Merge git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc
[linux-2.6] / drivers / bluetooth / hci_usb.c
1 /* 
2    HCI USB driver for Linux Bluetooth protocol stack (BlueZ)
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
5
6    Copyright (C) 2003 Maxim Krasnyansky <maxk@qualcomm.com>
7
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License version 2 as
10    published by the Free Software Foundation;
11
12    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
17    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
18    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
19    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
21    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
22    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
23    SOFTWARE IS DISCLAIMED.
24 */
25
26 /*
27  * Bluetooth HCI USB driver.
28  * Based on original USB Bluetooth driver for Linux kernel
29  *    Copyright (c) 2000 Greg Kroah-Hartman        <greg@kroah.com>
30  *    Copyright (c) 2000 Mark Douglas Corner       <mcorner@umich.edu>
31  *
32  */
33
34 #include <linux/module.h>
35
36 #include <linux/kernel.h>
37 #include <linux/init.h>
38 #include <linux/sched.h>
39 #include <linux/unistd.h>
40 #include <linux/types.h>
41 #include <linux/interrupt.h>
42 #include <linux/moduleparam.h>
43
44 #include <linux/slab.h>
45 #include <linux/errno.h>
46 #include <linux/string.h>
47 #include <linux/skbuff.h>
48
49 #include <linux/usb.h>
50
51 #include <net/bluetooth/bluetooth.h>
52 #include <net/bluetooth/hci_core.h>
53
54 #include "hci_usb.h"
55
56 #ifndef CONFIG_BT_HCIUSB_DEBUG
57 #undef  BT_DBG
58 #define BT_DBG(D...)
59 #endif
60
61 #ifndef CONFIG_BT_HCIUSB_ZERO_PACKET
62 #undef  URB_ZERO_PACKET
63 #define URB_ZERO_PACKET 0
64 #endif
65
66 static int ignore = 0;
67 static int ignore_dga = 0;
68 static int ignore_csr = 0;
69 static int ignore_sniffer = 0;
70 static int disable_scofix = 0;
71 static int force_scofix = 0;
72 static int reset = 0;
73
74 #ifdef CONFIG_BT_HCIUSB_SCO
75 static int isoc = 2;
76 #endif
77
78 #define VERSION "2.9"
79
80 static struct usb_driver hci_usb_driver; 
81
82 static struct usb_device_id bluetooth_ids[] = {
83         /* Generic Bluetooth USB device */
84         { USB_DEVICE_INFO(HCI_DEV_CLASS, HCI_DEV_SUBCLASS, HCI_DEV_PROTOCOL) },
85
86         /* AVM BlueFRITZ! USB v2.0 */
87         { USB_DEVICE(0x057c, 0x3800) },
88
89         /* Bluetooth Ultraport Module from IBM */
90         { USB_DEVICE(0x04bf, 0x030a) },
91
92         /* ALPS Modules with non-standard id */
93         { USB_DEVICE(0x044e, 0x3001) },
94         { USB_DEVICE(0x044e, 0x3002) },
95
96         /* Ericsson with non-standard id */
97         { USB_DEVICE(0x0bdb, 0x1002) },
98
99         /* Canyon CN-BTU1 with HID interfaces */
100         { USB_DEVICE(0x0c10, 0x0000), .driver_info = HCI_RESET },
101
102         { }     /* Terminating entry */
103 };
104
105 MODULE_DEVICE_TABLE (usb, bluetooth_ids);
106
107 static struct usb_device_id blacklist_ids[] = {
108         /* CSR BlueCore devices */
109         { USB_DEVICE(0x0a12, 0x0001), .driver_info = HCI_CSR },
110
111         /* Broadcom BCM2033 without firmware */
112         { USB_DEVICE(0x0a5c, 0x2033), .driver_info = HCI_IGNORE },
113
114         /* Broadcom BCM2035 */
115         { USB_DEVICE(0x0a5c, 0x200a), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU },
116         { USB_DEVICE(0x0a5c, 0x2009), .driver_info = HCI_BCM92035 },
117
118         /* IBM/Lenovo ThinkPad with Broadcom chip */
119         { USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_WRONG_SCO_MTU },
120
121         /* Microsoft Wireless Transceiver for Bluetooth 2.0 */
122         { USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET },
123
124         /* Kensington Bluetooth USB adapter */
125         { USB_DEVICE(0x047d, 0x105d), .driver_info = HCI_RESET },
126
127         /* ISSC Bluetooth Adapter v3.1 */
128         { USB_DEVICE(0x1131, 0x1001), .driver_info = HCI_RESET },
129
130         /* RTX Telecom based adapters with buggy SCO support */
131         { USB_DEVICE(0x0400, 0x0807), .driver_info = HCI_BROKEN_ISOC },
132         { USB_DEVICE(0x0400, 0x080a), .driver_info = HCI_BROKEN_ISOC },
133
134         /* Belkin F8T012 and F8T013 devices */
135         { USB_DEVICE(0x050d, 0x0012), .driver_info = HCI_WRONG_SCO_MTU },
136         { USB_DEVICE(0x050d, 0x0013), .driver_info = HCI_WRONG_SCO_MTU },
137
138         /* Digianswer devices */
139         { USB_DEVICE(0x08fd, 0x0001), .driver_info = HCI_DIGIANSWER },
140         { USB_DEVICE(0x08fd, 0x0002), .driver_info = HCI_IGNORE },
141
142         /* CSR BlueCore Bluetooth Sniffer */
143         { USB_DEVICE(0x0a12, 0x0002), .driver_info = HCI_SNIFFER },
144
145         /* Frontline ComProbe Bluetooth Sniffer */
146         { USB_DEVICE(0x16d3, 0x0002), .driver_info = HCI_SNIFFER },
147
148         { }     /* Terminating entry */
149 };
150
151 static struct _urb *_urb_alloc(int isoc, gfp_t gfp)
152 {
153         struct _urb *_urb = kmalloc(sizeof(struct _urb) +
154                                 sizeof(struct usb_iso_packet_descriptor) * isoc, gfp);
155         if (_urb) {
156                 memset(_urb, 0, sizeof(*_urb));
157                 usb_init_urb(&_urb->urb);
158         }
159         return _urb;
160 }
161
162 static struct _urb *_urb_dequeue(struct _urb_queue *q)
