Merge branch 'upstream-fixes'
[linux-2.6] / drivers / bluetooth / hci_usb.c
1 /* 
2    HCI USB driver for Linux Bluetooth protocol stack (BlueZ)
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
5
6    Copyright (C) 2003 Maxim Krasnyansky <maxk@qualcomm.com>
7
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License version 2 as
10    published by the Free Software Foundation;
11
12    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
17    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
18    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
19    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
21    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
22    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
23    SOFTWARE IS DISCLAIMED.
24 */
25
26 /*
27  * Bluetooth HCI USB driver.
28  * Based on original USB Bluetooth driver for Linux kernel
29  *    Copyright (c) 2000 Greg Kroah-Hartman        <greg@kroah.com>
30  *    Copyright (c) 2000 Mark Douglas Corner       <mcorner@umich.edu>
31  *
32  */
33
34 #include <linux/config.h>
35 #include <linux/module.h>
36
37 #include <linux/kernel.h>
38 #include <linux/init.h>
39 #include <linux/sched.h>
40 #include <linux/unistd.h>
41 #include <linux/types.h>
42 #include <linux/interrupt.h>
43 #include <linux/moduleparam.h>
44
45 #include <linux/slab.h>
46 #include <linux/errno.h>
47 #include <linux/string.h>
48 #include <linux/skbuff.h>
49
50 #include <linux/usb.h>
51
52 #include <net/bluetooth/bluetooth.h>
53 #include <net/bluetooth/hci_core.h>
54
55 #include "hci_usb.h"
56
57 #ifndef CONFIG_BT_HCIUSB_DEBUG
58 #undef  BT_DBG
59 #define BT_DBG(D...)
60 #endif
61
62 #ifndef CONFIG_BT_HCIUSB_ZERO_PACKET
63 #undef  URB_ZERO_PACKET
64 #define URB_ZERO_PACKET 0
65 #endif
66
67 static int ignore = 0;
68 static int ignore_dga = 0;
69 static int ignore_csr = 0;
70 static int ignore_sniffer = 0;
71 static int reset = 0;
72
73 #ifdef CONFIG_BT_HCIUSB_SCO
74 static int isoc = 2;
75 #endif
76
77 #define VERSION "2.9"
78
79 static struct usb_driver hci_usb_driver; 
80
81 static struct usb_device_id bluetooth_ids[] = {
82         /* Generic Bluetooth USB device */
83         { USB_DEVICE_INFO(HCI_DEV_CLASS, HCI_DEV_SUBCLASS, HCI_DEV_PROTOCOL) },
84
85         /* AVM BlueFRITZ! USB v2.0 */
86         { USB_DEVICE(0x057c, 0x3800) },
87
88         /* Bluetooth Ultraport Module from IBM */
89         { USB_DEVICE(0x04bf, 0x030a) },
90
91         /* ALPS Modules with non-standard id */
92         { USB_DEVICE(0x044e, 0x3001) },
93         { USB_DEVICE(0x044e, 0x3002) },
94
95         /* Ericsson with non-standard id */
96         { USB_DEVICE(0x0bdb, 0x1002) },
97
98         { }     /* Terminating entry */
99 };
100
101 MODULE_DEVICE_TABLE (usb, bluetooth_ids);
102
103 static struct usb_device_id blacklist_ids[] = {
104         /* CSR BlueCore devices */
105         { USB_DEVICE(0x0a12, 0x0001), .driver_info = HCI_CSR },
106
107         /* Broadcom BCM2033 without firmware */
108         { USB_DEVICE(0x0a5c, 0x2033), .driver_info = HCI_IGNORE },
109
110         /* Broadcom BCM2035 */
111         { USB_DEVICE(0x0a5c, 0x200a), .driver_info = HCI_RESET | HCI_BROKEN_ISOC },
112         { USB_DEVICE(0x0a5c, 0x2009), .driver_info = HCI_BCM92035 },
113
114         /* Microsoft Wireless Transceiver for Bluetooth 2.0 */
115         { USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET },
116
117         /* Kensington Bluetooth USB adapter */
118         { USB_DEVICE(0x047d, 0x105d), .driver_info = HCI_RESET },
119
120         /* ISSC Bluetooth Adapter v3.1 */
121         { USB_DEVICE(0x1131, 0x1001), .driver_info = HCI_RESET },
122
123         /* RTX Telecom based adapter with buggy SCO support */
124         { USB_DEVICE(0x0400, 0x0807), .driver_info = HCI_BROKEN_ISOC },
125
126         /* Digianswer devices */
127         { USB_DEVICE(0x08fd, 0x0001), .driver_info = HCI_DIGIANSWER },
128         { USB_DEVICE(0x08fd, 0x0002), .driver_info = HCI_IGNORE },
129
130         /* CSR BlueCore Bluetooth Sniffer */
131         { USB_DEVICE(0x0a12, 0x0002), .driver_info = HCI_SNIFFER },
132
133         { }     /* Terminating entry */
134 };
135
136 static struct _urb *_urb_alloc(int isoc, gfp_t gfp)
137 {
138         struct _urb *_urb = kmalloc(sizeof(struct _urb) +
139                                 sizeof(struct usb_iso_packet_descriptor) * isoc, gfp);
140         if (_urb) {
141                 memset(_urb, 0, sizeof(*_urb));
142                 usb_init_urb(&_urb->urb);
143         }
144         return _urb;
145 }
146
147 static struct _urb *_urb_dequeue(struct _urb_queue *q)
148 {
149         struct _urb *_urb = NULL;
150         unsigned long flags;
151         spin_lock_irqsave(&q->lock, flags);
152         {
153                 struct list_head *head = &q->head;
154                 struct list_head *next = head->next;
155                 if (next != head) {
