGNORE },
108
109         /* Broadcom BCM2035 */
110         { USB_DEVICE(0x0a5c, 0x200a), .driver_info = HCI_RESET | HCI_BROKEN_ISOC },
111         { USB_DEVICE(0x0a5c, 0x2009), .driver_info = HCI_BCM92035 },
112
113         /* Microsoft Wireless Transceiver for Bluetooth 2.0 */
114         { USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET },
115
116         /* Kensington Bluetooth USB adapter */
117         { USB_DEVICE(0x047d, 0x105d), .driver_info = HCI_RESET },
118
119         /* ISSC Bluetooth Adapter v3.1 */
120         { USB_DEVICE(0x1131, 0x1001), .driver_info = HCI_RESET },
121
122         /* RTX Telecom based adapter with buggy SCO support */
123         { USB_DEVICE(0x0400, 0x0807), .driver_info = HCI_BROKEN_ISOC },
124
125         /* Digianswer devices */
126         { USB_DEVICE(0x08fd, 0x0001), .driver_info = HCI_DIGIANSWER },
127         { USB_DEVICE(0x08fd, 0x0002), .driver_info = HCI_IGNORE },
128
129         /* CSR BlueCore Bluetooth Sniffer */
130         { USB_DEVICE(0x0a12, 0x0002), .driver_info = HCI_SNIFFER },
131
132         { }     /* Terminating entry */
133 };
134
135 static struct _urb *_urb_alloc(int isoc, gfp_t gfp)
136 {
137         struct _urb *_urb = kmalloc(sizeof(struct _urb) +
138                                 sizeof(struct usb_iso_packet_descriptor) * isoc, gfp);
139         if (_urb) {
140                 memset(_urb, 0, sizeof(*_urb));
141                 usb_init_urb(&_urb->urb);
142         }
143         return _urb;
144 }
145
146 static struct _urb *_urb_dequeue(struct _urb_queue *q)
147 {
148         struct _urb *_urb = NULL;
149         unsigned long flags;
150         spin_lock_irqsave(&q->lock, flags);
151         {
152                 struct list_head *head = &q->head;
153                 struct list_head *next = head->next;
154                 if (next != head) {
155                         _urb = list_entry(next, struct _urb, list);
156                         list_del(next); _urb->queue = NULL;
157                 }
158         }
159         spin_unlock_irqrestore(&q->lock, flags);
160         return _urb;
161 }
162
163 static void hci_usb_rx_complete(struct urb *urb, struct pt_regs *regs);
164 static void hci_usb_tx_complete(struct urb *urb, struct pt_regs *regs);
165
166 #define __pending_tx(husb, type)  (&husb->pending_tx[type-1])
167 #define __pending_q(husb, type)   (&husb->pending_q[type-1])
168 #define __completed_q(husb, type) (&husb->completed_q[type-1])
169 #define __transmit_q(husb, type)  (&husb->transmit_q[type-1])
170 #define __reassembly(husb, type)  (husb->reassembly[type-1])
171
172 static inline struct _urb *__get_completed(struct hci_usb *husb, int type)
173 {
174         return _urb_dequeue(__completed_q(husb, type)); 
175 }
176
177 #ifdef CONFIG_BT_HCIUSB_SCO
178 static void __fill_isoc_desc(struct urb *urb, int len, int mtu)
179 {
180         int offset = 0, i;
181
182         BT_DBG("len %d mtu %d", len, mtu);
183
184         for (i=0; i < HCI_MAX_ISOC_FRAMES && len >= mtu; i++, offset += mtu, len -= mtu) {
185                 urb->iso_frame_desc[i].offset = offset;
186                 urb->iso_frame_desc[i].length = mtu;
187                 BT_DBG("desc %d offset %d len %d", i, offset, mtu);
188         }
189         if (len && i < HCI_MAX_ISOC_FRAMES) {
190                 urb->iso_frame_desc[i].offset = offset;
191                 urb->iso_frame_desc[i].length = len;
192                 BT_DBG("desc %d offset %d len %d", i, offset, len);
193                 i++;
194         }
195         urb->number_of_packets = i;
196 }
197 #endif
198
199 static int hci_usb_intr_rx_submit(struct hci_usb *husb)
200 {
201         struct _urb *_urb;
202         struct urb *urb;
203         int err, pipe, interval, size;
204         void *buf;
205
206         BT_DBG("%s", husb->hdev->name);
207
208         size = le16_to_cpu(husb->intr_in_ep->desc.wMaxPacketSize);
209
210         buf = kmalloc(size, GFP_ATOMIC);
211         if (!buf)
212                 return -ENOMEM;
213
214         _urb = _urb_alloc(0, GFP_ATOMIC);
215         if (!_urb) {
216                 kfree(buf);
217                 return -ENOMEM;
218         }
219         _urb->type = HCI_EVENT_PKT;
220         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
221
222         urb = &_urb->urb;
223         pipe     = usb_rcvintpipe(husb->udev, husb->intr_in_ep->desc.bEndpointAddress);
224         interval = husb->intr_in_ep->desc.bInterval;
225         usb_fill_int_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb, interval);
