Removed PF_SYNCTHREAD legacy.
[linux-2.6] / drivers / bluetooth / hci_usb.c
1 /* 
2    HCI USB driver for Linux Bluetooth protocol stack (BlueZ)
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
5
6    Copyright (C) 2003 Maxim Krasnyansky <maxk@qualcomm.com>
7
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License version 2 as
10    published by the Free Software Foundation;
11
12    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
17    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
18    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
19    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
21    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
22    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
23    SOFTWARE IS DISCLAIMED.
24 */
25
26 /*
27  * Bluetooth HCI USB driver.
28  * Based on original USB Bluetooth driver for Linux kernel
29  *    Copyright (c) 2000 Greg Kroah-Hartman        <greg@kroah.com>
30  *    Copyright (c) 2000 Mark Douglas Corner       <mcorner@umich.edu>
31  *
32  */
33
34 #include <linux/config.h>
35 #include <linux/module.h>
36
37 #include <linux/kernel.h>
38 #include <linux/init.h>
39 #include <linux/sched.h>
40 #include <linux/unistd.h>
41 #include <linux/types.h>
42 #include <linux/interrupt.h>
43 #include <linux/moduleparam.h>
44
45 #include <linux/slab.h>
46 #include <linux/errno.h>
47 #include <linux/string.h>
48 #include <linux/skbuff.h>
49
50 #include <linux/usb.h>
51
52 #include <net/bluetooth/bluetooth.h>
53 #include <net/bluetooth/hci_core.h>
54
55 #include "hci_usb.h"
56
57 #ifndef CONFIG_BT_HCIUSB_DEBUG
58 #undef  BT_DBG
59 #define BT_DBG(D...)
60 #endif
61
62 #ifndef CONFIG_BT_HCIUSB_ZERO_PACKET
63 #undef  URB_ZERO_PACKET
64 #define URB_ZERO_PACKET 0
65 #endif
66
67 static int ignore = 0;
68 static int ignore_csr = 0;
69 static int ignore_sniffer = 0;
70 static int reset = 0;
71
72 #ifdef CONFIG_BT_HCIUSB_SCO
73 static int isoc = 2;
74 #endif
75
76 #define VERSION "2.9"
77
78 static struct usb_driver hci_usb_driver; 
79
80 static struct usb_device_id bluetooth_ids[] = {
81         /* Generic Bluetooth USB device */
82         { USB_DEVICE_INFO(HCI_DEV_CLASS, HCI_DEV_SUBCLASS, HCI_DEV_PROTOCOL) },
83
84         /* AVM BlueFRITZ! USB v2.0 */
85         { USB_DEVICE(0x057c, 0x3800) },
86
87         /* Bluetooth Ultraport Module from IBM */
88         { USB_DEVICE(0x04bf, 0x030a) },
89
90         /* ALPS Modules with non-standard id */
91         { USB_DEVICE(0x044e, 0x3001) },
92         { USB_DEVICE(0x044e, 0x3002) },
93
94         /* Ericsson with non-standard id */
95         { USB_DEVICE(0x0bdb, 0x1002) },
96
97         { }     /* Terminating entry */
98 };
99
100 MODULE_DEVICE_TABLE (usb, bluetooth_ids);
101
102 static struct usb_device_id blacklist_ids[] = {
103         /* CSR BlueCore devices */
104         { USB_DEVICE(0x0a12, 0x0001), .driver_info = HCI_CSR },
105
106         /* Broadcom BCM2033 without firmware */
107         { USB_DEVICE(0x0a5c, 0x2033), .driver_info = HCI_IGNORE },
108
109         /* Broadcom BCM2035 */
110         { USB_DEVICE(0x0a5c, 0x200a), .driver_info = HCI_RESET | HCI_BROKEN_ISOC },
111         { USB_DEVICE(0x0a5c, 0x2009), .driver_info = HCI_BCM92035 },
112
113         /* Microsoft Wireless Transceiver for Bluetooth 2.0 */
114         { USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET },
115
116         /* Kensington Bluetooth USB adapter */
117         { USB_DEVICE(0x047d, 0x105d), .driver_info = HCI_RESET },
118
119         /* ISSC Bluetooth Adapter v3.1 */
120         { USB_DEVICE(0x1131, 0x1001), .driver_info = HCI_RESET },
121
122         /* RTX Telecom based adapter with buggy SCO support */
123         { USB_DEVICE(0x0400, 0x0807), .driver_info = HCI_BROKEN_ISOC },
124
125         /* Digianswer devices */
126         { USB_DEVICE(0x08fd, 0x0001), .driver_info = HCI_DIGIANSWER },
127         { USB_DEVICE(0x08fd, 0x0002), .driver_info = HCI_IGNORE },
128
129         /* CSR BlueCore Bluetooth Sniffer */
130         { USB_DEVICE(0x0a12, 0x0002), .driver_info = HCI_SNIFFER },
131
132         { }     /* Terminating entry */
133 };
134
135 static struct _urb *_urb_alloc(int isoc, gfp_t gfp)
136 {
137         struct _urb *_urb = kmalloc(sizeof(struct _urb) +
138                                 sizeof(struct usb_iso_packet_descriptor) * isoc, gfp);
139         if (_urb) {
140                 memset(_urb, 0, sizeof(*_urb));
141                 usb_init_urb(&_urb->urb);
142         }
143         return _urb;
144 }
145
146 static struct _urb *_urb_dequeue(struct _urb_queue *q)
147 {
148         struct _urb *_urb = NULL;
149         unsigned long flags;
150         spin_lock_irqsave(&q->lock, flags);
151         {
152                 struct list_head *head = &q->head;
153                 struct list_head *next = head->next;
154                 if (next != head) {
155                         _urb = list_entry(next, struct _urb, list);
