spkm3: fix spkm3's use of hmac
[linux-2.6] / drivers / bluetooth / hci_usb.c
1 /* 
2    HCI USB driver for Linux Bluetooth protocol stack (BlueZ)
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
5
6    Copyright (C) 2003 Maxim Krasnyansky <maxk@qualcomm.com>
7
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License version 2 as
10    published by the Free Software Foundation;
11
12    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
17    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
18    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
19    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
21    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
22    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
23    SOFTWARE IS DISCLAIMED.
24 */
25
26 /*
27  * Bluetooth HCI USB driver.
28  * Based on original USB Bluetooth driver for Linux kernel
29  *    Copyright (c) 2000 Greg Kroah-Hartman        <greg@kroah.com>
30  *    Copyright (c) 2000 Mark Douglas Corner       <mcorner@umich.edu>
31  *
32  */
33
34 #include <linux/module.h>
35
36 #include <linux/kernel.h>
37 #include <linux/init.h>
38 #include <linux/unistd.h>
39 #include <linux/types.h>
40 #include <linux/interrupt.h>
41 #include <linux/moduleparam.h>
42
43 #include <linux/slab.h>
44 #include <linux/errno.h>
45 #include <linux/string.h>
46 #include <linux/skbuff.h>
47
48 #include <linux/usb.h>
49
50 #include <net/bluetooth/bluetooth.h>
51 #include <net/bluetooth/hci_core.h>
52
53 #include "hci_usb.h"
54
55 #ifndef CONFIG_BT_HCIUSB_DEBUG
56 #undef  BT_DBG
57 #define BT_DBG(D...)
58 #endif
59
60 #ifndef CONFIG_BT_HCIUSB_ZERO_PACKET
61 #undef  URB_ZERO_PACKET
62 #define URB_ZERO_PACKET 0
63 #endif
64
65 static int ignore = 0;
66 static int ignore_dga = 0;
67 static int ignore_csr = 0;
68 static int ignore_sniffer = 0;
69 static int disable_scofix = 0;
70 static int force_scofix = 0;
71 static int reset = 0;
72
73 #ifdef CONFIG_BT_HCIUSB_SCO
74 static int isoc = 2;
75 #endif
76
77 #define VERSION "2.9"
78
79 static struct usb_driver hci_usb_driver; 
80
81 static struct usb_device_id bluetooth_ids[] = {
82         /* Generic Bluetooth USB device */
83         { USB_DEVICE_INFO(HCI_DEV_CLASS, HCI_DEV_SUBCLASS, HCI_DEV_PROTOCOL) },
84
85         /* AVM BlueFRITZ! USB v2.0 */
86         { USB_DEVICE(0x057c, 0x3800) },
87
88         /* Bluetooth Ultraport Module from IBM */
89         { USB_DEVICE(0x04bf, 0x030a) },
90
91         /* ALPS Modules with non-standard id */
92         { USB_DEVICE(0x044e, 0x3001) },
93         { USB_DEVICE(0x044e, 0x3002) },
94
95         /* Ericsson with non-standard id */
96         { USB_DEVICE(0x0bdb, 0x1002) },
97
98         /* Canyon CN-BTU1 with HID interfaces */
99         { USB_DEVICE(0x0c10, 0x0000), .driver_info = HCI_RESET },
100
101         { }     /* Terminating entry */
102 };
103
104 MODULE_DEVICE_TABLE (usb, bluetooth_ids);
105
106 static struct usb_device_id blacklist_ids[] = {
107         /* CSR BlueCore devices */
108         { USB_DEVICE(0x0a12, 0x0001), .driver_info = HCI_CSR },
109
110         /* Broadcom BCM2033 without firmware */
111         { USB_DEVICE(0x0a5c, 0x2033), .driver_info = HCI_IGNORE },
112
113         /* Broadcom BCM2035 */
114         { USB_DEVICE(0x0a5c, 0x200a), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU },
115         { USB_DEVICE(0x0a5c, 0x2009), .driver_info = HCI_BCM92035 },
116
117         /* IBM/Lenovo ThinkPad with Broadcom chip */
118         { USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_WRONG_SCO_MTU },
119         { USB_DEVICE(0x0a5c, 0x2110), .driver_info = HCI_WRONG_SCO_MTU },
120
121         /* ANYCOM Bluetooth USB-200 and USB-250 */
122         { USB_DEVICE(0x0a5c, 0x2111), .driver_info = HCI_RESET },
123
124         /* HP laptop with Broadcom chip */
125         { USB_DEVICE(0x03f0, 0x171d), .driver_info = HCI_WRONG_SCO_MTU },
126