226         
227         err = usb_submit_urb(urb, GFP_ATOMIC);
228         if (err) {
229                 BT_ERR("%s intr rx submit failed urb %p err %d",
230                                 husb->hdev->name, urb, err);
231                 _urb_unlink(_urb);
232                 _urb_free(_urb);
233                 kfree(buf);
234         }
235         return err;
236 }
237
238 static int hci_usb_bulk_rx_submit(struct hci_usb *husb)
239 {
240         struct _urb *_urb;
241         struct urb *urb;
242         int err, pipe, size = HCI_MAX_FRAME_SIZE;
243         void *buf;
244
245         buf = kmalloc(size, GFP_ATOMIC);
246         if (!buf)
247                 return -ENOMEM;
248
249         _urb = _urb_alloc(0, GFP_ATOMIC);
250         if (!_urb) {
251                 kfree(buf);
252                 return -ENOMEM;
253         }
254         _urb->type = HCI_ACLDATA_PKT;
255         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
256
257         urb  = &_urb->urb;
258         pipe = usb_rcvbulkpipe(husb->udev, husb->bulk_in_ep->desc.bEndpointAddress);
259         usb_fill_bulk_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb);
260         urb->transfer_flags = 0;
261
262         BT_DBG("%s urb %p", husb->hdev->name, urb);
263
264         err = usb_submit_urb(urb, GFP_ATOMIC);
265         if (err) {
266                 BT_ERR("%s bulk rx submit failed urb %p err %d",
267                                 husb->hdev->name, urb, err);
268                 _urb_unlink(_urb);
269                 _urb_free(_urb);
270                 kfree(buf);
271         }
272         return err;
273 }
274
275 #ifdef CONFIG_BT_HCIUSB_SCO
276 static int hci_usb_isoc_rx_submit(struct hci_usb *husb)
277 {
278         struct _urb *_urb;
279         struct urb *urb;
280         int err, mtu, size;
281         void *buf;
282
283         mtu  = le16_to_cpu(husb->isoc_in_ep->desc.wMaxPacketSize);
284         size = mtu * HCI_MAX_ISOC_FRAMES;
285
286         buf = kmalloc(size, GFP_ATOMIC);
287         if (!buf)
288                 return -ENOMEM;
289
290         _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
291         if (!_urb) {
292                 kfree(buf);
293                 return -ENOMEM;
294         }
295         _urb->type = HCI_SCODATA_PKT;
296         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
297
298         urb = &_urb->urb;
299
300         urb->context  = husb;
301         urb->dev      = husb->udev;
302         urb->pipe     = usb_rcvisocpipe(husb->udev, husb->isoc_in_ep->desc.bEndpointAddress);
303         urb->complete = hci_usb_rx_complete;
304
305         urb->interval = husb->isoc_in_ep->desc.bInterval;
306
307         urb->transfer_buffer_length = size;
308         urb->transfer_buffer = buf;
309         urb->transfer_flags  = URB_ISO_ASAP;
310
311         __fill_isoc_desc(urb, size, mtu);
312
313         BT_DBG("%s urb %p", husb->hdev->name, urb);
314
315         err = usb_submit_urb(urb, GFP_ATOMIC);
316         if (err) {
317                 BT_ERR("%s isoc rx submit failed urb %p err %d",
318                                 husb->hdev->name, urb, err);
319                 _urb_unlink(_urb);
320                 _urb_free(_urb);
321                 kfree(buf);
322         }
323         return err;
324 }
325 #endif
326
327 /* Initialize device */
328 static int hci_usb_open(struct hci_dev *hdev)
329 {
330         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
331         int i, err;
332         unsigned long flags;
333
334         BT_DBG("%s", hdev->name);
335
336         if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
337                 return 0;
338
339         write_lock_irqsave(&husb->completion_lock, flags);
340
341         err = hci_usb_intr_rx_submit(husb);
342         if (!err) {
343                 for (i = 0; i < HCI_MAX_BULK_RX; i++)
344                         hci_usb_bulk_rx_submit(husb);
345
346 #ifdef CONFIG_BT_HCIUSB_SCO
347                 if (husb->isoc_iface)
348                         for (i = 0; i < HCI_MAX_ISOC_RX; i++)
349                                 hci_usb_isoc_rx_submit(husb);
350 #endif
351         } else {
352                 clear_bit(HCI_RUNNING, &hdev->flags);
353         }
354
355         write_unlock_irqrestore(&husb->completion_lock, flags);
356         return err;
357 }
358
359 /* Reset device */
360 static int hci_usb_flush(struct hci_dev *hdev)
361 {
362         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
363         int i;
364
365         BT_DBG("%s", hdev->name);
366