156                         list_del(next); _urb->queue = NULL;
157                 }
158         }
159         spin_unlock_irqrestore(&q->lock, flags);
160         return _urb;
161 }
162
163 static void hci_usb_rx_complete(struct urb *urb, struct pt_regs *regs);
164 static void hci_usb_tx_complete(struct urb *urb, struct pt_regs *regs);
165
166 #define __pending_tx(husb, type)  (&husb->pending_tx[type-1])
167 #define __pending_q(husb, type)   (&husb->pending_q[type-1])
168 #define __completed_q(husb, type) (&husb->completed_q[type-1])
169 #define __transmit_q(husb, type)  (&husb->transmit_q[type-1])
170 #define __reassembly(husb, type)  (husb->reassembly[type-1])
171
172 static inline struct _urb *__get_completed(struct hci_usb *husb, int type)
173 {
174         return _urb_dequeue(__completed_q(husb, type)); 
175 }
176
177 #ifdef CONFIG_BT_HCIUSB_SCO
178 static void __fill_isoc_desc(struct urb *urb, int len, int mtu)
179 {
180         int offset = 0, i;
181
182         BT_DBG("len %d mtu %d", len, mtu);
183
184         for (i=0; i < HCI_MAX_ISOC_FRAMES && len >= mtu; i++, offset += mtu, len -= mtu) {
185                 urb->iso_frame_desc[i].offset = offset;
186                 urb->iso_frame_desc[i].length = mtu;
187                 BT_DBG("desc %d offset %d len %d", i, offset, mtu);
188         }
189         if (len && i < HCI_MAX_ISOC_FRAMES) {
190                 urb->iso_frame_desc[i].offset = offset;
191                 urb->iso_frame_desc[i].length = len;
192                 BT_DBG("desc %d offset %d len %d", i, offset, len);
193                 i++;
194         }
195         urb->number_of_packets = i;
196 }
197 #endif
198
199 static int hci_usb_intr_rx_submit(struct hci_usb *husb)
200 {
201         struct _urb *_urb;
202         struct urb *urb;
203         int err, pipe, interval, size;
204         void *buf;
205
206         BT_DBG("%s", husb->hdev->name);
207
208         size = le16_to_cpu(husb->intr_in_ep->desc.wMaxPacketSize);
209
210         buf = kmalloc(size, GFP_ATOMIC);
211         if (!buf)
212                 return -ENOMEM;
213
214         _urb = _urb_alloc(0, GFP_ATOMIC);
215         if (!_urb) {
216                 kfree(buf);
217                 return -ENOMEM;
218         }
219         _urb->type = HCI_EVENT_PKT;
220         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
221
222         urb = &_urb->urb;
223         pipe     = usb_rcvintpipe(husb->udev, husb->intr_in_ep->desc.bEndpointAddress);
224         interval = husb->intr_in_ep->desc.bInterval;
225         usb_fill_int_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb, interval);
226         
227         err = usb_submit_urb(urb, GFP_ATOMIC);
228         if (err) {
229                 BT_ERR("%s intr rx submit failed urb %p err %d",
230                                 husb->hdev->name, urb, err);
231                 _urb_unlink(_urb);
232                 _urb_free(_urb);
233                 kfree(buf);
234         }
235         return err;
236 }
237
238 static int hci_usb_bulk_rx_submit(struct hci_usb *husb)
239 {
240         struct _urb *_urb;
241         struct urb *urb;
242         int err, pipe, size = HCI_MAX_FRAME_SIZE;
243         void *buf;
244
245         buf = kmalloc(size, GFP_ATOMIC);
246         if (!buf)
247                 return -ENOMEM;
248
249         _urb = _urb_alloc(0, GFP_ATOMIC);
250         if (!_urb) {
251                 kfree(buf);
252                 return -ENOMEM;
253         }
254         _urb->type = HCI_ACLDATA_PKT;
255         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
256
257         urb  = &_urb->urb;
258         pipe = usb_rcvbulkpipe(husb->udev, husb->bulk_in_ep->desc.bEndpointAddress);
259         usb_fill_bulk_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb);
260         urb->transfer_flags = 0;
261
262         BT_DBG("%s urb %p", husb->hdev->name, urb);
263
264         err = usb_submit_urb(urb, GFP_ATOMIC);
265         if (err) {
266                 BT_ERR("%s bulk rx submit failed urb %p err %d",
267                                 husb->hdev->name, urb, err);
268                 _urb_unlink(_urb);
269                 _urb_free(_urb);
270                 kfree(buf);
271         }
272         return err;
273 }
274
275 #ifdef CONFIG_BT_HCIUSB_SCO
276 static int hci_usb_isoc_rx_submit(struct hci_usb *husb)
277 {
278         struct _urb *_urb;
279         struct urb *urb;
280         int err, mtu, size;
281         void *buf;
282
283         mtu  = le16_to_cpu(husb->isoc_in_ep->desc.wMaxPacketSize);
284         size = mtu * HCI_MAX_ISOC_FRAMES;
285
286         buf = kmalloc(size, GFP_ATOMIC);
287         if (!buf)
288                 return -ENOMEM;
289
290         _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
291         if (!_urb) {
292                 kfree(buf);
293                 return -ENOMEM;
294         }