156                         _urb = list_entry(next, struct _urb, list);
157                         list_del(next); _urb->queue = NULL;
158                 }
159         }
160         spin_unlock_irqrestore(&q->lock, flags);
161         return _urb;
162 }
163
164 static void hci_usb_rx_complete(struct urb *urb, struct pt_regs *regs);
165 static void hci_usb_tx_complete(struct urb *urb, struct pt_regs *regs);
166
167 #define __pending_tx(husb, type)  (&husb->pending_tx[type-1])
168 #define __pending_q(husb, type)   (&husb->pending_q[type-1])
169 #define __completed_q(husb, type) (&husb->completed_q[type-1])
170 #define __transmit_q(husb, type)  (&husb->transmit_q[type-1])
171 #define __reassembly(husb, type)  (husb->reassembly[type-1])
172
173 static inline struct _urb *__get_completed(struct hci_usb *husb, int type)
174 {
175         return _urb_dequeue(__completed_q(husb, type)); 
176 }
177
178 #ifdef CONFIG_BT_HCIUSB_SCO
179 static void __fill_isoc_desc(struct urb *urb, int len, int mtu)
180 {
181         int offset = 0, i;
182
183         BT_DBG("len %d mtu %d", len, mtu);
184
185         for (i=0; i < HCI_MAX_ISOC_FRAMES && len >= mtu; i++, offset += mtu, len -= mtu) {
186                 urb->iso_frame_desc[i].offset = offset;
187                 urb->iso_frame_desc[i].length = mtu;
188                 BT_DBG("desc %d offset %d len %d", i, offset, mtu);
189         }
190         if (len && i < HCI_MAX_ISOC_FRAMES) {
191                 urb->iso_frame_desc[i].offset = offset;
192                 urb->iso_frame_desc[i].length = len;
193                 BT_DBG("desc %d offset %d len %d", i, offset, len);
194                 i++;
195         }
196         urb->number_of_packets = i;
197 }
198 #endif
199
200 static int hci_usb_intr_rx_submit(struct hci_usb *husb)
201 {
202         struct _urb *_urb;
203         struct urb *urb;
204         int err, pipe, interval, size;
205         void *buf;
206
207         BT_DBG("%s", husb->hdev->name);
208
209         size = le16_to_cpu(husb->intr_in_ep->desc.wMaxPacketSize);
210
211         buf = kmalloc(size, GFP_ATOMIC);
212         if (!buf)
213                 return -ENOMEM;
214
215         _urb = _urb_alloc(0, GFP_ATOMIC);
216         if (!_urb) {
217                 kfree(buf);
218                 return -ENOMEM;
219         }
220         _urb->type = HCI_EVENT_PKT;
221         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
222
223         urb = &_urb->urb;
224         pipe     = usb_rcvintpipe(husb->udev, husb->intr_in_ep->desc.bEndpointAddress);
225         interval = husb->intr_in_ep->desc.bInterval;
226         usb_fill_int_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb, interval);
227         
228         err = usb_submit_urb(urb, GFP_ATOMIC);
229         if (err) {
230                 BT_ERR("%s intr rx submit failed urb %p err %d",
231                                 husb->hdev->name, urb, err);
232                 _urb_unlink(_urb);
233                 _urb_free(_urb);
234                 kfree(buf);
235         }
236         return err;
237 }
238
239 static int hci_usb_bulk_rx_submit(struct hci_usb *husb)
240 {
241         struct _urb *_urb;
242         struct urb *urb;
243         int err, pipe, size = HCI_MAX_FRAME_SIZE;
244         void *buf;
245
246         buf = kmalloc(size, GFP_ATOMIC);
247         if (!buf)
248                 return -ENOMEM;
249
250         _urb = _urb_alloc(0, GFP_ATOMIC);
251         if (!_urb) {
252                 kfree(buf);
253                 return -ENOMEM;
254         }
255         _urb->type = HCI_ACLDATA_PKT;
256         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
257
258         urb  = &_urb->urb;
259         pipe = usb_rcvbulkpipe(husb->udev, husb->bulk_in_ep->desc.bEndpointAddress);
260         usb_fill_bulk_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb);
261         urb->transfer_flags = 0;
262
263         BT_DBG("%s urb %p", husb->hdev->name, urb);
264
265         err = usb_submit_urb(urb, GFP_ATOMIC);
266         if (err) {
267                 BT_ERR("%s bulk rx submit failed urb %p err %d",
268                                 husb->hdev->name, urb, err);
269                 _urb_unlink(_urb);
270                 _urb_free(_urb);
271                 kfree(buf);
272         }
273         return err;
274 }
275
276 #ifdef CONFIG_BT_HCIUSB_SCO
277 static int hci_usb_isoc_rx_submit(struct hci_usb *husb)
278 {
279         struct _urb *_urb;
280         struct urb *urb;
281         int err, mtu, size;
282         void *buf;
283
284         mtu  = le16_to_cpu(husb->isoc_in_ep->desc.wMaxPacketSize);
285         size = mtu * HCI_MAX_ISOC_FRAMES;
286
287         buf = kmalloc(size, GFP_ATOMIC);
288         if (!buf)
289                 return -ENOMEM;
290
291         _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
292         if (!_urb) {
293                 kfree(buf);
294                 return -ENOMEM;
295         }