367         for (i = 0; i < 4; i++)
368                 skb_queue_purge(&husb->transmit_q[i]);
369         return 0;
370 }
371
372 static void hci_usb_unlink_urbs(struct hci_usb *husb)
373 {
374         int i;
375
376         BT_DBG("%s", husb->hdev->name);
377
378         for (i = 0; i < 4; i++) {
379                 struct _urb *_urb;
380                 struct urb *urb;
381
382                 /* Kill pending requests */
383                 while ((_urb = _urb_dequeue(&husb->pending_q[i]))) {
384                         urb = &_urb->urb;
385                         BT_DBG("%s unlinking _urb %p type %d urb %p", 
386                                         husb->hdev->name, _urb, _urb->type, urb);
387                         usb_kill_urb(urb);
388                         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
389                 }
390
391                 /* Release completed requests */
392                 while ((_urb = _urb_dequeue(&husb->completed_q[i]))) {
393                         urb = &_urb->urb;
394                         BT_DBG("%s freeing _urb %p type %d urb %p",
395                                         husb->hdev->name, _urb, _urb->type, urb);
396                         kfree(urb->setup_packet);
397                         kfree(urb->transfer_buffer);
398                         _urb_free(_urb);
399                 }
400
401                 /* Release reassembly buffers */
402                 if (husb->reassembly[i]) {
403                         kfree_skb(husb->reassembly[i]);
404                         husb->reassembly[i] = NULL;
405                 }
406         }
407 }
408
409 /* Close device */
410 static int hci_usb_close(struct hci_dev *hdev)
411 {
412         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
413         unsigned long flags;
414
415         if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
416                 return 0;
417
418         BT_DBG("%s", hdev->name);
419
420         /* Synchronize with completion handlers */
421         write_lock_irqsave(&husb->completion_lock, flags);
422         write_unlock_irqrestore(&husb->completion_lock, flags);
423
424         hci_usb_unlink_urbs(husb);
425         hci_usb_flush(hdev);
426         return 0;
427 }
428
429 static int __tx_submit(struct hci_usb *husb, struct _urb *_urb)
430 {
431         struct urb *urb = &_urb->urb;
432         int err;
433
434         BT_DBG("%s urb %p type %d", husb->hdev->name, urb, _urb->type);
435
436         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
437         err = usb_submit_urb(urb, GFP_ATOMIC);
438         if (err) {
439                 BT_ERR("%s tx submit failed urb %p type %d err %d",
440                                 husb->hdev->name, urb, _urb->type, err);
441                 _urb_unlink(_urb);
442                 _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
443         } else
444                 atomic_inc(__pending_tx(husb, _urb->type));
445
446         return err;
447 }
448
449 static inline int hci_usb_send_ctrl(struct hci_usb *husb, struct sk_buff *skb)
450 {
451         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
452         struct usb_ctrlrequest *dr;
453         struct urb *urb;
454
455         if (!_urb) {
456                 _urb = _urb_alloc(0, GFP_ATOMIC);
457                 if (!_urb)
458                         return -ENOMEM;
459                 _urb->type = bt_cb(skb)->pkt_type;
460
461                 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
462                 if (!dr) {
463                         _urb_free(_urb);
464                         return -ENOMEM;
465                 }
466         } else
467                 dr = (void *) _urb->urb.setup_packet;
468
469         dr->bRequestType = husb->ctrl_req;
470         dr->bRequest = 0;
471         dr->wIndex   = 0;
472         dr->wValue   = 0;
473         dr->wLength  = __cpu_to_le16(skb->len);
474
475         urb = &_urb->urb;
476         usb_fill_control_urb(urb, husb->udev, usb_sndctrlpipe(husb->udev, 0),
477                 (void *) dr, skb->data, skb->len, hci_usb_tx_complete, husb);
478
479         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
480         
481         _urb->priv = skb;
482         return __tx_submit(husb, _urb);
483 }
484
485 static inline int hci_usb_send_bulk(struct hci_usb *husb, struct sk_buff *skb)
486 {
487         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
488         struct urb *urb;
489         int pipe;
490
491         if (!_urb) {