295         _urb->type = HCI_SCODATA_PKT;
296         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
297
298         urb = &_urb->urb;
299
300         urb->context  = husb;
301         urb->dev      = husb->udev;
302         urb->pipe     = usb_rcvisocpipe(husb->udev, husb->isoc_in_ep->desc.bEndpointAddress);
303         urb->complete = hci_usb_rx_complete;
304
305         urb->interval = husb->isoc_in_ep->desc.bInterval;
306
307         urb->transfer_buffer_length = size;
308         urb->transfer_buffer = buf;
309         urb->transfer_flags  = URB_ISO_ASAP;
310
311         __fill_isoc_desc(urb, size, mtu);
312
313         BT_DBG("%s urb %p", husb->hdev->name, urb);
314
315         err = usb_submit_urb(urb, GFP_ATOMIC);
316         if (err) {
317                 BT_ERR("%s isoc rx submit failed urb %p err %d",
318                                 husb->hdev->name, urb, err);
319                 _urb_unlink(_urb);
320                 _urb_free(_urb);
321                 kfree(buf);
322         }
323         return err;
324 }
325 #endif
326
327 /* Initialize device */
328 static int hci_usb_open(struct hci_dev *hdev)
329 {
330         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
331         int i, err;
332         unsigned long flags;
333
334         BT_DBG("%s", hdev->name);
335
336         if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
337                 return 0;
338
339         write_lock_irqsave(&husb->completion_lock, flags);
340
341         err = hci_usb_intr_rx_submit(husb);
342         if (!err) {
343                 for (i = 0; i < HCI_MAX_BULK_RX; i++)
344                         hci_usb_bulk_rx_submit(husb);
345
346 #ifdef CONFIG_BT_HCIUSB_SCO
347                 if (husb->isoc_iface)
348                         for (i = 0; i < HCI_MAX_ISOC_RX; i++)
349                                 hci_usb_isoc_rx_submit(husb);
350 #endif
351         } else {
352                 clear_bit(HCI_RUNNING, &hdev->flags);
353         }
354
355         write_unlock_irqrestore(&husb->completion_lock, flags);
356         return err;
357 }
358
359 /* Reset device */
360 static int hci_usb_flush(struct hci_dev *hdev)
361 {
362         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
363         int i;
364
365         BT_DBG("%s", hdev->name);
366
367         for (i = 0; i < 4; i++)
368                 skb_queue_purge(&husb->transmit_q[i]);
369         return 0;
370 }
371
372 static void hci_usb_unlink_urbs(struct hci_usb *husb)
373 {
374         int i;
375
376         BT_DBG("%s", husb->hdev->name);
377
378         for (i = 0; i < 4; i++) {
379                 struct _urb *_urb;
380                 struct urb *urb;
381
382                 /* Kill pending requests */
383                 while ((_urb = _urb_dequeue(&husb->pending_q[i]))) {
384                         urb = &_urb->urb;
385                         BT_DBG("%s unlinking _urb %p type %d urb %p", 
386                                         husb->hdev->name, _urb, _urb->type, urb);
387                         usb_kill_urb(urb);
388                         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
389                 }
390
391                 /* Release completed requests */
392                 while ((_urb = _urb_dequeue(&husb->completed_q[i]))) {
393                         urb = &_urb->urb;
394                         BT_DBG("%s freeing _urb %p type %d urb %p",
395                                         husb->hdev->name, _urb, _urb->type, urb);
396                         kfree(urb->setup_packet);
397                         kfree(urb->transfer_buffer);
398                         _urb_free(_urb);
399                 }
400
401                 /* Release reassembly buffers */
402                 if (husb->reassembly[i]) {
403                         kfree_skb(husb->reassembly[i]);
404                         husb->reassembly[i] = NULL;
405                 }
406         }
407 }
408
409 /* Close device */
410 static int hci_usb_close(struct hci_dev *hdev)
411 {
412         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
413         unsigned long flags;
414
415         if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
416                 return 0;
417
418         BT_DBG("%s", hdev->name);
419
420         /* Synchronize with completion handlers */
421         write_lock_irqsave(&husb->completion_lock, flags);
422         write_unlock_irqrestore(&husb->completion_lock, flags);
423
424         hci_usb_unlink_urbs(husb);
425         hci_usb_flush(hdev);
426         return 0;
427 }
428
429 static int __tx_submit(struct hci_usb *husb, struct _urb *_urb)
430 {
431         struct urb *urb = &_urb->urb;
432         int err;
433
434         BT_DBG("%s urb %p type %d", husb->hdev->name, urb, _urb->type);
435
436         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
437         err = usb_submit_urb(urb, GFP_ATOMIC);
438         if (err) {