296         _urb->type = HCI_SCODATA_PKT;
297         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
298
299         urb = &_urb->urb;
300
301         urb->context  = husb;
302         urb->dev      = husb->udev;
303         urb->pipe     = usb_rcvisocpipe(husb->udev, husb->isoc_in_ep->desc.bEndpointAddress);
304         urb->complete = hci_usb_rx_complete;
305
306         urb->interval = husb->isoc_in_ep->desc.bInterval;
307
308         urb->transfer_buffer_length = size;
309         urb->transfer_buffer = buf;
310         urb->transfer_flags  = URB_ISO_ASAP;
311
312         __fill_isoc_desc(urb, size, mtu);
313
314         BT_DBG("%s urb %p", husb->hdev->name, urb);
315
316         err = usb_submit_urb(urb, GFP_ATOMIC);
317         if (err) {
318                 BT_ERR("%s isoc rx submit failed urb %p err %d",
319                                 husb->hdev->name, urb, err);
320                 _urb_unlink(_urb);
321                 _urb_free(_urb);
322                 kfree(buf);
323         }
324         return err;
325 }
326 #endif
327
328 /* Initialize device */
329 static int hci_usb_open(struct hci_dev *hdev)
330 {
331         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
332         int i, err;
333         unsigned long flags;
334
335         BT_DBG("%s", hdev->name);
336
337         if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
338                 return 0;
339
340         write_lock_irqsave(&husb->completion_lock, flags);
341
342         err = hci_usb_intr_rx_submit(husb);
343         if (!err) {
344                 for (i = 0; i < HCI_MAX_BULK_RX; i++)
345                         hci_usb_bulk_rx_submit(husb);
346
347 #ifdef CONFIG_BT_HCIUSB_SCO
348                 if (husb->isoc_iface)
349                         for (i = 0; i < HCI_MAX_ISOC_RX; i++)
350                                 hci_usb_isoc_rx_submit(husb);
351 #endif
352         } else {
353                 clear_bit(HCI_RUNNING, &hdev->flags);
354         }
355
356         write_unlock_irqrestore(&husb->completion_lock, flags);
357         return err;
358 }
359
360 /* Reset device */
361 static int hci_usb_flush(struct hci_dev *hdev)
362 {
363         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
364         int i;
365
366         BT_DBG("%s", hdev->name);
367
368         for (i = 0; i < 4; i++)
369                 skb_queue_purge(&husb->transmit_q[i]);
370         return 0;
371 }
372
373 static void hci_usb_unlink_urbs(struct hci_usb *husb)
374 {
375         int i;
376
377         BT_DBG("%s", husb->hdev->name);
378
379         for (i = 0; i < 4; i++) {
380                 struct _urb *_urb;
381                 struct urb *urb;
382
383                 /* Kill pending requests */
384                 while ((_urb = _urb_dequeue(&husb->pending_q[i]))) {
385                         urb = &_urb->urb;
386                         BT_DBG("%s unlinking _urb %p type %d urb %p", 
387                                         husb->hdev->name, _urb, _urb->type, urb);
388                         usb_kill_urb(urb);
389                         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
390                 }
391
392                 /* Release completed requests */
393                 while ((_urb = _urb_dequeue(&husb->completed_q[i]))) {
394                         urb = &_urb->urb;
395                         BT_DBG("%s freeing _urb %p type %d urb %p",
396                                         husb->hdev->name, _urb, _urb->type, urb);
397                         kfree(urb->setup_packet);
398                         kfree(urb->transfer_buffer);
399                         _urb_free(_urb);
400                 }
401
402                 /* Release reassembly buffers */
403                 if (husb->reassembly[i]) {
404                         kfree_skb(husb->reassembly[i]);
405                         husb->reassembly[i] = NULL;
406                 }
407         }
408 }
409
410 /* Close device */
411 static int hci_usb_close(struct hci_dev *hdev)
412 {
413         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
414         unsigned long flags;
415
416         if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
417                 return 0;
418
419         BT_DBG("%s", hdev->name);
420
421         /* Synchronize with completion handlers */
422         write_lock_irqsave(&husb->completion_lock, flags);
423         write_unlock_irqrestore(&husb->completion_lock, flags);
424
425         hci_usb_unlink_urbs(husb);
426         hci_usb_flush(hdev);
427         return 0;
428 }
429
430 static int __tx_submit(struct hci_usb *husb, struct _urb *_urb)
431 {
432         struct urb *urb = &_urb->urb;
433         int err;
434
435         BT_DBG("%s urb %p type %d", husb->hdev->name, urb, _urb->type);
436
437         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
438         err = usb_submit_urb(urb, GFP_ATOMIC);
439         if (err) {