492                 _urb = _urb_alloc(0, GFP_ATOMIC);
493                 if (!_urb)
494                         return -ENOMEM;
495                 _urb->type = bt_cb(skb)->pkt_type;
496         }
497
498         urb  = &_urb->urb;
499         pipe = usb_sndbulkpipe(husb->udev, husb->bulk_out_ep->desc.bEndpointAddress);
500         usb_fill_bulk_urb(urb, husb->udev, pipe, skb->data, skb->len, 
501                         hci_usb_tx_complete, husb);
502         urb->transfer_flags = URB_ZERO_PACKET;
503
504         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
505
506         _urb->priv = skb;
507         return __tx_submit(husb, _urb);
508 }
509
510 #ifdef CONFIG_BT_HCIUSB_SCO
511 static inline int hci_usb_send_isoc(struct hci_usb *husb, struct sk_buff *skb)
512 {
513         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
514         struct urb *urb;
515
516         if (!_urb) {
517                 _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
518                 if (!_urb)
519                         return -ENOMEM;
520                 _urb->type = bt_cb(skb)->pkt_type;
521         }
522
523         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
524
525         urb = &_urb->urb;
526
527         urb->context  = husb;
528         urb->dev      = husb->udev;
529         urb->pipe     = usb_sndisocpipe(husb->udev, husb->isoc_out_ep->desc.bEndpointAddress);
530         urb->complete = hci_usb_tx_complete;
531         urb->transfer_flags = URB_ISO_ASAP;
532
533         urb->interval = husb->isoc_out_ep->desc.bInterval;
534
535         urb->transfer_buffer = skb->data;
536         urb->transfer_buffer_length = skb->len;
537
538         __fill_isoc_desc(urb, skb->len, le16_to_cpu(husb->isoc_out_ep->desc.wMaxPacketSize));
539
540         _urb->priv = skb;
541         return __tx_submit(husb, _urb);
542 }
543 #endif
544
545 static void hci_usb_tx_process(struct hci_usb *husb)
546 {
547         struct sk_buff_head *q;
548         struct sk_buff *skb;
549
550         BT_DBG("%s", husb->hdev->name);
551
552         do {
553                 clear_bit(HCI_USB_TX_WAKEUP, &husb->state);
554
555                 /* Process command queue */
556                 q = __transmit_q(husb, HCI_COMMAND_PKT);
557                 if (!atomic_read(__pending_tx(husb, HCI_COMMAND_PKT)) &&
558                                 (skb = skb_dequeue(q))) {
559                         if (hci_usb_send_ctrl(husb, skb) < 0)
560                                 skb_queue_head(q, skb);
561                 }
562
563 #ifdef CONFIG_BT_HCIUSB_SCO
564                 /* Process SCO queue */
565                 q = __transmit_q(husb, HCI_SCODATA_PKT);
566                 if (atomic_read(__pending_tx(husb, HCI_SCODATA_PKT)) < HCI_MAX_ISOC_TX &&
567                                 (skb = skb_dequeue(q))) {
568                         if (hci_usb_send_isoc(husb, skb) < 0)
569                                 skb_queue_head(q, skb);
570                 }
571 #endif
572
573                 /* Process ACL queue */
574                 q = __transmit_q(husb, HCI_ACLDATA_PKT);
575                 while (atomic_read(__pending_tx(husb, HCI_ACLDATA_PKT)) < HCI_MAX_BULK_TX &&
576                                 (skb = skb_dequeue(q))) {
577                         if (hci_usb_send_bulk(husb, skb) < 0) {
578                                 skb_queue_head(q, skb);
579                                 break;
580                         }
581                 }
582         } while(test_bit(HCI_USB_TX_WAKEUP, &husb->state));
583 }
584
585 static inline void hci_usb_tx_wakeup(struct hci_usb *husb)
586 {
587         /* Serialize TX queue processing to avoid data reordering */
588         if (!test_and_set_bit(HCI_USB_TX_PROCESS, &husb->state)) {
589                 hci_usb_tx_process(husb);
590                 clear_bit(HCI_USB_TX_PROCESS, &husb->state);
591         } else
592                 set_bit(HCI_USB_TX_WAKEUP, &husb->state);
593 }
594
595 /* Send frames from HCI layer */
596 static int hci_usb_send_frame(struct sk_buff *skb)
597 {
598         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
599         struct hci_usb *husb;
600
601         if (!hdev) {
602                 BT_ERR("frame for uknown device (hdev=NULL)");
603                 return -ENODEV;
604         }
605
606         if (!test_bit(HCI_RUNNING, &hdev->flags))
607                 return -EBUSY;
608
609         BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
610
611         husb = (struct hci_usb *) hdev->driver_data;
612