127         /* Dell laptop with Broadcom chip */
128         { USB_DEVICE(0x413c, 0x8126), .driver_info = HCI_WRONG_SCO_MTU },
129
130         /* Microsoft Wireless Transceiver for Bluetooth 2.0 */
131         { USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET },
132
133         /* Kensington Bluetooth USB adapter */
134         { USB_DEVICE(0x047d, 0x105d), .driver_info = HCI_RESET },
135         { USB_DEVICE(0x047d, 0x105e), .driver_info = HCI_WRONG_SCO_MTU },
136
137         /* ISSC Bluetooth Adapter v3.1 */
138         { USB_DEVICE(0x1131, 0x1001), .driver_info = HCI_RESET },
139
140         /* RTX Telecom based adapters with buggy SCO support */
141         { USB_DEVICE(0x0400, 0x0807), .driver_info = HCI_BROKEN_ISOC },
142         { USB_DEVICE(0x0400, 0x080a), .driver_info = HCI_BROKEN_ISOC },
143
144         /* Belkin F8T012 and F8T013 devices */
145         { USB_DEVICE(0x050d, 0x0012), .driver_info = HCI_WRONG_SCO_MTU },
146         { USB_DEVICE(0x050d, 0x0013), .driver_info = HCI_WRONG_SCO_MTU },
147
148         /* Digianswer devices */
149         { USB_DEVICE(0x08fd, 0x0001), .driver_info = HCI_DIGIANSWER },
150         { USB_DEVICE(0x08fd, 0x0002), .driver_info = HCI_IGNORE },
151
152         /* CSR BlueCore Bluetooth Sniffer */
153         { USB_DEVICE(0x0a12, 0x0002), .driver_info = HCI_SNIFFER },
154
155         /* Frontline ComProbe Bluetooth Sniffer */
156         { USB_DEVICE(0x16d3, 0x0002), .driver_info = HCI_SNIFFER },
157
158         { }     /* Terminating entry */
159 };
160
161 static struct _urb *_urb_alloc(int isoc, gfp_t gfp)
162 {
163         struct _urb *_urb = kmalloc(sizeof(struct _urb) +
164                                 sizeof(struct usb_iso_packet_descriptor) * isoc, gfp);
165         if (_urb) {
166                 memset(_urb, 0, sizeof(*_urb));
167                 usb_init_urb(&_urb->urb);
168         }
169         return _urb;
170 }
171
172 static struct _urb *_urb_dequeue(struct _urb_queue *q)
173 {
174         struct _urb *_urb = NULL;
175         unsigned long flags;
176         spin_lock_irqsave(&q->lock, flags);
177         {
178                 struct list_head *head = &q->head;
179                 struct list_head *next = head->next;
180                 if (next != head) {
181                         _urb = list_entry(next, struct _urb, list);
182                         list_del(next); _urb->queue = NULL;
183                 }
184         }
185         spin_unlock_irqrestore(&q->lock, flags);
186         return _urb;
187 }
188
189 static void hci_usb_rx_complete(struct urb *urb);
190 static void hci_usb_tx_complete(struct urb *urb);
191
192 #define __pending_tx(husb, type)  (&husb->pending_tx[type-1])
193 #define __pending_q(husb, type)   (&husb->pending_q[type-1])
194 #define __completed_q(husb, type) (&husb->completed_q[type-1])
195 #define __transmit_q(husb, type)  (&husb->transmit_q[type-1])
196 #define __reassembly(husb, type)  (husb->reassembly[type-1])
197
198 static inline struct _urb *__get_completed(struct hci_usb *husb, int type)
199 {
200         return _urb_dequeue(__completed_q(husb, type)); 
201 }
202
203 #ifdef CONFIG_BT_HCIUSB_SCO
204 static void __fill_isoc_desc(struct urb *urb, int len, int mtu)
205 {
206         int offset = 0, i;
207
208         BT_DBG("len %d mtu %d", len, mtu);
209
210         for (i=0; i < HCI_MAX_ISOC_FRAMES && len >= mtu; i++, offset += mtu, len -= mtu) {
211                 urb->iso_frame_desc[i].offset = offset;
212                 urb->iso_frame_desc[i].length = mtu;
213                 BT_DBG("desc %d offset %d len %d", i, offset, mtu);
214         }
215         if (len && i < HCI_MAX_ISOC_FRAMES) {
216                 urb->iso_frame_desc[i].offset = offset;
217                 urb->iso_frame_desc[i].length = len;
218                 BT_DBG("desc %d offset %d len %d", i, offset, len);
219                 i++;
220         }
221         urb->number_of_packets = i;