163 {
164         struct _urb *_urb = NULL;
165         unsigned long flags;
166         spin_lock_irqsave(&q->lock, flags);
167         {
168                 struct list_head *head = &q->head;
169                 struct list_head *next = head->next;
170                 if (next != head) {
171                         _urb = list_entry(next, struct _urb, list);
172                         list_del(next); _urb->queue = NULL;
173                 }
174         }
175         spin_unlock_irqrestore(&q->lock, flags);
176         return _urb;
177 }
178
179 static void hci_usb_rx_complete(struct urb *urb, struct pt_regs *regs);
180 static void hci_usb_tx_complete(struct urb *urb, struct pt_regs *regs);
181
182 #define __pending_tx(husb, type)  (&husb->pending_tx[type-1])
183 #define __pending_q(husb, type)   (&husb->pending_q[type-1])
184 #define __completed_q(husb, type) (&husb->completed_q[type-1])
185 #define __transmit_q(husb, type)  (&husb->transmit_q[type-1])
186 #define __reassembly(husb, type)  (husb->reassembly[type-1])
187
188 static inline struct _urb *__get_completed(struct hci_usb *husb, int type)
189 {
190         return _urb_dequeue(__completed_q(husb, type)); 
191 }
192
193 #ifdef CONFIG_BT_HCIUSB_SCO
194 static void __fill_isoc_desc(struct urb *urb, int len, int mtu)
195 {
196         int offset = 0, i;
197
198         BT_DBG("len %d mtu %d", len, mtu);
199
200         for (i=0; i < HCI_MAX_ISOC_FRAMES && len >= mtu; i++, offset += mtu, len -= mtu) {
201                 urb->iso_frame_desc[i].offset = offset;
202                 urb->iso_frame_desc[i].length = mtu;
203                 BT_DBG("desc %d offset %d len %d", i, offset, mtu);
204         }
205         if (len && i < HCI_MAX_ISOC_FRAMES) {
206                 urb->iso_frame_desc[i].offset = offset;
207                 urb->iso_frame_desc[i].length = len;
208                 BT_DBG("desc %d offset %d len %d", i, offset, len);
209                 i++;
210         }
211         urb->number_of_packets = i;
212 }
213 #endif
214
215 static int hci_usb_intr_rx_submit(struct hci_usb *husb)
216 {
217         struct _urb *_urb;
218         struct urb *urb;
219         int err, pipe, interval, size;
220         void *buf;
221
222         BT_DBG("%s", husb->hdev->name);
223
224         size = le16_to_cpu(husb->intr_in_ep->desc.wMaxPacketSize);
225
226         buf = kmalloc(size, GFP_ATOMIC);
227         if (!buf)
228                 return -ENOMEM;
229
230         _urb = _urb_alloc(0, GFP_ATOMIC);
231         if (!_urb) {
232                 kfree(buf);
233                 return -ENOMEM;
234         }
235         _urb->type = HCI_EVENT_PKT;
236         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
237
238         urb = &_urb->urb;
239         pipe     = usb_rcvintpipe(husb->udev, husb->intr_in_ep->desc.bEndpointAddress);
240         interval = husb->intr_in_ep->desc.bInterval;
241         usb_fill_int_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb, interval);
242         
243         err = usb_submit_urb(urb, GFP_ATOMIC);
244         if (err) {
245                 BT_ERR("%s intr rx submit failed urb %p err %d",
246                                 husb->hdev->name, urb, err);
247                 _urb_unlink(_urb);
248                 _urb_free(_urb);
249                 kfree(buf);
250         }
251         return err;
252 }
253
254 static int hci_usb_bulk_rx_submit(struct hci_usb *husb)
255 {
256         struct _urb *_urb;
257         struct urb *urb;
258         int err, pipe, size = HCI_MAX_FRAME_SIZE;
259         void *buf;
260
261         buf = kmalloc(size, GFP_ATOMIC);
262         if (!buf)
263                 return -ENOMEM;
264
265         _urb = _urb_alloc(0, GFP_ATOMIC);
266         if (!_urb) {
267                 kfree(buf);
268                 return -ENOMEM;
269         }
270         _urb->type = HCI_ACLDATA_PKT;
271         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
272
273         urb  = &_urb->urb;
274         pipe = usb_rcvbulkpipe(husb->udev, husb->bulk_in_ep->desc.bEndpointAddress);
275         usb_fill_bulk_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb);
276         urb->transfer_flags = 0;
277
278         BT_DBG("%s urb %p", husb->hdev->name, urb);
279
280         err = usb_submit_urb(urb, GFP_ATOMIC);
281         if (err) {
282                 BT_ERR("%s bulk rx submit failed urb %p err %d",
283                                 husb->hdev->name, urb, err);
284                 _urb_unlink(_urb);
285                 _urb_free(_urb);
286                 kfree(buf);
287         }
288         return err;
289 }
290
291 #ifdef CONFIG_BT_HCIUSB_SCO
292 static int hci_usb_isoc_rx_submit(struct hci_usb *husb)
293 {
294         struct _urb *_urb;
295         struct urb *urb;
296         int err, mtu, size;
297         void *buf;
298
299         mtu  = le16_to_cpu(husb->isoc_in_ep->desc.wMaxPacketSize);
300         size = mtu * HCI_MAX_ISOC_FRAMES;
301
302         buf = kmalloc(size, GFP_ATOMIC);
303         if (!buf)
304                 return -ENOMEM;
305
306         _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
307         if (!_urb) {
308                 kfree(buf);
309                 return -ENOMEM;
310         }
311         _urb->type = HCI_SCODATA_PKT;
312         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
313
314         urb = &_urb->urb;