440                 BT_ERR("%s tx submit failed urb %p type %d err %d",
441                                 husb->hdev->name, urb, _urb->type, err);
442                 _urb_unlink(_urb);
443                 _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
444         } else
445                 atomic_inc(__pending_tx(husb, _urb->type));
446
447         return err;
448 }
449
450 static inline int hci_usb_send_ctrl(struct hci_usb *husb, struct sk_buff *skb)
451 {
452         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
453         struct usb_ctrlrequest *dr;
454         struct urb *urb;
455
456         if (!_urb) {
457                 _urb = _urb_alloc(0, GFP_ATOMIC);
458                 if (!_urb)
459                         return -ENOMEM;
460                 _urb->type = bt_cb(skb)->pkt_type;
461
462                 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
463                 if (!dr) {
464                         _urb_free(_urb);
465                         return -ENOMEM;
466                 }
467         } else
468                 dr = (void *) _urb->urb.setup_packet;
469
470         dr->bRequestType = husb->ctrl_req;
471         dr->bRequest = 0;
472         dr->wIndex   = 0;
473         dr->wValue   = 0;
474         dr->wLength  = __cpu_to_le16(skb->len);
475
476         urb = &_urb->urb;
477         usb_fill_control_urb(urb, husb->udev, usb_sndctrlpipe(husb->udev, 0),
478                 (void *) dr, skb->data, skb->len, hci_usb_tx_complete, husb);
479
480         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
481         
482         _urb->priv = skb;
483         return __tx_submit(husb, _urb);
484 }
485
486 static inline int hci_usb_send_bulk(struct hci_usb *husb, struct sk_buff *skb)
487 {
488         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
489         struct urb *urb;
490         int pipe;
491
492         if (!_urb) {
493                 _urb = _urb_alloc(0, GFP_ATOMIC);
494                 if (!_urb)
495                         return -ENOMEM;
496                 _urb->type = bt_cb(skb)->pkt_type;
497         }
498
499         urb  = &_urb->urb;
500         pipe = usb_sndbulkpipe(husb->udev, husb->bulk_out_ep->desc.bEndpointAddress);
501         usb_fill_bulk_urb(urb, husb->udev, pipe, skb->data, skb->len, 
502                         hci_usb_tx_complete, husb);
503         urb->transfer_flags = URB_ZERO_PACKET;
504
505         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
506
507         _urb->priv = skb;
508         return __tx_submit(husb, _urb);
509 }
510
511 #ifdef CONFIG_BT_HCIUSB_SCO
512 static inline int hci_usb_send_isoc(struct hci_usb *husb, struct sk_buff *skb)
513 {
514         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
515         struct urb *urb;
516
517         if (!_urb) {
518                 _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
519                 if (!_urb)
520                         return -ENOMEM;
521                 _urb->type = bt_cb(skb)->pkt_type;
522         }
523
524         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
525
526         urb = &_urb->urb;
527
528         urb->context  = husb;
529         urb->dev      = husb->udev;
530         urb->pipe     = usb_sndisocpipe(husb->udev, husb->isoc_out_ep->desc.bEndpointAddress);
531         urb->complete = hci_usb_tx_complete;
532         urb->transfer_flags = URB_ISO_ASAP;
533
534         urb->interval = husb->isoc_out_ep->desc.bInterval;
535
536         urb->transfer_buffer = skb->data;
537         urb->transfer_buffer_length = skb->len;
538
539         __fill_isoc_desc(urb, skb->len, le16_to_cpu(husb->isoc_out_ep->desc.wMaxPacketSize));
540
541         _urb->priv = skb;
542         return __tx_submit(husb, _urb);
543 }
544 #endif
545
546 static void hci_usb_tx_process(struct hci_usb *husb)
547 {
548         struct sk_buff_head *q;
549         struct sk_buff *skb;
550
551         BT_DBG("%s", husb->hdev->name);
552
553         do {
554                 clear_bit(HCI_USB_TX_WAKEUP, &husb->state);
555
556                 /* Process command queue */
557                 q = __transmit_q(husb, HCI_COMMAND_PKT);
558                 if (!atomic_read(__pending_tx(husb, HCI_COMMAND_PKT)) &&
559                                 (skb = skb_dequeue(q))) {
560                         if (hci_usb_send_ctrl(husb, skb) < 0)
561                                 skb_queue_head(q, skb);
562                 }
563
564 #ifdef CONFIG_BT_HCIUSB_SCO
565                 /* Process SCO queue */
566                 q = __transmit_q(husb, HCI_SCODATA_PKT);
567                 if (atomic_read(__pending_tx(husb, HCI_SCODATA_PKT)) < HCI_MAX_ISOC_TX &&
568                                 (skb = skb_dequeue(q))) {
569                         if (hci_usb_send_isoc(husb, skb) < 0)
570                                 skb_queue_head(q, skb);
571                 }
572 #endif
573
574                 /* Process ACL queue */