222 }
223 #endif
224
225 static int hci_usb_intr_rx_submit(struct hci_usb *husb)
226 {
227         struct _urb *_urb;
228         struct urb *urb;
229         int err, pipe, interval, size;
230         void *buf;
231
232         BT_DBG("%s", husb->hdev->name);
233
234         size = le16_to_cpu(husb->intr_in_ep->desc.wMaxPacketSize);
235
236         buf = kmalloc(size, GFP_ATOMIC);
237         if (!buf)
238                 return -ENOMEM;
239
240         _urb = _urb_alloc(0, GFP_ATOMIC);
241         if (!_urb) {
242                 kfree(buf);
243                 return -ENOMEM;
244         }
245         _urb->type = HCI_EVENT_PKT;
246         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
247
248         urb = &_urb->urb;
249         pipe     = usb_rcvintpipe(husb->udev, husb->intr_in_ep->desc.bEndpointAddress);
250         interval = husb->intr_in_ep->desc.bInterval;
251         usb_fill_int_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb, interval);
252         
253         err = usb_submit_urb(urb, GFP_ATOMIC);
254         if (err) {
255                 BT_ERR("%s intr rx submit failed urb %p err %d",
256                                 husb->hdev->name, urb, err);
257                 _urb_unlink(_urb);
258                 _urb_free(_urb);
259                 kfree(buf);
260         }
261         return err;
262 }
263
264 static int hci_usb_bulk_rx_submit(struct hci_usb *husb)
265 {
266         struct _urb *_urb;
267         struct urb *urb;
268         int err, pipe, size = HCI_MAX_FRAME_SIZE;
269         void *buf;
270
271         buf = kmalloc(size, GFP_ATOMIC);
272         if (!buf)
273                 return -ENOMEM;
274
275         _urb = _urb_alloc(0, GFP_ATOMIC);
276         if (!_urb) {
277                 kfree(buf);
278                 return -ENOMEM;
279         }
280         _urb->type = HCI_ACLDATA_PKT;
281         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
282
283         urb  = &_urb->urb;
284         pipe = usb_rcvbulkpipe(husb->udev, husb->bulk_in_ep->desc.bEndpointAddress);
285         usb_fill_bulk_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb);
286         urb->transfer_flags = 0;
287
288         BT_DBG("%s urb %p", husb->hdev->name, urb);
289
290         err = usb_submit_urb(urb, GFP_ATOMIC);
291         if (err) {
292                 BT_ERR("%s bulk rx submit failed urb %p err %d",
293                                 husb->hdev->name, urb, err);
294                 _urb_unlink(_urb);
295                 _urb_free(_urb);
296                 kfree(buf);
297         }
298         return err;
299 }
300
301 #ifdef CONFIG_BT_HCIUSB_SCO
302 static int hci_usb_isoc_rx_submit(struct hci_usb *husb)
303 {
304         struct _urb *_urb;
305         struct urb *urb;
306         int err, mtu, size;
307         void *buf;
308
309         mtu  = le16_to_cpu(husb->isoc_in_ep->desc.wMaxPacketSize);
310         size = mtu * HCI_MAX_ISOC_FRAMES;
311
312         buf = kmalloc(size, GFP_ATOMIC);
313         if (!buf)
314                 return -ENOMEM;
315
316         _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
317         if (!_urb) {
318                 kfree(buf);
319                 return -ENOMEM;
320         }
321         _urb->type = HCI_SCODATA_PKT;
322         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
323
324         urb = &_urb->urb;
325
326         urb->context  = husb;
327         urb->dev      = husb->udev;
328         urb->pipe     = usb_rcvisocpipe(husb->udev, husb->isoc_in_ep->desc.bEndpointAddress);
329         urb->complete = hci_usb_rx_complete;
330
331         urb->interval = husb->isoc_in_ep->desc.bInterval;
332
333         urb->transfer_buffer_length = size;
334         urb->transfer_buffer = buf;
335         urb->transfer_flags  = URB_ISO_ASAP;
336
337         __fill_isoc_desc(urb, size, mtu);
338
339         BT_DBG("%s urb %p", husb->hdev->name, urb);