315
316         urb->context  = husb;
317         urb->dev      = husb->udev;
318         urb->pipe     = usb_rcvisocpipe(husb->udev, husb->isoc_in_ep->desc.bEndpointAddress);
319         urb->complete = hci_usb_rx_complete;
320
321         urb->interval = husb->isoc_in_ep->desc.bInterval;
322
323         urb->transfer_buffer_length = size;
324         urb->transfer_buffer = buf;
325         urb->transfer_flags  = URB_ISO_ASAP;
326
327         __fill_isoc_desc(urb, size, mtu);
328
329         BT_DBG("%s urb %p", husb->hdev->name, urb);
330
331         err = usb_submit_urb(urb, GFP_ATOMIC);
332         if (err) {
333                 BT_ERR("%s isoc rx submit failed urb %p err %d",
334                                 husb->hdev->name, urb, err);
335                 _urb_unlink(_urb);
336                 _urb_free(_urb);
337                 kfree(buf);
338         }
339         return err;
340 }
341 #endif
342
343 /* Initialize device */
344 static int hci_usb_open(struct hci_dev *hdev)
345 {
346         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
347         int i, err;
348         unsigned long flags;
349
350         BT_DBG("%s", hdev->name);
351
352         if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
353                 return 0;
354
355         write_lock_irqsave(&husb->completion_lock, flags);
356
357         err = hci_usb_intr_rx_submit(husb);
358         if (!err) {
359                 for (i = 0; i < HCI_MAX_BULK_RX; i++)
360                         hci_usb_bulk_rx_submit(husb);
361
362 #ifdef CONFIG_BT_HCIUSB_SCO
363                 if (husb->isoc_iface)
364                         for (i = 0; i < HCI_MAX_ISOC_RX; i++)
365                                 hci_usb_isoc_rx_submit(husb);
366 #endif
367         } else {
368                 clear_bit(HCI_RUNNING, &hdev->flags);
369         }
370
371         write_unlock_irqrestore(&husb->completion_lock, flags);
372         return err;
373 }
374
375 /* Reset device */
376 static int hci_usb_flush(struct hci_dev *hdev)
377 {
378         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
379         int i;
380
381         BT_DBG("%s", hdev->name);
382
383         for (i = 0; i < 4; i++)
384                 skb_queue_purge(&husb->transmit_q[i]);
385         return 0;
386 }
387
388 static void hci_usb_unlink_urbs(struct hci_usb *husb)
389 {
390         int i;
391
392         BT_DBG("%s", husb->hdev->name);
393
394         for (i = 0; i < 4; i++) {
395                 struct _urb *_urb;
396                 struct urb *urb;
397
398                 /* Kill pending requests */
399                 while ((_urb = _urb_dequeue(&husb->pending_q[i]))) {
400                         urb = &_urb->urb;
401                         BT_DBG("%s unlinking _urb %p type %d urb %p", 
402                                         husb->hdev->name, _urb, _urb->type, urb);
403                         usb_kill_urb(urb);
404                         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
405                 }
406
407                 /* Release completed requests */
408                 while ((_urb = _urb_dequeue(&husb->completed_q[i]))) {
409                         urb = &_urb->urb;
410                         BT_DBG("%s freeing _urb %p type %d urb %p",
411                                         husb->hdev->name, _urb, _urb->type, urb);
412                         kfree(urb->setup_packet);
413                         kfree(urb->transfer_buffer);
414                         _urb_free(_urb);
415                 }
416
417                 /* Release reassembly buffers */
418                 if (husb->reassembly[i]) {
419                         kfree_skb(husb->reassembly[i]);
420                         husb->reassembly[i] = NULL;
421                 }
422         }
423 }
424
425 /* Close device */
426 static int hci_usb_close(struct hci_dev *hdev)
427 {
428         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
429         unsigned long flags;
430
431         if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
432                 return 0;
433
434         BT_DBG("%s", hdev->name);
435
436         /* Synchronize with completion handlers */
437         write_lock_irqsave(&husb->completion_lock, flags);
438         write_unlock_irqrestore(&husb->completion_lock, flags);
439
440         hci_usb_unlink_urbs(husb);
441         hci_usb_flush(hdev);
442         return 0;
443 }
444
445 static int __tx_submit(struct hci_usb *husb, struct _urb *_urb)
446 {
447         struct urb *urb = &_urb->urb;
448         int err;
449
450         BT_DBG("%s urb %p type %d", husb->hdev->name, urb, _urb->type);
451
452         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
453         err = usb_submit_urb(urb, GFP_ATOMIC);
454         if (err) {
455                 BT_ERR("%s tx submit failed urb %p type %d err %d",
456                                 husb->hdev->name, urb, _urb->type, err);
457                 _urb_unlink(_urb);
458                 _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
459         } else
460                 atomic_inc(__pending_tx(husb, _urb->type));
461
462         return err;
463 }
464
465 static inline int hci_usb_send_ctrl(struct hci_usb *husb, struct sk_buff *skb)
466 {
467         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
468         struct usb_ctrlrequest *dr;