575                 q = __transmit_q(husb, HCI_ACLDATA_PKT);
576                 while (atomic_read(__pending_tx(husb, HCI_ACLDATA_PKT)) < HCI_MAX_BULK_TX &&
577                                 (skb = skb_dequeue(q))) {
578                         if (hci_usb_send_bulk(husb, skb) < 0) {
579                                 skb_queue_head(q, skb);
580                                 break;
581                         }
582                 }
583         } while(test_bit(HCI_USB_TX_WAKEUP, &husb->state));
584 }
585
586 static inline void hci_usb_tx_wakeup(struct hci_usb *husb)
587 {
588         /* Serialize TX queue processing to avoid data reordering */
589         if (!test_and_set_bit(HCI_USB_TX_PROCESS, &husb->state)) {
590                 hci_usb_tx_process(husb);
591                 clear_bit(HCI_USB_TX_PROCESS, &husb->state);
592         } else
593                 set_bit(HCI_USB_TX_WAKEUP, &husb->state);
594 }
595
596 /* Send frames from HCI layer */
597 static int hci_usb_send_frame(struct sk_buff *skb)
598 {
599         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
600         struct hci_usb *husb;
601
602         if (!hdev) {
603                 BT_ERR("frame for uknown device (hdev=NULL)");
604                 return -ENODEV;
605         }
606
607         if (!test_bit(HCI_RUNNING, &hdev->flags))
608                 return -EBUSY;
609
610         BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
611
612         husb = (struct hci_usb *) hdev->driver_data;
613
614         switch (bt_cb(skb)->pkt_type) {
615         case HCI_COMMAND_PKT:
616                 hdev->stat.cmd_tx++;
617                 break;
618
619         case HCI_ACLDATA_PKT:
620                 hdev->stat.acl_tx++;
621                 break;
622
623 #ifdef CONFIG_BT_HCIUSB_SCO
624         case HCI_SCODATA_PKT:
625                 hdev->stat.sco_tx++;
626                 break;
627 #endif
628
629         default:
630                 kfree_skb(skb);
631                 return 0;
632         }
633
634         read_lock(&husb->completion_lock);
635
636         skb_queue_tail(__transmit_q(husb, bt_cb(skb)->pkt_type), skb);
637         hci_usb_tx_wakeup(husb);
638
639         read_unlock(&husb->completion_lock);
640         return 0;
641 }
642
643 static inline int __recv_frame(struct hci_usb *husb, int type, void *data, int count)
644 {
645         BT_DBG("%s type %d data %p count %d", husb->hdev->name, type, data, count);
646
647         husb->hdev->stat.byte_rx += count;
648
649         while (count) {
650                 struct sk_buff *skb = __reassembly(husb, type);
651                 struct { int expect; } *scb;
652                 int len = 0;
653         
654                 if (!skb) {
655                         /* Start of the frame */
656
657                         switch (type) {
658                         case HCI_EVENT_PKT:
659                                 if (count >= HCI_EVENT_HDR_SIZE) {
660                                         struct hci_event_hdr *h = data;
661                                         len = HCI_EVENT_HDR_SIZE + h->plen;
662                                 } else
663                                         return -EILSEQ;
664                                 break;
665
666                         case HCI_ACLDATA_PKT:
667                                 if (count >= HCI_ACL_HDR_SIZE) {
668                                         struct hci_acl_hdr *h = data;
669                                         len = HCI_ACL_HDR_SIZE + __le16_to_cpu(h->dlen);
670                                 } else
671                                         return -EILSEQ;
672                                 break;
673 #ifdef CONFIG_BT_HCIUSB_SCO
674                         case HCI_SCODATA_PKT:
675                                 if (count >= HCI_SCO_HDR_SIZE) {
676                                         struct hci_sco_hdr *h = data;
677                                         len = HCI_SCO_HDR_SIZE + h->dlen;
678                                 } else
679                                         return -EILSEQ;
680                                 break;
681 #endif
682                         }
683                         BT_DBG("new packet len %d", len);
684
685                         skb = bt_skb_alloc(len, GFP_ATOMIC);
686                         if (!skb) {
687                                 BT_ERR("%s no memory for the packet", husb->hdev->name);
688                                 return -ENOMEM;
689                         }
690                         skb->dev = (void *) husb->hdev;
691                         bt_cb(skb)->pkt_type = type;
692         
693                         __reassembly(husb, type) = skb;
694
695                         scb = (void *) skb->cb;
696                         scb->expect = len;
697                 } else {
698                         /* Continuation */
699                         scb = (void *) skb->cb;