340
341         err = usb_submit_urb(urb, GFP_ATOMIC);
342         if (err) {
343                 BT_ERR("%s isoc rx submit failed urb %p err %d",
344                                 husb->hdev->name, urb, err);
345                 _urb_unlink(_urb);
346                 _urb_free(_urb);
347                 kfree(buf);
348         }
349         return err;
350 }
351 #endif
352
353 /* Initialize device */
354 static int hci_usb_open(struct hci_dev *hdev)
355 {
356         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
357         int i, err;
358         unsigned long flags;
359
360         BT_DBG("%s", hdev->name);
361
362         if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
363                 return 0;
364
365         write_lock_irqsave(&husb->completion_lock, flags);
366
367         err = hci_usb_intr_rx_submit(husb);
368         if (!err) {
369                 for (i = 0; i < HCI_MAX_BULK_RX; i++)
370                         hci_usb_bulk_rx_submit(husb);
371
372 #ifdef CONFIG_BT_HCIUSB_SCO
373                 if (husb->isoc_iface)
374                         for (i = 0; i < HCI_MAX_ISOC_RX; i++)
375                                 hci_usb_isoc_rx_submit(husb);
376 #endif
377         } else {
378                 clear_bit(HCI_RUNNING, &hdev->flags);
379         }
380
381         write_unlock_irqrestore(&husb->completion_lock, flags);
382         return err;
383 }
384
385 /* Reset device */
386 static int hci_usb_flush(struct hci_dev *hdev)
387 {
388         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
389         int i;
390
391         BT_DBG("%s", hdev->name);
392
393         for (i = 0; i < 4; i++)
394                 skb_queue_purge(&husb->transmit_q[i]);
395         return 0;
396 }
397
398 static void hci_usb_unlink_urbs(struct hci_usb *husb)
399 {
400         int i;
401
402         BT_DBG("%s", husb->hdev->name);
403
404         for (i = 0; i < 4; i++) {
405                 struct _urb *_urb;
406                 struct urb *urb;
407
408                 /* Kill pending requests */
409                 while ((_urb = _urb_dequeue(&husb->pending_q[i]))) {
410                         urb = &_urb->urb;
411                         BT_DBG("%s unlinking _urb %p type %d urb %p", 
412                                         husb->hdev->name, _urb, _urb->type, urb);
413                         usb_kill_urb(urb);
414                         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
415                 }
416
417                 /* Release completed requests */
418                 while ((_urb = _urb_dequeue(&husb->completed_q[i]))) {
419                         urb = &_urb->urb;
420                         BT_DBG("%s freeing _urb %p type %d urb %p",
421                                         husb->hdev->name, _urb, _urb->type, urb);
422                         kfree(urb->setup_packet);
423                         kfree(urb->transfer_buffer);
424                         _urb_free(_urb);
425                 }
426
427                 /* Release reassembly buffers */
428                 if (husb->reassembly[i]) {
429                         kfree_skb(husb->reassembly[i]);
430                         husb->reassembly[i] = NULL;
431                 }
432         }
433 }
434
435 /* Close device */
436 static int hci_usb_close(struct hci_dev *hdev)
437 {
438         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
439         unsigned long flags;
440
441         if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
442                 return 0;
443
444         BT_DBG("%s", hdev->name);
445
446         /* Synchronize with completion handlers */
447         write_lock_irqsave(&husb->completion_lock, flags);
448         write_unlock_irqrestore(&husb->completion_lock, flags);
449
450         hci_usb_unlink_urbs(husb);
451         hci_usb_flush(hdev);
452         return 0;
453 }
454