469         struct urb *urb;
470
471         if (!_urb) {
472                 _urb = _urb_alloc(0, GFP_ATOMIC);
473                 if (!_urb)
474                         return -ENOMEM;
475                 _urb->type = bt_cb(skb)->pkt_type;
476
477                 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
478                 if (!dr) {
479                         _urb_free(_urb);
480                         return -ENOMEM;
481                 }
482         } else
483                 dr = (void *) _urb->urb.setup_packet;
484
485         dr->bRequestType = husb->ctrl_req;
486         dr->bRequest = 0;
487         dr->wIndex   = 0;
488         dr->wValue   = 0;
489         dr->wLength  = __cpu_to_le16(skb->len);
490
491         urb = &_urb->urb;
492         usb_fill_control_urb(urb, husb->udev, usb_sndctrlpipe(husb->udev, 0),
493                 (void *) dr, skb->data, skb->len, hci_usb_tx_complete, husb);
494
495         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
496         
497         _urb->priv = skb;
498         return __tx_submit(husb, _urb);
499 }
500
501 static inline int hci_usb_send_bulk(struct hci_usb *husb, struct sk_buff *skb)
502 {
503         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
504         struct urb *urb;
505         int pipe;
506
507         if (!_urb) {
508                 _urb = _urb_alloc(0, GFP_ATOMIC);
509                 if (!_urb)
510                         return -ENOMEM;
511                 _urb->type = bt_cb(skb)->pkt_type;
512         }
513
514         urb  = &_urb->urb;
515         pipe = usb_sndbulkpipe(husb->udev, husb->bulk_out_ep->desc.bEndpointAddress);
516         usb_fill_bulk_urb(urb, husb->udev, pipe, skb->data, skb->len, 
517                         hci_usb_tx_complete, husb);
518         urb->transfer_flags = URB_ZERO_PACKET;
519
520         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
521
522         _urb->priv = skb;
523         return __tx_submit(husb, _urb);
524 }
525
526 #ifdef CONFIG_BT_HCIUSB_SCO
527 static inline int hci_usb_send_isoc(struct hci_usb *husb, struct sk_buff *skb)
528 {
529         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
530         struct urb *urb;
531
532         if (!_urb) {
533                 _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
534                 if (!_urb)
535                         return -ENOMEM;
536                 _urb->type = bt_cb(skb)->pkt_type;
537         }
538
539         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
540
541         urb = &_urb->urb;
542
543         urb->context  = husb;
544         urb->dev      = husb->udev;
545         urb->pipe     = usb_sndisocpipe(husb->udev, husb->isoc_out_ep->desc.bEndpointAddress);
546         urb->complete = hci_usb_tx_complete;
547         urb->transfer_flags = URB_ISO_ASAP;
548
549         urb->interval = husb->isoc_out_ep->desc.bInterval;
550
551         urb->transfer_buffer = skb->data;
552         urb->transfer_buffer_length = skb->len;
553
554         __fill_isoc_desc(urb, skb->len, le16_to_cpu(husb->isoc_out_ep->desc.wMaxPacketSize));
555
556         _urb->priv = skb;
557         return __tx_submit(husb, _urb);
558 }
559 #endif
560
561 static void hci_usb_tx_process(struct hci_usb *husb)
562 {
563         struct sk_buff_head *q;
564         struct sk_buff *skb;
565
566         BT_DBG("%s", husb->hdev->name);
567
568         do {
569                 clear_bit(HCI_USB_TX_WAKEUP, &husb->state);
570
571                 /* Process command queue */
572                 q = __transmit_q(husb, HCI_COMMAND_PKT);
573                 if (!atomic_read(__pending_tx(husb, HCI_COMMAND_PKT)) &&
574                                 (skb = skb_dequeue(q))) {
575                         if (hci_usb_send_ctrl(husb, skb) < 0)
576                                 skb_queue_head(q, skb);
577                 }
578
579 #ifdef CONFIG_BT_HCIUSB_SCO
580                 /* Process SCO queue */
581                 q = __transmit_q(husb, HCI_SCODATA_PKT);
582                 if (atomic_read(__pending_tx(husb, HCI_SCODATA_PKT)) < HCI_MAX_ISOC_TX &&
583                                 (skb = skb_dequeue(q))) {
584                         if (hci_usb_send_isoc(husb, skb) < 0)
585                                 skb_queue_head(q, skb);
586                 }
587 #endif
588
589                 /* Process ACL queue */
590                 q = __transmit_q(husb, HCI_ACLDATA_PKT);
591                 while (atomic_read(__pending_tx(husb, HCI_ACLDATA_PKT)) < HCI_MAX_BULK_TX &&
592                                 (skb = skb_dequeue(q))) {
593                         if (hci_usb_send_bulk(husb, skb) < 0) {
594                                 skb_queue_head(q, skb);
595                                 break;
596                         }
597                 }
598         } while(test_bit(HCI_USB_TX_WAKEUP, &husb->state));
599 }
600
601 static inline void hci_usb_tx_wakeup(struct hci_usb *husb)
602 {
603         /* Serialize TX queue processing to avoid data reordering */
604         if (!test_and_set_bit(HCI_USB_TX_PROCESS, &husb->state)) {
605                 hci_usb_tx_process(husb);
606                 clear_bit(HCI_USB_TX_PROCESS, &husb->state);
607         } else
608                 set_bit(HCI_USB_TX_WAKEUP, &husb->state);
609 }
610
611 /* Send frames from HCI layer */
612 static int hci_usb_send_frame(struct sk_buff *skb)