439                 BT_ERR("%s tx submit failed urb %p type %d err %d",
440                                 husb->hdev->name, urb, _urb->type, err);
441                 _urb_unlink(_urb);
442                 _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
443         } else
444                 atomic_inc(__pending_tx(husb, _urb->type));
445
446         return err;
447 }
448
449 static inline int hci_usb_send_ctrl(struct hci_usb *husb, struct sk_buff *skb)
450 {
451         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
452         struct usb_ctrlrequest *dr;
453         struct urb *urb;
454
455         if (!_urb) {
456                 _urb = _urb_alloc(0, GFP_ATOMIC);
457                 if (!_urb)
458                         return -ENOMEM;
459                 _urb->type = bt_cb(skb)->pkt_type;
460
461                 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
462                 if (!dr) {
463                         _urb_free(_urb);
464                         return -ENOMEM;
465                 }
466         } else
467                 dr = (void *) _urb->urb.setup_packet;
468
469         dr->bRequestType = husb->ctrl_req;
470         dr->bRequest = 0;
471         dr->wIndex   = 0;
472         dr->wValue   = 0;
473         dr->wLength  = __cpu_to_le16(skb->len);
474
475         urb = &_urb->urb;
476         usb_fill_control_urb(urb, husb->udev, usb_sndctrlpipe(husb->udev, 0),
477                 (void *) dr, skb->data, skb->len, hci_usb_tx_complete, husb);
478
479         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
480         
481         _urb->priv = skb;
482         return __tx_submit(husb, _urb);
483 }
484
485 static inline int hci_usb_send_bulk(struct hci_usb *husb, struct sk_buff *skb)
486 {
487         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
488         struct urb *urb;
489         int pipe;
490
491         if (!_urb) {
492                 _urb = _urb_alloc(0, GFP_ATOMIC);
493                 if (!_urb)
494                         return -ENOMEM;
495                 _urb->type = bt_cb(skb)->pkt_type;
496         }
497
498         urb  = &_urb->urb;
499         pipe = usb_sndbulkpipe(husb->udev, husb->bulk_out_ep->desc.bEndpointAddress);
500         usb_fill_bulk_urb(urb, husb->udev, pipe, skb->data, skb->len, 
501                         hci_usb_tx_complete, husb);
502         urb->transfer_flags = URB_ZERO_PACKET;
503
504         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
505
506         _urb->priv = skb;
507         return __tx_submit(husb, _urb);
508 }
509
510 #ifdef CONFIG_BT_HCIUSB_SCO
511 static inline int hci_usb_send_isoc(struct hci_usb *husb, struct sk_buff *skb)
512 {
513         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
514         struct urb *urb;
515
516         if (!_urb) {
517                 _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
518                 if (!_urb)
519                         return -ENOMEM;
520                 _urb->type = bt_cb(skb)->pkt_type;
521         }
522
523         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
524
525         urb = &_urb->urb;
526
527         urb->context  = husb;
528         urb->dev      = husb->udev;
529         urb->pipe     = usb_sndisocpipe(husb->udev, husb->isoc_out_ep->desc.bEndpointAddress);
530         urb->complete = hci_usb_tx_complete;
531         urb->transfer_flags = URB_ISO_ASAP;
532
533         urb->interval = husb->isoc_out_ep->desc.bInterval;
534
535         urb->transfer_buffer = skb->data;
536         urb->transfer_buffer_length = skb->len;
537
538         __fill_isoc_desc(urb, skb->len, le16_to_cpu(husb->isoc_out_ep->desc.wMaxPacketSize));
539
540         _urb->priv = skb;
541         return __tx_submit(husb, _urb);
542 }
543 #endif
544
545 static void hci_usb_tx_process(struct hci_usb *husb)
546 {
547         struct sk_buff_head *q;
548         struct sk_buff *skb;
549
550         BT_DBG("%s", husb->hdev->name);
551
552         do {
553                 clear_bit(HCI_USB_TX_WAKEUP, &husb->state);
554
555                 /* Process command queue */
556                 q = __transmit_q(husb, HCI_COMMAND_PKT);
557                 if (!atomic_read(__pending_tx(husb, HCI_COMMAND_PKT)) &&
558                                 (skb = skb_dequeue(q))) {
559                         if (hci_usb_send_ctrl(husb, skb) < 0)
560                                 skb_queue_head(q, skb);
561                 }
562
563 #ifdef CONFIG_BT_HCIUSB_SCO
564                 /* Process SCO queue */
565                 q = __transmit_q(husb, HCI_SCODATA_PKT);
566                 if (atomic_read(__pending_tx(husb, HCI_SCODATA_PKT)) < HCI_MAX_ISOC_TX &&
567                                 (skb = skb_dequeue(q))) {
568                         if (hci_usb_send_isoc(husb, skb) < 0)
569                                 skb_queue_head(q, skb);
570                 }
571 #endif
572