700                         len = scb->expect;
701                 }
702
703                 len = min(len, count);
704                 
705                 memcpy(skb_put(skb, len), data, len);
706
707                 scb->expect -= len;
708                 if (!scb->expect) {
709                         /* Complete frame */
710                         __reassembly(husb, type) = NULL;
711                         bt_cb(skb)->pkt_type = type;
712                         hci_recv_frame(skb);
713                 }
714
715                 count -= len; data += len;
716         }
717         return 0;
718 }
719
720 static void hci_usb_rx_complete(struct urb *urb, struct pt_regs *regs)
721 {
722         struct _urb *_urb = container_of(urb, struct _urb, urb);
723         struct hci_usb *husb = (void *) urb->context;
724         struct hci_dev *hdev = husb->hdev;
725         int err, count = urb->actual_length;
726
727         BT_DBG("%s urb %p type %d status %d count %d flags %x", hdev->name, urb,
728                         _urb->type, urb->status, count, urb->transfer_flags);
729
730         read_lock(&husb->completion_lock);
731
732         if (!test_bit(HCI_RUNNING, &hdev->flags))
733                 goto unlock;
734
735         if (urb->status || !count)
736                 goto resubmit;
737
738         if (_urb->type == HCI_SCODATA_PKT) {
739 #ifdef CONFIG_BT_HCIUSB_SCO
740                 int i;
741                 for (i=0; i < urb->number_of_packets; i++) {
742                         BT_DBG("desc %d status %d offset %d len %d", i,
743                                         urb->iso_frame_desc[i].status,
744                                         urb->iso_frame_desc[i].offset,
745                                         urb->iso_frame_desc[i].actual_length);
746         
747                         if (!urb->iso_frame_desc[i].status)
748                                 __recv_frame(husb, _urb->type, 
749                                         urb->transfer_buffer + urb->iso_frame_desc[i].offset,
750                                         urb->iso_frame_desc[i].actual_length);
751                 }
752 #else
753                 ;
754 #endif
755         } else {
756                 err = __recv_frame(husb, _urb->type, urb->transfer_buffer, count);
757                 if (err < 0) { 
758                         BT_ERR("%s corrupted packet: type %d count %d",
759                                         husb->hdev->name, _urb->type, count);
760                         hdev->stat.err_rx++;
761                 }
762         }
763
764 resubmit:
765         urb->dev = husb->udev;
766         err = usb_submit_urb(urb, GFP_ATOMIC);
767         BT_DBG("%s urb %p type %d resubmit status %d", hdev->name, urb,
768                         _urb->type, err);
769
770 unlock:
771         read_unlock(&husb->completion_lock);
772 }
773
774 static void hci_usb_tx_complete(struct urb *urb, struct pt_regs *regs)
775 {
776         struct _urb *_urb = container_of(urb, struct _urb, urb);
777         struct hci_usb *husb = (void *) urb->context;
778         struct hci_dev *hdev = husb->hdev;
779
780         BT_DBG("%s urb %p status %d flags %x", hdev->name, urb,
781                         urb->status, urb->transfer_flags);
782
783         atomic_dec(__pending_tx(husb, _urb->type));
784
785         urb->transfer_buffer = NULL;
786         kfree_skb((struct sk_buff *) _urb->priv);
787
788         if (!test_bit(HCI_RUNNING, &hdev->flags))
789                 return;
790
791         if (!urb->status)
792                 hdev->stat.byte_tx += urb->transfer_buffer_length;
793         else
794                 hdev->stat.err_tx++;
795
796         read_lock(&husb->completion_lock);
797
798         _urb_unlink(_urb);
799         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
800
801         hci_usb_tx_wakeup(husb);
802
803         read_unlock(&husb->completion_lock);
804 }
805
806 static void hci_usb_destruct(struct hci_dev *hdev)
807 {
808         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
809
810         BT_DBG("%s", hdev->name);
811
812         kfree(husb);
813 }
814
815 static void hci_usb_notify(struct hci_dev *hdev, unsigned int evt)
816 {
817         BT_DBG("%s evt %d", hdev->name, evt);
818 }
819
820 static int hci_usb_probe(struct usb_interface *intf, const struct usb_device_id *id)
821 {
822         struct usb_device *udev = interface_to_usbdev(intf);
823         struct usb_host_endpoint *bulk_out_ep = NULL;
824         struct usb_host_endpoint *bulk_in_ep = NULL;
825         struct usb_host_endpoint *intr_in_ep = NULL;
826         struct usb_host_endpoint  *ep;
827         struct usb_host_interface *uif;
828         struct usb_interface *isoc_iface;
829         struct hci_usb *husb;
830         struct hci_dev *hdev;
831         int i, e, size, isoc_ifnum, isoc_alts;
832
833         BT_DBG("udev %p intf %p", udev, intf);