613 {
614         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
615         struct hci_usb *husb;
616
617         if (!hdev) {
618                 BT_ERR("frame for uknown device (hdev=NULL)");
619                 return -ENODEV;
620         }
621
622         if (!test_bit(HCI_RUNNING, &hdev->flags))
623                 return -EBUSY;
624
625         BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
626
627         husb = (struct hci_usb *) hdev->driver_data;
628
629         switch (bt_cb(skb)->pkt_type) {
630         case HCI_COMMAND_PKT:
631                 hdev->stat.cmd_tx++;
632                 break;
633
634         case HCI_ACLDATA_PKT:
635                 hdev->stat.acl_tx++;
636                 break;
637
638 #ifdef CONFIG_BT_HCIUSB_SCO
639         case HCI_SCODATA_PKT:
640                 hdev->stat.sco_tx++;
641                 break;
642 #endif
643
644         default:
645                 kfree_skb(skb);
646                 return 0;
647         }
648
649         read_lock(&husb->completion_lock);
650
651         skb_queue_tail(__transmit_q(husb, bt_cb(skb)->pkt_type), skb);
652         hci_usb_tx_wakeup(husb);
653
654         read_unlock(&husb->completion_lock);
655         return 0;
656 }
657
658 static inline int __recv_frame(struct hci_usb *husb, int type, void *data, int count)
659 {
660         BT_DBG("%s type %d data %p count %d", husb->hdev->name, type, data, count);
661
662         husb->hdev->stat.byte_rx += count;
663
664         while (count) {
665                 struct sk_buff *skb = __reassembly(husb, type);
666                 struct { int expect; } *scb;
667                 int len = 0;
668         
669                 if (!skb) {
670                         /* Start of the frame */
671
672                         switch (type) {
673                         case HCI_EVENT_PKT:
674                                 if (count >= HCI_EVENT_HDR_SIZE) {
675                                         struct hci_event_hdr *h = data;
676                                         len = HCI_EVENT_HDR_SIZE + h->plen;
677                                 } else
678                                         return -EILSEQ;
679                                 break;
680
681                         case HCI_ACLDATA_PKT:
682                                 if (count >= HCI_ACL_HDR_SIZE) {
683                                         struct hci_acl_hdr *h = data;
684                                         len = HCI_ACL_HDR_SIZE + __le16_to_cpu(h->dlen);
685                                 } else
686                                         return -EILSEQ;
687                                 break;
688 #ifdef CONFIG_BT_HCIUSB_SCO
689                         case HCI_SCODATA_PKT:
690                                 if (count >= HCI_SCO_HDR_SIZE) {
691                                         struct hci_sco_hdr *h = data;
692                                         len = HCI_SCO_HDR_SIZE + h->dlen;
693                                 } else
694                                         return -EILSEQ;
695                                 break;
696 #endif
697                         }
698                         BT_DBG("new packet len %d", len);
699
700                         skb = bt_skb_alloc(len, GFP_ATOMIC);
701                         if (!skb) {
702                                 BT_ERR("%s no memory for the packet", husb->hdev->name);
703                                 return -ENOMEM;
704                         }
705                         skb->dev = (void *) husb->hdev;
706                         bt_cb(skb)->pkt_type = type;
707         
708                         __reassembly(husb, type) = skb;
709
710                         scb = (void *) skb->cb;
711                         scb->expect = len;
712                 } else {
713                         /* Continuation */
714                         scb = (void *) skb->cb;
715                         len = scb->expect;
716                 }
717
718                 len = min(len, count);
719                 
720                 memcpy(skb_put(skb, len), data, len);
721
722                 scb->expect -= len;
723                 if (!scb->expect) {
724                         /* Complete frame */
725                         __reassembly(husb, type) = NULL;
726                         bt_cb(skb)->pkt_type = type;
727                         hci_recv_frame(skb);
728                 }
729
730                 count -= len; data += len;
731         }
732         return 0;
733 }
734
735 static void hci_usb_rx_complete(struct urb *urb, struct pt_regs *regs)
736 {
737         struct _urb *_urb = container_of(urb, struct _urb, urb);
738         struct hci_usb *husb = (void *) urb->context;
739         struct hci_dev *hdev = husb->hdev;
740         int err, count = urb->actual_length;
741
742         BT_DBG("%s urb %p type %d status %d count %d flags %x", hdev->name, urb,
743                         _urb->type, urb->status, count, urb->transfer_flags);
744
745         read_lock(&husb->completion_lock);
746
747         if (!test_bit(HCI_RUNNING, &hdev->flags))
748                 goto unlock;
749
750         if (urb->status || !count)
751                 goto resubmit;
752
753         if (_urb->type == HCI_SCODATA_PKT) {
754 #ifdef CONFIG_BT_HCIUSB_SCO
755                 int i;