573                 /* Process ACL queue */
574                 q = __transmit_q(husb, HCI_ACLDATA_PKT);
575                 while (atomic_read(__pending_tx(husb, HCI_ACLDATA_PKT)) < HCI_MAX_BULK_TX &&
576                                 (skb = skb_dequeue(q))) {
577                         if (hci_usb_send_bulk(husb, skb) < 0) {
578                                 skb_queue_head(q, skb);
579                                 break;
580                         }
581                 }
582         } while(test_bit(HCI_USB_TX_WAKEUP, &husb->state));
583 }
584
585 static inline void hci_usb_tx_wakeup(struct hci_usb *husb)
586 {
587         /* Serialize TX queue processing to avoid data reordering */
588         if (!test_and_set_bit(HCI_USB_TX_PROCESS, &husb->state)) {
589                 hci_usb_tx_process(husb);
590                 clear_bit(HCI_USB_TX_PROCESS, &husb->state);
591         } else
592                 set_bit(HCI_USB_TX_WAKEUP, &husb->state);
593 }
594
595 /* Send frames from HCI layer */
596 static int hci_usb_send_frame(struct sk_buff *skb)
597 {
598         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
599         struct hci_usb *husb;
600
601         if (!hdev) {
602                 BT_ERR("frame for uknown device (hdev=NULL)");
603                 return -ENODEV;
604         }
605
606         if (!test_bit(HCI_RUNNING, &hdev->flags))
607                 return -EBUSY;
608
609         BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
610
611         husb = (struct hci_usb *) hdev->driver_data;
612
613         switch (bt_cb(skb)->pkt_type) {
614         case HCI_COMMAND_PKT:
615                 hdev->stat.cmd_tx++;
616                 break;
617
618         case HCI_ACLDATA_PKT:
619                 hdev->stat.acl_tx++;
620                 break;
621
622 #ifdef CONFIG_BT_HCIUSB_SCO
623         case HCI_SCODATA_PKT:
624                 hdev->stat.sco_tx++;
625                 break;
626 #endif
627
628         default:
629                 kfree_skb(skb);
630                 return 0;
631         }
632
633         read_lock(&husb->completion_lock);
634
635         skb_queue_tail(__transmit_q(husb, bt_cb(skb)->pkt_type), skb);
636         hci_usb_tx_wakeup(husb);
637
638         read_unlock(&husb->completion_lock);
639         return 0;
640 }
641
642 static inline int __recv_frame(struct hci_usb *husb, int type, void *data, int count)
643 {
644         BT_DBG("%s type %d data %p count %d", husb->hdev->name, type, data, count);
645
646         husb->hdev->stat.byte_rx += count;
647
648         while (count) {
649                 struct sk_buff *skb = __reassembly(husb, type);
650                 struct { int expect; } *scb;
651                 int len = 0;
652         
653                 if (!skb) {
654                         /* Start of the frame */
655
656                         switch (type) {
657                         case HCI_EVENT_PKT:
658                                 if (count >= HCI_EVENT_HDR_SIZE) {
659                                         struct hci_event_hdr *h = data;
660                                         len = HCI_EVENT_HDR_SIZE + h->plen;
661                                 } else
662                                         return -EILSEQ;
663                                 break;
664
665                         case HCI_ACLDATA_PKT:
666                                 if (count >= HCI_ACL_HDR_SIZE) {
667                                         struct hci_acl_hdr *h = data;
668                                         len = HCI_ACL_HDR_SIZE + __le16_to_cpu(h->dlen);
669                                 } else
670                                         return -EILSEQ;
671                                 break;
672 #ifdef CONFIG_BT_HCIUSB_SCO
673                         case HCI_SCODATA_PKT:
674                                 if (count >= HCI_SCO_HDR_SIZE) {
675                                         struct hci_sco_hdr *h = data;
676                                         len = HCI_SCO_HDR_SIZE + h->dlen;
677                                 } else
678                                         return -EILSEQ;
679                                 break;
680 #endif
681                         }
682                         BT_DBG("new packet len %d", len);
683
684                         skb = bt_skb_alloc(len, GFP_ATOMIC);
685                         if (!skb) {
686                                 BT_ERR("%s no memory for the packet", husb->hdev->name);
687                                 return -ENOMEM;
688                         }
689                         skb->dev = (void *) husb->hdev;
690                         bt_cb(skb)->pkt_type = type;
691         
692                         __reassembly(husb, type) = skb;
693
694                         scb = (void *) skb->cb;
695                         scb->expect = len;
696                 } else {
697                         /* Continuation */