613         switch (bt_cb(skb)->pkt_type) {
614         case HCI_COMMAND_PKT:
615                 hdev->stat.cmd_tx++;
616                 break;
617
618         case HCI_ACLDATA_PKT:
619                 hdev->stat.acl_tx++;
620                 break;
621
622 #ifdef CONFIG_BT_HCIUSB_SCO
623         case HCI_SCODATA_PKT:
624                 hdev->stat.sco_tx++;
625                 break;
626 #endif
627
628         default:
629                 kfree_skb(skb);
630                 return 0;
631         }
632
633         read_lock(&husb->completion_lock);
634
635         skb_queue_tail(__transmit_q(husb, bt_cb(skb)->pkt_type), skb);
636         hci_usb_tx_wakeup(husb);
637
638         read_unlock(&husb->completion_lock);
639         return 0;
640 }
641
642 static inline int __recv_frame(struct hci_usb *husb, int type, void *data, int count)
643 {
644         BT_DBG("%s type %d data %p count %d", husb->hdev->name, type, data, count);
645
646         husb->hdev->stat.byte_rx += count;
647
648         while (count) {
649                 struct sk_buff *skb = __reassembly(husb, type);
650                 struct { int expect; } *scb;
651                 int len = 0;
652         
653                 if (!skb) {
654                         /* Start of the frame */
655
656                         switch (type) {
657                         case HCI_EVENT_PKT:
658                                 if (count >= HCI_EVENT_HDR_SIZE) {
659                                         struct hci_event_hdr *h = data;
660                                         len = HCI_EVENT_HDR_SIZE + h->plen;
661                                 } else
662                                         return -EILSEQ;
663                                 break;
664
665                         case HCI_ACLDATA_PKT:
666                                 if (count >= HCI_ACL_HDR_SIZE) {
667                                         struct hci_acl_hdr *h = data;
668                                         len = HCI_ACL_HDR_SIZE + __le16_to_cpu(h->dlen);
669                                 } else
670                                         return -EILSEQ;
671                                 break;
672 #ifdef CONFIG_BT_HCIUSB_SCO
673                         case HCI_SCODATA_PKT:
674                                 if (count >= HCI_SCO_HDR_SIZE) {
675                                         struct hci_sco_hdr *h = data;
676                                         len = HCI_SCO_HDR_SIZE + h->dlen;
677                                 } else
678                                         return -EILSEQ;
679                                 break;
680 #endif
681                         }
682                         BT_DBG("new packet len %d", len);
683
684                         skb = bt_skb_alloc(len, GFP_ATOMIC);
685                         if (!skb) {
686                                 BT_ERR("%s no memory for the packet", husb->hdev->name);
687                                 return -ENOMEM;
688                         }
689                         skb->dev = (void *) husb->hdev;
690                         bt_cb(skb)->pkt_type = type;
691         
692                         __reassembly(husb, type) = skb;
693
694                         scb = (void *) skb->cb;
695                         scb->expect = len;
696                 } else {
697                         /* Continuation */
698                         scb = (void *) skb->cb;
699                         len = scb->expect;
700                 }
701
702                 len = min(len, count);
703                 
704                 memcpy(skb_put(skb, len), data, len);
705
706                 scb->expect -= len;
707                 if (!scb->expect) {
708                         /* Complete frame */
709                         __reassembly(husb, type) = NULL;
710                         bt_cb(skb)->pkt_type = type;
711                         hci_recv_frame(skb);
712                 }
713
714                 count -= len; data += len;
715         }
716         return 0;
717 }
718
719 static void hci_usb_rx_complete(struct urb *urb, struct pt_regs *regs)
720 {
721         struct _urb *_urb = container_of(urb, struct _urb, urb);
722         struct hci_usb *husb = (void *) urb->context;
723         struct hci_dev *hdev = husb->hdev;
724         int err, count = urb->actual_length;
725
726         BT_DBG("%s urb %p type %d status %d count %d flags %x", hdev->name, urb,
727                         _urb->type, urb->status, count, urb->transfer_flags);
728
729         read_lock(&husb->completion_lock);