756                 for (i=0; i < urb->number_of_packets; i++) {
757                         BT_DBG("desc %d status %d offset %d len %d", i,
758                                         urb->iso_frame_desc[i].status,
759                                         urb->iso_frame_desc[i].offset,
760                                         urb->iso_frame_desc[i].actual_length);
761         
762                         if (!urb->iso_frame_desc[i].status)
763                                 __recv_frame(husb, _urb->type, 
764                                         urb->transfer_buffer + urb->iso_frame_desc[i].offset,
765                                         urb->iso_frame_desc[i].actual_length);
766                 }
767 #else
768                 ;
769 #endif
770         } else {
771                 err = __recv_frame(husb, _urb->type, urb->transfer_buffer, count);
772                 if (err < 0) { 
773                         BT_ERR("%s corrupted packet: type %d count %d",
774                                         husb->hdev->name, _urb->type, count);
775                         hdev->stat.err_rx++;
776                 }
777         }
778
779 resubmit:
780         urb->dev = husb->udev;
781         err = usb_submit_urb(urb, GFP_ATOMIC);
782         BT_DBG("%s urb %p type %d resubmit status %d", hdev->name, urb,
783                         _urb->type, err);
784
785 unlock:
786         read_unlock(&husb->completion_lock);
787 }
788
789 static void hci_usb_tx_complete(struct urb *urb, struct pt_regs *regs)
790 {
791         struct _urb *_urb = container_of(urb, struct _urb, urb);
792         struct hci_usb *husb = (void *) urb->context;
793         struct hci_dev *hdev = husb->hdev;
794
795         BT_DBG("%s urb %p status %d flags %x", hdev->name, urb,
796                         urb->status, urb->transfer_flags);
797
798         atomic_dec(__pending_tx(husb, _urb->type));
799
800         urb->transfer_buffer = NULL;
801         kfree_skb((struct sk_buff *) _urb->priv);
802
803         if (!test_bit(HCI_RUNNING, &hdev->flags))
804                 return;
805
806         if (!urb->status)
807                 hdev->stat.byte_tx += urb->transfer_buffer_length;
808         else
809                 hdev->stat.err_tx++;
810
811         read_lock(&husb->completion_lock);
812
813         _urb_unlink(_urb);
814         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
815
816         hci_usb_tx_wakeup(husb);
817
818         read_unlock(&husb->completion_lock);
819 }
820
821 static void hci_usb_destruct(struct hci_dev *hdev)
822 {
823         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
824
825         BT_DBG("%s", hdev->name);
826
827         kfree(husb);
828 }
829
830 static void hci_usb_notify(struct hci_dev *hdev, unsigned int evt)
831 {
832         BT_DBG("%s evt %d", hdev->name, evt);
833 }
834
835 static int hci_usb_probe(struct usb_interface *intf, const struct usb_device_id *id)
836 {
837         struct usb_device *udev = interface_to_usbdev(intf);
838         struct usb_host_endpoint *bulk_out_ep = NULL;
839         struct usb_host_endpoint *bulk_in_ep = NULL;
840         struct usb_host_endpoint *intr_in_ep = NULL;
841         struct usb_host_endpoint  *ep;
842         struct usb_host_interface *uif;
843         struct usb_interface *isoc_iface;
844         struct hci_usb *husb;
845         struct hci_dev *hdev;
846         int i, e, size, isoc_ifnum, isoc_alts;
847
848         BT_DBG("udev %p intf %p", udev, intf);
849
850         if (!id->driver_info) {
851                 const struct usb_device_id *match;
852                 match = usb_match_id(intf, blacklist_ids);
853                 if (match)
854                         id = match;
855         }
856
857         if (ignore || id->driver_info & HCI_IGNORE)
858                 return -ENODEV;
859
860         if (ignore_dga && id->driver_info & HCI_DIGIANSWER)
861                 return -ENODEV;
862
863         if (ignore_csr && id->driver_info & HCI_CSR)
864                 return -ENODEV;
865
866         if (ignore_sniffer && id->driver_info & HCI_SNIFFER)
867                 return -ENODEV;
868
869         if (intf->cur_altsetting->desc.bInterfaceNumber > 0)
870                 return -ENODEV;
871
872         /* Find endpoints that we need */
873         uif = intf->cur_altsetting;
874         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
875                 ep = &uif->endpoint[e];
876
877                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
878                 case USB_ENDPOINT_XFER_INT:
879                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
880                                 intr_in_ep = ep;
881                         break;
882
883                 case USB_ENDPOINT_XFER_BULK:
884                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
885                                 bulk_in_ep  = ep;
886                         else
887                                 bulk_out_ep = ep;
888                         break;
889                 }
890         }
891
892         if (!bulk_in_ep || !bulk_out_ep || !intr_in_ep) {
893                 BT_DBG("Bulk endpoints not found");
894                 goto done;
895         }
896
897         if (!(husb = kzalloc(sizeof(struct hci_usb), GFP_KERNEL))) {
898                 BT_ERR("Can't allocate: control structure");
899                 goto done;