698                         scb = (void *) skb->cb;
699                         len = scb->expect;
700                 }
701
702                 len = min(len, count);
703                 
704                 memcpy(skb_put(skb, len), data, len);
705
706                 scb->expect -= len;
707                 if (!scb->expect) {
708                         /* Complete frame */
709                         __reassembly(husb, type) = NULL;
710                         bt_cb(skb)->pkt_type = type;
711                         hci_recv_frame(skb);
712                 }
713
714                 count -= len; data += len;
715         }
716         return 0;
717 }
718
719 static void hci_usb_rx_complete(struct urb *urb, struct pt_regs *regs)
720 {
721         struct _urb *_urb = container_of(urb, struct _urb, urb);
722         struct hci_usb *husb = (void *) urb->context;
723         struct hci_dev *hdev = husb->hdev;
724         int err, count = urb->actual_length;
725
726         BT_DBG("%s urb %p type %d status %d count %d flags %x", hdev->name, urb,
727                         _urb->type, urb->status, count, urb->transfer_flags);
728
729         read_lock(&husb->completion_lock);
730
731         if (!test_bit(HCI_RUNNING, &hdev->flags))
732                 goto unlock;
733
734         if (urb->status || !count)
735                 goto resubmit;
736
737         if (_urb->type == HCI_SCODATA_PKT) {
738 #ifdef CONFIG_BT_HCIUSB_SCO
739                 int i;
740                 for (i=0; i < urb->number_of_packets; i++) {
741                         BT_DBG("desc %d status %d offset %d len %d", i,
742                                         urb->iso_frame_desc[i].status,
743                                         urb->iso_frame_desc[i].offset,
744                                         urb->iso_frame_desc[i].actual_length);
745         
746                         if (!urb->iso_frame_desc[i].status)
747                                 __recv_frame(husb, _urb->type, 
748                                         urb->transfer_buffer + urb->iso_frame_desc[i].offset,
749                                         urb->iso_frame_desc[i].actual_length);
750                 }
751 #else
752                 ;
753 #endif
754         } else {
755                 err = __recv_frame(husb, _urb->type, urb->transfer_buffer, count);
756                 if (err < 0) { 
757                         BT_ERR("%s corrupted packet: type %d count %d",
758                                         husb->hdev->name, _urb->type, count);
759                         hdev->stat.err_rx++;
760                 }
761         }
762
763 resubmit:
764         urb->dev = husb->udev;
765         err = usb_submit_urb(urb, GFP_ATOMIC);
766         BT_DBG("%s urb %p type %d resubmit status %d", hdev->name, urb,
767                         _urb->type, err);
768
769 unlock:
770         read_unlock(&husb->completion_lock);
771 }
772
773 static void hci_usb_tx_complete(struct urb *urb, struct pt_regs *regs)
774 {
775         struct _urb *_urb = container_of(urb, struct _urb, urb);
776         struct hci_usb *husb = (void *) urb->context;
777         struct hci_dev *hdev = husb->hdev;
778
779         BT_DBG("%s urb %p status %d flags %x", hdev->name, urb,
780                         urb->status, urb->transfer_flags);
781
782         atomic_dec(__pending_tx(husb, _urb->type));
783
784         urb->transfer_buffer = NULL;
785         kfree_skb((struct sk_buff *) _urb->priv);
786
787         if (!test_bit(HCI_RUNNING, &hdev->flags))
788                 return;
789
790         if (!urb->status)
791                 hdev->stat.byte_tx += urb->transfer_buffer_length;
792         else
793                 hdev->stat.err_tx++;
794
795         read_lock(&husb->completion_lock);
796
797         _urb_unlink(_urb);
798         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
799
800         hci_usb_tx_wakeup(husb);
801
802         read_unlock(&husb->completion_lock);
803 }
804
805 static void hci_usb_destruct(struct hci_dev *hdev)
806 {
807         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
808
809         BT_DBG("%s", hdev->name);
810
811         kfree(husb);
812 }
813
814 static void hci_usb_notify(struct hci_dev *hdev, unsigned int evt)
815 {
816         BT_DBG("%s evt %d", hdev->name, evt);
817 }
818
819 static int hci_usb_probe(struct usb_interface *intf, const struct usb_device_id *id)
820 {
821         struct usb_device *udev = interface_to_usbdev(intf);
822         struct usb_host_endpoint *bulk_out_ep = NULL;
823         struct usb_host_endpoint *bulk_in_ep = NULL;
824         struct usb_host_endpoint *intr_in_ep = NULL;
825         struct usb_host_endpoint  *ep;
826         struct usb_host_interface *uif;
827         struct usb_interface *isoc_iface;
828         struct hci_usb *husb;
829         struct hci_dev *hdev;
830         int i, e, size, isoc_ifnum, isoc_alts;