730
731         if (!test_bit(HCI_RUNNING, &hdev->flags))
732                 goto unlock;
733
734         if (urb->status || !count)
735                 goto resubmit;
736
737         if (_urb->type == HCI_SCODATA_PKT) {
738 #ifdef CONFIG_BT_HCIUSB_SCO
739                 int i;
740                 for (i=0; i < urb->number_of_packets; i++) {
741                         BT_DBG("desc %d status %d offset %d len %d", i,
742                                         urb->iso_frame_desc[i].status,
743                                         urb->iso_frame_desc[i].offset,
744                                         urb->iso_frame_desc[i].actual_length);
745         
746                         if (!urb->iso_frame_desc[i].status)
747                                 __recv_frame(husb, _urb->type, 
748                                         urb->transfer_buffer + urb->iso_frame_desc[i].offset,
749                                         urb->iso_frame_desc[i].actual_length);
750                 }
751 #else
752                 ;
753 #endif
754         } else {
755                 err = __recv_frame(husb, _urb->type, urb->transfer_buffer, count);
756                 if (err < 0) { 
757                         BT_ERR("%s corrupted packet: type %d count %d",
758                                         husb->hdev->name, _urb->type, count);
759                         hdev->stat.err_rx++;
760                 }
761         }
762
763 resubmit:
764         urb->dev = husb->udev;
765         err = usb_submit_urb(urb, GFP_ATOMIC);
766         BT_DBG("%s urb %p type %d resubmit status %d", hdev->name, urb,
767                         _urb->type, err);
768
769 unlock:
770         read_unlock(&husb->completion_lock);
771 }
772
773 static void hci_usb_tx_complete(struct urb *urb, struct pt_regs *regs)
774 {
775         struct _urb *_urb = container_of(urb, struct _urb, urb);
776         struct hci_usb *husb = (void *) urb->context;
777         struct hci_dev *hdev = husb->hdev;
778
779         BT_DBG("%s urb %p status %d flags %x", hdev->name, urb,
780                         urb->status, urb->transfer_flags);
781
782         atomic_dec(__pending_tx(husb, _urb->type));
783
784         urb->transfer_buffer = NULL;
785         kfree_skb((struct sk_buff *) _urb->priv);
786
787         if (!test_bit(HCI_RUNNING, &hdev->flags))
788                 return;
789
790         if (!urb->status)
791                 hdev->stat.byte_tx += urb->transfer_buffer_length;
792         else
793                 hdev->stat.err_tx++;
794
795         read_lock(&husb->completion_lock);
796
797         _urb_unlink(_urb);
798         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
799
800         hci_usb_tx_wakeup(husb);
801
802         read_unlock(&husb->completion_lock);
803 }
804
805 static void hci_usb_destruct(struct hci_dev *hdev)
806 {
807         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
808
809         BT_DBG("%s", hdev->name);
810
811         kfree(husb);
812 }
813
814 static void hci_usb_notify(struct hci_dev *hdev, unsigned int evt)
815 {
816         BT_DBG("%s evt %d", hdev->name, evt);
817 }
818
819 static int hci_usb_probe(struct usb_interface *intf, const struct usb_device_id *id)
820 {
821         struct usb_device *udev = interface_to_usbdev(intf);
822         struct usb_host_endpoint *bulk_out_ep = NULL;
823         struct usb_host_endpoint *bulk_in_ep = NULL;
824         struct usb_host_endpoint *intr_in_ep = NULL;
825         struct usb_host_endpoint  *ep;
826         struct usb_host_interface *uif;
827         struct usb_interface *isoc_iface;
828         struct hci_usb *husb;
829         struct hci_dev *hdev;
830         int i, e, size, isoc_ifnum, isoc_alts;
831
832         BT_DBG("udev %p intf %p", udev, intf);
833
834         if (!id->driver_info) {
835                 const struct usb_device_id *match;
836                 match = usb_match_id(intf, blacklist_ids);
837                 if (match)
838                         id = match;
839         }
840
841         if (ignore || id->driver_info & HCI_IGNORE)
842                 return -ENODEV;
843
844         if (ignore_dga && id->driver_info & HCI_DIGIANSWER)
845                 return -ENODEV;
846
847         if (ignore_csr && id->driver_info & HCI_CSR)
848                 return -ENODEV;
849
850         if (ignore_sniffer && id->driver_info & HCI_SNIFFER)
851                 return -ENODEV;
852
853         if (intf->cur_altsetting->desc.bInterfaceNumber > 0)
854                 return -ENODEV;
855