900         }
901
902         husb->udev = udev;
903         husb->bulk_out_ep = bulk_out_ep;
904         husb->bulk_in_ep  = bulk_in_ep;
905         husb->intr_in_ep  = intr_in_ep;
906
907         if (id->driver_info & HCI_DIGIANSWER)
908                 husb->ctrl_req = USB_TYPE_VENDOR;
909         else
910                 husb->ctrl_req = USB_TYPE_CLASS;
911
912         /* Find isochronous endpoints that we can use */
913         size = 0; 
914         isoc_iface = NULL;
915         isoc_alts  = 0;
916         isoc_ifnum = 1;
917
918 #ifdef CONFIG_BT_HCIUSB_SCO
919         if (isoc && !(id->driver_info & (HCI_BROKEN_ISOC | HCI_SNIFFER)))
920                 isoc_iface = usb_ifnum_to_if(udev, isoc_ifnum);
921
922         if (isoc_iface) {
923                 int a;
924                 struct usb_host_endpoint *isoc_out_ep = NULL;
925                 struct usb_host_endpoint *isoc_in_ep = NULL;
926
927                 for (a = 0; a < isoc_iface->num_altsetting; a++) {
928                         uif = &isoc_iface->altsetting[a];
929                         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
930                                 ep = &uif->endpoint[e];
931
932                                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
933                                 case USB_ENDPOINT_XFER_ISOC:
934                                         if (le16_to_cpu(ep->desc.wMaxPacketSize) < size ||
935                                                         uif->desc.bAlternateSetting != isoc)
936                                                 break;
937                                         size = le16_to_cpu(ep->desc.wMaxPacketSize);
938
939                                         isoc_alts = uif->desc.bAlternateSetting;
940
941                                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
942                                                 isoc_in_ep  = ep;
943                                         else
944                                                 isoc_out_ep = ep;
945                                         break;
946                                 }
947                         }
948                 }
949
950                 if (!isoc_in_ep || !isoc_out_ep)
951                         BT_DBG("Isoc endpoints not found");
952                 else {
953                         BT_DBG("isoc ifnum %d alts %d", isoc_ifnum, isoc_alts);
954                         if (usb_driver_claim_interface(&hci_usb_driver, isoc_iface, husb) != 0)
955                                 BT_ERR("Can't claim isoc interface");
956                         else if (usb_set_interface(udev, isoc_ifnum, isoc_alts)) {
957                                 BT_ERR("Can't set isoc interface settings");
958                                 husb->isoc_iface = isoc_iface;
959                                 usb_driver_release_interface(&hci_usb_driver, isoc_iface);
960                                 husb->isoc_iface = NULL;
961                         } else {
962                                 husb->isoc_iface  = isoc_iface;
963                                 husb->isoc_in_ep  = isoc_in_ep;
964                                 husb->isoc_out_ep = isoc_out_ep;
965                         }
966                 }
967         }
968 #endif
969
970         rwlock_init(&husb->completion_lock);
971
972         for (i = 0; i < 4; i++) {
973                 skb_queue_head_init(&husb->transmit_q[i]);
974                 _urb_queue_init(&husb->pending_q[i]);
975                 _urb_queue_init(&husb->completed_q[i]);
976         }
977
978         /* Initialize and register HCI device */
979         hdev = hci_alloc_dev();
980         if (!hdev) {
981                 BT_ERR("Can't allocate HCI device");
982                 goto probe_error;
983         }
984
985         husb->hdev = hdev;
986
987         hdev->type = HCI_USB;
988         hdev->driver_data = husb;
989         SET_HCIDEV_DEV(hdev, &intf->dev);
990
991         hdev->open     = hci_usb_open;
992         hdev->close    = hci_usb_close;
993         hdev->flush    = hci_usb_flush;
994         hdev->send     = hci_usb_send_frame;
995         hdev->destruct = hci_usb_destruct;
996         hdev->notify   = hci_usb_notify;
997
998         hdev->owner = THIS_MODULE;
999
1000         if (reset || id->driver_info & HCI_RESET)
1001                 set_bit(HCI_QUIRK_RESET_ON_INIT, &hdev->quirks);
1002
1003         if (force_scofix || id->driver_info & HCI_WRONG_SCO_MTU) {
1004                 if (!disable_scofix)
1005                         set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1006         }
1007
1008         if (id->driver_info & HCI_SNIFFER) {
1009                 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1010                         set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1011         }
1012
1013         if (id->driver_info & HCI_BCM92035) {
1014                 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1015                 struct sk_buff *skb;
1016
1017                 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1018                 if (skb) {
1019                         memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1020                         skb_queue_tail(&hdev->driver_init, skb);
1021                 }
1022         }