831
832         BT_DBG("udev %p intf %p", udev, intf);
833
834         if (!id->driver_info) {
835                 const struct usb_device_id *match;
836                 match = usb_match_id(intf, blacklist_ids);
837                 if (match)
838                         id = match;
839         }
840
841         if (ignore || id->driver_info & HCI_IGNORE)
842                 return -ENODEV;
843
844         if (ignore_csr && id->driver_info & HCI_CSR)
845                 return -ENODEV;
846
847         if (ignore_sniffer && id->driver_info & HCI_SNIFFER)
848                 return -ENODEV;
849
850         if (intf->cur_altsetting->desc.bInterfaceNumber > 0)
851                 return -ENODEV;
852
853         /* Find endpoints that we need */
854         uif = intf->cur_altsetting;
855         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
856                 ep = &uif->endpoint[e];
857
858                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
859                 case USB_ENDPOINT_XFER_INT:
860                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
861                                 intr_in_ep = ep;
862                         break;
863
864                 case USB_ENDPOINT_XFER_BULK:
865                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
866                                 bulk_in_ep  = ep;
867                         else
868                                 bulk_out_ep = ep;
869                         break;
870                 }
871         }
872
873         if (!bulk_in_ep || !bulk_out_ep || !intr_in_ep) {
874                 BT_DBG("Bulk endpoints not found");
875                 goto done;
876         }
877
878         if (!(husb = kmalloc(sizeof(struct hci_usb), GFP_KERNEL))) {
879                 BT_ERR("Can't allocate: control structure");
880                 goto done;
881         }
882
883         memset(husb, 0, sizeof(struct hci_usb));
884
885         husb->udev = udev;
886         husb->bulk_out_ep = bulk_out_ep;
887         husb->bulk_in_ep  = bulk_in_ep;
888         husb->intr_in_ep  = intr_in_ep;
889
890         if (id->driver_info & HCI_DIGIANSWER)
891                 husb->ctrl_req = USB_TYPE_VENDOR;
892         else
893                 husb->ctrl_req = USB_TYPE_CLASS;
894
895         /* Find isochronous endpoints that we can use */
896         size = 0; 
897         isoc_iface = NULL;
898         isoc_alts  = 0;
899         isoc_ifnum = 1;
900
901 #ifdef CONFIG_BT_HCIUSB_SCO
902         if (isoc && !(id->driver_info & (HCI_BROKEN_ISOC | HCI_SNIFFER)))
903                 isoc_iface = usb_ifnum_to_if(udev, isoc_ifnum);
904
905         if (isoc_iface) {
906                 int a;
907                 struct usb_host_endpoint *isoc_out_ep = NULL;
908                 struct usb_host_endpoint *isoc_in_ep = NULL;
909
910                 for (a = 0; a < isoc_iface->num_altsetting; a++) {
911                         uif = &isoc_iface->altsetting[a];
912                         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
913                                 ep = &uif->endpoint[e];
914
915                                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
916                                 case USB_ENDPOINT_XFER_ISOC:
917                                         if (le16_to_cpu(ep->desc.wMaxPacketSize) < size ||
918                                                         uif->desc.bAlternateSetting != isoc)
919                                                 break;
920                                         size = le16_to_cpu(ep->desc.wMaxPacketSize);
921
922                                         isoc_alts = uif->desc.bAlternateSetting;
923
924                                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
925                                                 isoc_in_ep  = ep;
926                                         else
927                                                 isoc_out_ep = ep;
928                                         break;
929                                 }
930                         }
931                 }
932
933                 if (!isoc_in_ep || !isoc_out_ep)
934                         BT_DBG("Isoc endpoints not found");
935                 else {
936                         BT_DBG("isoc ifnum %d alts %d", isoc_ifnum, isoc_alts);
937                         if (usb_driver_claim_interface(&hci_usb_driver, isoc_iface, husb) != 0)
938                                 BT_ERR("Can't claim isoc interface");
939                         else if (usb_set_interface(udev, isoc_ifnum, isoc_alts)) {
940                                 BT_ERR("Can't set isoc interface settings");
941                                 husb->isoc_iface = isoc_iface;
942                                 usb_driver_release_interface(&hci_usb_driver, isoc_iface);
943                                 husb->isoc_iface = NULL;