856         /* Find endpoints that we need */
857         uif = intf->cur_altsetting;
858         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
859                 ep = &uif->endpoint[e];
860
861                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
862                 case USB_ENDPOINT_XFER_INT:
863                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
864                                 intr_in_ep = ep;
865                         break;
866
867                 case USB_ENDPOINT_XFER_BULK:
868                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
869                                 bulk_in_ep  = ep;
870                         else
871                                 bulk_out_ep = ep;
872                         break;
873                 }
874         }
875
876         if (!bulk_in_ep || !bulk_out_ep || !intr_in_ep) {
877                 BT_DBG("Bulk endpoints not found");
878                 goto done;
879         }
880
881         if (!(husb = kzalloc(sizeof(struct hci_usb), GFP_KERNEL))) {
882                 BT_ERR("Can't allocate: control structure");
883                 goto done;
884         }
885
886         husb->udev = udev;
887         husb->bulk_out_ep = bulk_out_ep;
888         husb->bulk_in_ep  = bulk_in_ep;
889         husb->intr_in_ep  = intr_in_ep;
890
891         if (id->driver_info & HCI_DIGIANSWER)
892                 husb->ctrl_req = USB_TYPE_VENDOR;
893         else
894                 husb->ctrl_req = USB_TYPE_CLASS;
895
896         /* Find isochronous endpoints that we can use */
897         size = 0; 
898         isoc_iface = NULL;
899         isoc_alts  = 0;
900         isoc_ifnum = 1;
901
902 #ifdef CONFIG_BT_HCIUSB_SCO
903         if (isoc && !(id->driver_info & (HCI_BROKEN_ISOC | HCI_SNIFFER)))
904                 isoc_iface = usb_ifnum_to_if(udev, isoc_ifnum);
905
906         if (isoc_iface) {
907                 int a;
908                 struct usb_host_endpoint *isoc_out_ep = NULL;
909                 struct usb_host_endpoint *isoc_in_ep = NULL;
910
911                 for (a = 0; a < isoc_iface->num_altsetting; a++) {
912                         uif = &isoc_iface->altsetting[a];
913                         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
914                                 ep = &uif->endpoint[e];
915
916                                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
917                                 case USB_ENDPOINT_XFER_ISOC:
918                                         if (le16_to_cpu(ep->desc.wMaxPacketSize) < size ||
919                                                         uif->desc.bAlternateSetting != isoc)
920                                                 break;
921                                         size = le16_to_cpu(ep->desc.wMaxPacketSize);
922
923                                         isoc_alts = uif->desc.bAlternateSetting;
924
925                                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
926                                                 isoc_in_ep  = ep;
927                                         else
928                                                 isoc_out_ep = ep;
929                                         break;
930                                 }
931                         }
932                 }
933
934                 if (!isoc_in_ep || !isoc_out_ep)
935                         BT_DBG("Isoc endpoints not found");
936                 else {
937                         BT_DBG("isoc ifnum %d alts %d", isoc_ifnum, isoc_alts);
938                         if (usb_driver_claim_interface(&hci_usb_driver, isoc_iface, husb) != 0)
939                                 BT_ERR("Can't claim isoc interface");
940                         else if (usb_set_interface(udev, isoc_ifnum, isoc_alts)) {
941                                 BT_ERR("Can't set isoc interface settings");
942                                 husb->isoc_iface = isoc_iface;
943                                 usb_driver_release_interface(&hci_usb_driver, isoc_iface);
944                                 husb->isoc_iface = NULL;
945                         } else {
946                                 husb->isoc_iface  = isoc_iface;
947                                 husb->isoc_in_ep  = isoc_in_ep;
948                                 husb->isoc_out_ep = isoc_out_ep;
949                         }
950                 }
951         }
952 #endif
953
954         rwlock_init(&husb->completion_lock);
955
956         for (i = 0; i < 4; i++) {