1023
1024         if (hci_register_dev(hdev) < 0) {
1025                 BT_ERR("Can't register HCI device");
1026                 hci_free_dev(hdev);
1027                 goto probe_error;
1028         }
1029
1030         usb_set_intfdata(intf, husb);
1031         return 0;
1032
1033 probe_error:
1034         if (husb->isoc_iface)
1035                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1036         kfree(husb);
1037
1038 done:
1039         return -EIO;
1040 }
1041
1042 static void hci_usb_disconnect(struct usb_interface *intf)
1043 {
1044         struct hci_usb *husb = usb_get_intfdata(intf);
1045         struct hci_dev *hdev;
1046
1047         if (!husb || intf == husb->isoc_iface)
1048                 return;
1049
1050         usb_set_intfdata(intf, NULL);
1051         hdev = husb->hdev;
1052
1053         BT_DBG("%s", hdev->name);
1054
1055         hci_usb_close(hdev);
1056
1057         if (husb->isoc_iface)
1058                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1059
1060         if (hci_unregister_dev(hdev) < 0)
1061                 BT_ERR("Can't unregister HCI device %s", hdev->name);
1062
1063         hci_free_dev(hdev);
1064 }
1065
1066 static int hci_usb_suspend(struct usb_interface *intf, pm_message_t message)
1067 {
1068         struct hci_usb *husb = usb_get_intfdata(intf);
1069         struct list_head killed;
1070         unsigned long flags;
1071         int i;
1072
1073         if (!husb || intf == husb->isoc_iface)
1074                 return 0;
1075
1076         hci_suspend_dev(husb->hdev);
1077
1078         INIT_LIST_HEAD(&killed);
1079
1080         for (i = 0; i < 4; i++) {
1081                 struct _urb_queue *q = &husb->pending_q[i];
1082                 struct _urb *_urb, *_tmp;
1083
1084                 while ((_urb = _urb_dequeue(q))) {
1085                         /* reset queue since _urb_dequeue sets it to NULL */
1086                         _urb->queue = q;
1087                         usb_kill_urb(&_urb->urb);
1088                         list_add(&_urb->list, &killed);
1089                 }
1090
1091                 spin_lock_irqsave(&q->lock, flags);
1092
1093                 list_for_each_entry_safe(_urb, _tmp, &killed, list) {
1094                         list_move_tail(&_urb->list, &q->head);
1095                 }
1096
1097                 spin_unlock_irqrestore(&q->lock, flags);
1098         }
1099
1100         return 0;
1101 }
1102
1103 static int hci_usb_resume(struct usb_interface *intf)
1104 {
1105         struct hci_usb *husb = usb_get_intfdata(intf);
1106         unsigned long flags;
1107         int i, err = 0;
1108
1109         if (!husb || intf == husb->isoc_iface)
1110                 return 0;
1111         
1112         for (i = 0; i < 4; i++) {
1113                 struct _urb_queue *q = &husb->pending_q[i];
1114                 struct _urb *_urb;
1115
1116                 spin_lock_irqsave(&q->lock, flags);
1117
1118                 list_for_each_entry(_urb, &q->head, list) {
1119                         err = usb_submit_urb(&_urb->urb, GFP_ATOMIC);
1120                         if (err)
1121                                 break;
1122                 }
1123
1124                 spin_unlock_irqrestore(&q->lock, flags);
1125
1126                 if (err)
1127                         return -EIO;
1128         }
1129
1130         hci_resume_dev(husb->hdev);
1131
1132         return 0;
1133 }
1134
1135 static struct usb_driver hci_usb_driver = {
1136         .name           = "hci_usb",
1137         .probe          = hci_usb_probe,
1138         .disconnect     = hci_usb_disconnect,
1139         .suspend        = hci_usb_suspend,
1140         .resume         = hci_usb_resume,
1141         .id_table       = bluetooth_ids,
1142 };
1143
1144 static int __init hci_usb_init(void)
1145 {
1146         int err;
1147
1148         BT_INFO("HCI USB driver ver %s", VERSION);
1149
1150         if ((err = usb_register(&hci_usb_driver)) < 0)
1151                 BT_ERR("Failed to register HCI USB driver");
1152
1153         return err;
1154 }
1155
1156 static void __exit hci_usb_exit(void)
1157 {
1158         usb_deregister(&hci_usb_driver);
1159 }
1160
1161 module_init(hci_usb_init);
1162 module_exit(hci_usb_exit);
1163
1164 module_param(ignore, bool, 0644);
1165 MODULE_PARM_DESC(ignore, "Ignore devices from the matching table");
1166
1167 module_param(ignore_dga, bool, 0644);
1168 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1169
1170 module_param(ignore_csr, bool, 0644);
1171 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1172
1173 module_param(ignore_sniffer, bool, 0644);
1174 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1175
1176 module_param(disable_scofix, bool, 0644);
1177 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1178
1179 module_param(force_scofix, bool, 0644);
1180 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1181
1182 module_param(reset, bool, 0644);
1183 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1184
1185 #ifdef CONFIG_BT_HCIUSB_SCO
1186 module_param(isoc, int, 0644);
1187 MODULE_PARM_DESC(isoc, "Set isochronous transfers for SCO over HCI support");
1188 #endif
1189
1190 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
1191 MODULE_DESCRIPTION("Bluetooth HCI USB driver ver " VERSION);
1192 MODULE_VERSION(VERSION);
1193 MODULE_LICENSE("GPL");