944                         } else {
945                                 husb->isoc_iface  = isoc_iface;
946                                 husb->isoc_in_ep  = isoc_in_ep;
947                                 husb->isoc_out_ep = isoc_out_ep;
948                         }
949                 }
950         }
951 #endif
952
953         rwlock_init(&husb->completion_lock);
954
955         for (i = 0; i < 4; i++) {
956                 skb_queue_head_init(&husb->transmit_q[i]);
957                 _urb_queue_init(&husb->pending_q[i]);
958                 _urb_queue_init(&husb->completed_q[i]);
959         }
960
961         /* Initialize and register HCI device */
962         hdev = hci_alloc_dev();
963         if (!hdev) {
964                 BT_ERR("Can't allocate HCI device");
965                 goto probe_error;
966         }
967
968         husb->hdev = hdev;
969
970         hdev->type = HCI_USB;
971         hdev->driver_data = husb;
972         SET_HCIDEV_DEV(hdev, &intf->dev);
973
974         hdev->open     = hci_usb_open;
975         hdev->close    = hci_usb_close;
976         hdev->flush    = hci_usb_flush;
977         hdev->send     = hci_usb_send_frame;
978         hdev->destruct = hci_usb_destruct;
979         hdev->notify   = hci_usb_notify;
980
981         hdev->owner = THIS_MODULE;
982
983         if (reset || id->driver_info & HCI_RESET)
984                 set_bit(HCI_QUIRK_RESET_ON_INIT, &hdev->quirks);
985
986         if (id->driver_info & HCI_SNIFFER) {
987                 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
988                         set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
989         }
990
991         if (id->driver_info & HCI_BCM92035) {
992                 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
993                 struct sk_buff *skb;
994
995                 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
996                 if (skb) {
997                         memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
998                         skb_queue_tail(&hdev->driver_init, skb);
999                 }
1000         }
1001
1002         if (hci_register_dev(hdev) < 0) {
1003                 BT_ERR("Can't register HCI device");
1004                 hci_free_dev(hdev);
1005                 goto probe_error;
1006         }
1007
1008         usb_set_intfdata(intf, husb);
1009         return 0;
1010
1011 probe_error:
1012         if (husb->isoc_iface)
1013                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1014         kfree(husb);
1015
1016 done:
1017         return -EIO;
1018 }
1019
1020 static void hci_usb_disconnect(struct usb_interface *intf)
1021 {
1022         struct hci_usb *husb = usb_get_intfdata(intf);
1023         struct hci_dev *hdev;
1024
1025         if (!husb || intf == husb->isoc_iface)
1026                 return;
1027
1028         usb_set_intfdata(intf, NULL);
1029         hdev = husb->hdev;
1030
1031         BT_DBG("%s", hdev->name);
1032
1033         hci_usb_close(hdev);
1034
1035         if (husb->isoc_iface)
1036                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1037
1038         if (hci_unregister_dev(hdev) < 0)
1039                 BT_ERR("Can't unregister HCI device %s", hdev->name);
1040
1041         hci_free_dev(hdev);
1042 }
1043
1044 static struct usb_driver hci_usb_driver = {
1045         .owner          = THIS_MODULE,
1046         .name           = "hci_usb",
1047         .probe          = hci_usb_probe,
1048         .disconnect     = hci_usb_disconnect,
1049         .id_table       = bluetooth_ids,
1050 };
1051
1052 static int __init hci_usb_init(void)
1053 {
1054         int err;
1055
1056         BT_INFO("HCI USB driver ver %s", VERSION);
1057
1058         if ((err = usb_register(&hci_usb_driver)) < 0)
1059                 BT_ERR("Failed to register HCI USB driver");
1060
1061         return err;
1062 }
1063
1064 static void __exit hci_usb_exit(void)
1065 {
1066         usb_deregister(&hci_usb_driver);
1067 }
1068
1069 module_init(hci_usb_init);
1070 module_exit(hci_usb_exit);
1071
1072 module_param(ignore, bool, 0644);
1073 MODULE_PARM_DESC(ignore, "Ignore devices from the matching table");
1074
1075 module_param(ignore_csr, bool, 0644);
1076 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1077
1078 module_param(ignore_sniffer, bool, 0644);
1079 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1080
1081 module_param(reset, bool, 0644);
1082 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1083
1084 #ifdef CONFIG_BT_HCIUSB_SCO
1085 module_param(isoc, int, 0644);
1086 MODULE_PARM_DESC(isoc, "Set isochronous transfers for SCO over HCI support");
1087 #endif
1088
1089 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
1090 MODULE_DESCRIPTION("Bluetooth HCI USB driver ver " VERSION);
1091 MODULE_VERSION(VERSION);
1092 MODULE_LICENSE("GPL");