957                 skb_queue_head_init(&husb->transmit_q[i]);
958                 _urb_queue_init(&husb->pending_q[i]);
959                 _urb_queue_init(&husb->completed_q[i]);
960         }
961
962         /* Initialize and register HCI device */
963         hdev = hci_alloc_dev();
964         if (!hdev) {
965                 BT_ERR("Can't allocate HCI device");
966                 goto probe_error;
967         }
968
969         husb->hdev = hdev;
970
971         hdev->type = HCI_USB;
972         hdev->driver_data = husb;
973         SET_HCIDEV_DEV(hdev, &intf->dev);
974
975         hdev->open     = hci_usb_open;
976         hdev->close    = hci_usb_close;
977         hdev->flush    = hci_usb_flush;
978         hdev->send     = hci_usb_send_frame;
979         hdev->destruct = hci_usb_destruct;
980         hdev->notify   = hci_usb_notify;
981
982         hdev->owner = THIS_MODULE;
983
984         if (reset || id->driver_info & HCI_RESET)
985                 set_bit(HCI_QUIRK_RESET_ON_INIT, &hdev->quirks);
986
987         if (id->driver_info & HCI_SNIFFER) {
988                 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
989                         set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
990         }
991
992         if (id->driver_info & HCI_BCM92035) {
993                 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
994                 struct sk_buff *skb;
995
996                 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
997                 if (skb) {
998                         memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
999                         skb_queue_tail(&hdev->driver_init, skb);
1000                 }
1001         }
1002
1003         if (hci_register_dev(hdev) < 0) {
1004                 BT_ERR("Can't register HCI device");
1005                 hci_free_dev(hdev);
1006                 goto probe_error;
1007         }
1008
1009         usb_set_intfdata(intf, husb);
1010         return 0;
1011
1012 probe_error:
1013         if (husb->isoc_iface)
1014                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1015         kfree(husb);
1016
1017 done:
1018         return -EIO;
1019 }
1020
1021 static void hci_usb_disconnect(struct usb_interface *intf)
1022 {
1023         struct hci_usb *husb = usb_get_intfdata(intf);
1024         struct hci_dev *hdev;
1025
1026         if (!husb || intf == husb->isoc_iface)
1027                 return;
1028
1029         usb_set_intfdata(intf, NULL);
1030         hdev = husb->hdev;
1031
1032         BT_DBG("%s", hdev->name);
1033
1034         hci_usb_close(hdev);
1035
1036         if (husb->isoc_iface)
1037                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1038
1039         if (hci_unregister_dev(hdev) < 0)
1040                 BT_ERR("Can't unregister HCI device %s", hdev->name);
1041
1042         hci_free_dev(hdev);
1043 }
1044
1045 static struct usb_driver hci_usb_driver = {
1046         .name           = "hci_usb",
1047         .probe          = hci_usb_probe,
1048         .disconnect     = hci_usb_disconnect,
1049         .id_table       = bluetooth_ids,
1050 };
1051
1052 static int __init hci_usb_init(void)
1053 {
1054         int err;
1055
1056         BT_INFO("HCI USB driver ver %s", VERSION);
1057
1058         if ((err = usb_register(&hci_usb_driver)) < 0)
1059                 BT_ERR("Failed to register HCI USB driver");
1060
1061         return err;
1062 }
1063
1064 static void __exit hci_usb_exit(void)
1065 {
1066         usb_deregister(&hci_usb_driver);
1067 }
1068
1069 module_init(hci_usb_init);
1070 module_exit(hci_usb_exit);
1071
1072 module_param(ignore, bool, 0644);
1073 MODULE_PARM_DESC(ignore, "Ignore devices from the matching table");
1074
1075 module_param(ignore_dga, bool, 0644);
1076 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1077
1078 module_param(ignore_csr, bool, 0644);
1079 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1080
1081 module_param(ignore_sniffer, bool, 0644);
1082 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1083
1084 module_param(reset, bool, 0644);
1085 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1086
1087 #ifdef CONFIG_BT_HCIUSB_SCO
1088 module_param(isoc, int, 0644);
1089 MODULE_PARM_DESC(isoc, "Set isochronous transfers for SCO over HCI support");
1090 #endif
1091
1092 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
1093 MODULE_DESCRIPTION("Bluetooth HCI USB driver ver " VERSION);
1094 MODULE_VERSION(VERSION);
1095 MODULE_LICENSE("GPL");