834
835         if (!id->driver_info) {
836                 const struct usb_device_id *match;
837                 match = usb_match_id(intf, blacklist_ids);
838                 if (match)
839                         id = match;
840         }
841
842         if (ignore || id->driver_info & HCI_IGNORE)
843                 return -ENODEV;
844
845         if (ignore_dga && id->driver_info & HCI_DIGIANSWER)
846                 return -ENODEV;
847
848         if (ignore_csr && id->driver_info & HCI_CSR)
849                 return -ENODEV;
850
851         if (ignore_sniffer && id->driver_info & HCI_SNIFFER)
852                 return -ENODEV;
853
854         if (intf->cur_altsetting->desc.bInterfaceNumber > 0)
855                 return -ENODEV;
856
857         /* Find endpoints that we need */
858         uif = intf->cur_altsetting;
859         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
860                 ep = &uif->endpoint[e];
861
862                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
863                 case USB_ENDPOINT_XFER_INT:
864                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
865                                 intr_in_ep = ep;
866                         break;
867
868                 case USB_ENDPOINT_XFER_BULK:
869                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
870                                 bulk_in_ep  = ep;
871                         else
872                                 bulk_out_ep = ep;
873                         break;
874                 }
875         }
876
877         if (!bulk_in_ep || !bulk_out_ep || !intr_in_ep) {
878                 BT_DBG("Bulk endpoints not found");
879                 goto done;
880         }
881
882         if (!(husb = kzalloc(sizeof(struct hci_usb), GFP_KERNEL))) {
883                 BT_ERR("Can't allocate: control structure");
884                 goto done;
885         }
886
887         husb->udev = udev;
888         husb->bulk_out_ep = bulk_out_ep;
889         husb->bulk_in_ep  = bulk_in_ep;
890         husb->intr_in_ep  = intr_in_ep;
891
892         if (id->driver_info & HCI_DIGIANSWER)
893                 husb->ctrl_req = USB_TYPE_VENDOR;
894         else
895                 husb->ctrl_req = USB_TYPE_CLASS;
896
897         /* Find isochronous endpoints that we can use */
898         size = 0; 
899         isoc_iface = NULL;
900         isoc_alts  = 0;
901         isoc_ifnum = 1;
902
903 #ifdef CONFIG_BT_HCIUSB_SCO
904         if (isoc && !(id->driver_info & (HCI_BROKEN_ISOC | HCI_SNIFFER)))
905                 isoc_iface = usb_ifnum_to_if(udev, isoc_ifnum);
906
907         if (isoc_iface) {
908                 int a;
909                 struct usb_host_endpoint *isoc_out_ep = NULL;
910                 struct usb_host_endpoint *isoc_in_ep = NULL;
911
912                 for (a = 0; a < isoc_iface->num_altsetting; a++) {
913                         uif = &isoc_iface->altsetting[a];
914                         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
915                                 ep = &uif->endpoint[e];
916
917                                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
918                                 case USB_ENDPOINT_XFER_ISOC:
919                                         if (le16_to_cpu(ep->desc.wMaxPacketSize) < size ||
920                                                         uif->desc.bAlternateSetting != isoc)
921                                                 break;
922                                         size = le16_to_cpu(ep->desc.wMaxPacketSize);
923
924                                         isoc_alts = uif->desc.bAlternateSetting;
925
926                                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
927                                                 isoc_in_ep  = ep;
928                                         else
929                                                 isoc_out_ep = ep;
930                                         break;
931                                 }
932                         }
933                 }
934
935                 if (!isoc_in_ep || !isoc_out_ep)
936                         BT_DBG("Isoc endpoints not found");
937                 else {
938                         BT_DBG("isoc ifnum %d alts %d", isoc_ifnum, isoc_alts);
939                         if (usb_driver_claim_interface(&hci_usb_driver, isoc_iface, husb) != 0)
940                                 BT_ERR("Can't claim isoc interface");
941                         else if (usb_set_interface(udev, isoc_ifnum, isoc_alts)) {
942                                 BT_ERR("Can't set isoc interface settings");
943                                 husb->isoc_iface = isoc_iface;
944                                 usb_driver_release_interface(&hci_usb_driver, isoc_iface);
945                                 husb->isoc_iface = NULL;
946                         } else {
947                                 husb->isoc_iface  = isoc_iface;
948                                 husb->isoc_in_ep  = isoc_in_ep;
949                                 husb->isoc_out_ep = isoc_out_ep;
950                         }
951                 }
952         }
953 #endif
954
955         rwlock_init(&husb->completion_lock);
956
957         for (i = 0; i < 4; i++) {
958                 skb_queue_head_init(&husb->transmit_q[i]);
959                 _urb_queue_init(&husb->pending_q[i]);
960                 _urb_queue_init(&husb->completed_q[i]);
961         }
962
963         /* Initialize and register HCI device */
964         hdev = hci_alloc_dev();
965         if (!hdev) {
966                 BT_ERR("Can't allocate HCI device");
967                 goto probe_error;
968         }
969
970         husb->hdev = hdev;
971
972         hdev->type = HCI_USB;
973         hdev->driver_data = husb;
974         SET_HCIDEV_DEV(hdev, &intf->dev);
975
976         hdev->open     = hci_usb_open;
977         hdev->close    = hci_usb_close;
978         hdev->flush    = hci_usb_flush;
979         hdev->send     = hci_usb_send_frame;
980         hdev->destruct = hci_usb_destruct;
981         hdev->notify   = hci_usb_notify;
982
983         hdev->owner = THIS_MODULE;
984
985         if (reset || id->driver_info & HCI_RESET)
986                 set_bit(HCI_QUIRK_RESET_ON_INIT, &hdev->quirks);
987
988         if (id->driver_info & HCI_SNIFFER) {
989                 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
990                         set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
991         }
992
993         if (id->driver_info & HCI_BCM92035) {
994                 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
995                 struct sk_buff *skb;
996
997                 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
998                 if (skb) {
999                         memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1000                         skb_queue_tail(&hdev->driver_init, skb);
1001                 }
1002         }
1003
1004         if (hci_register_dev(hdev) < 0) {
1005                 BT_ERR("Can't register HCI device");
1006                 hci_free_dev(hdev);
1007                 goto probe_error;
1008         }
1009
1010         usb_set_intfdata(intf, husb);
1011         return 0;
1012
1013 probe_error:
1014         if (husb->isoc_iface)
1015                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1016         kfree(husb);
1017
1018 done:
1019         return -EIO;
1020 }
1021
1022 static void hci_usb_disconnect(struct usb_interface *intf)
1023 {
1024         struct hci_usb *husb = usb_get_intfdata(intf);
1025         struct hci_dev *hdev;
1026
1027         if (!husb || intf == husb->isoc_iface)
1028                 return;
1029
1030         usb_set_intfdata(intf, NULL);
1031         hdev = husb->hdev;
1032
1033         BT_DBG("%s", hdev->name);
1034
1035         hci_usb_close(hdev);
1036
1037         if (husb->isoc_iface)
1038                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1039
1040         if (hci_unregister_dev(hdev) < 0)
1041                 BT_ERR("Can't unregister HCI device %s", hdev->name);
1042
1043         hci_free_dev(hdev);
1044 }
1045
1046 static struct usb_driver hci_usb_driver = {
1047         .name           = "hci_usb",
1048         .probe          = hci_usb_probe,
1049         .disconnect     = hci_usb_disconnect,
1050         .id_table       = bluetooth_ids,
1051 };
1052
1053 static int __init hci_usb_init(void)
1054 {
1055         int err;
1056
1057         BT_INFO("HCI USB driver ver %s", VERSION);
1058
1059         if ((err = usb_register(&hci_usb_driver)) < 0)
1060                 BT_ERR("Failed to register HCI USB driver");
1061
1062         return err;
1063 }
1064
1065 static void __exit hci_usb_exit(void)
1066 {
1067         usb_deregister(&hci_usb_driver);
1068 }
1069
1070 module_init(hci_usb_init);
1071 module_exit(hci_usb_exit);
1072
1073 module_param(ignore, bool, 0644);
1074 MODULE_PARM_DESC(ignore, "Ignore devices from the matching table");
1075
1076 module_param(ignore_dga, bool, 0644);
1077 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1078
1079 module_param(ignore_csr, bool, 0644);
1080 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1081
1082 module_param(ignore_sniffer, bool, 0644);
1083 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1084
1085 module_param(reset, bool, 0644);
1086 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1087
1088 #ifdef CONFIG_BT_HCIUSB_SCO
1089 module_param(isoc, int, 0644);
1090 MODULE_PARM_DESC(isoc, "Set isochronous transfers for SCO over HCI support");
1091 #endif
1092
1093 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
1094 MODULE_DESCRIPTION("Bluetooth HCI USB driver ver " VERSION);
1095 MODULE_VERSION(VERSION);
1096 MODULE_LICENSE("GPL");