455 static int __tx_submit(struct hci_usb *husb, struct _urb *_urb)
456 {
457         struct urb *urb = &_urb->urb;
458         int err;
459
460         BT_DBG("%s urb %p type %d", husb->hdev->name, urb, _urb->type);
461
462         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
463         err = usb_submit_urb(urb, GFP_ATOMIC);
464         if (err) {
465                 BT_ERR("%s tx submit failed urb %p type %d err %d",
466                                 husb->hdev->name, urb, _urb->type, err);
467                 _urb_unlink(_urb);
468                 _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
469         } else
470                 atomic_inc(__pending_tx(husb, _urb->type));
471
472         return err;
473 }
474
475 static inline int hci_usb_send_ctrl(struct hci_usb *husb, struct sk_buff *skb)
476 {
477         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
478         struct usb_ctrlrequest *dr;
479         struct urb *urb;
480
481         if (!_urb) {
482                 _urb = _urb_alloc(0, GFP_ATOMIC);
483                 if (!_urb)
484                         return -ENOMEM;
485                 _urb->type = bt_cb(skb)->pkt_type;
486
487                 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
488                 if (!dr) {
489                         _urb_free(_urb);
490                         return -ENOMEM;
491                 }
492         } else
493                 dr = (void *) _urb->urb.setup_packet;
494
495         dr->bRequestType = husb->ctrl_req;
496         dr->bRequest = 0;
497         dr->wIndex   = 0;
498         dr->wValue   = 0;
499         dr->wLength  = __cpu_to_le16(skb->len);
500
501         urb = &_urb->urb;
502         usb_fill_control_urb(urb, husb->udev, usb_sndctrlpipe(husb->udev, 0),
503                 (void *) dr, skb->data, skb->len, hci_usb_tx_complete, husb);
504
505         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
506         
507         _urb->priv = skb;
508         return __tx_submit(husb, _urb);
509 }
510
511 static inline int hci_usb_send_bulk(struct hci_usb *husb, struct sk_buff *skb)
512 {
513         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
514         struct urb *urb;
515         int pipe;
516
517         if (!_urb) {
518                 _urb = _urb_alloc(0, GFP_ATOMIC);
519                 if (!_urb)
520                         return -ENOMEM;
521                 _urb->type = bt_cb(skb)->pkt_type;
522         }
523
524         urb  = &_urb->urb;
525         pipe = usb_sndbulkpipe(husb->udev, husb->bulk_out_ep->desc.bEndpointAddress);
526         usb_fill_bulk_urb(urb, husb->udev, pipe, skb->data, skb->len, 
527                         hci_usb_tx_complete, husb);
528         urb->transfer_flags = URB_ZERO_PACKET;
529
530         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
531
532         _urb->priv = skb;
533         return __tx_submit(husb, _urb);
534 }
535
536 #ifdef CONFIG_BT_HCIUSB_SCO
537 static inline int hci_usb_send_isoc(struct hci_usb *husb, struct sk_buff *skb)
538 {
539         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
540         struct urb *urb;
541
542         if (!_urb) {
543                 _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
544                 if (!_urb)
545                         return -ENOMEM;
546                 _urb->type = bt_cb(skb)->pkt_type;
547         }
548
549         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
550
551         urb = &_urb->urb;
552
553         urb->context  = husb;
554         urb->dev      = husb->udev;
555         urb->pipe     = usb_sndisocpipe(husb->udev, husb->isoc_out_ep->desc.bEndpointAddress);
556         urb->complete = hci_usb_tx_complete;
557         urb->transfer_flags = URB_ISO_ASAP;
558
559         urb->interval = husb->isoc_out_ep->desc.bInterval;
560
561         urb->transfer_buffer = skb->data;
562         urb->transfer_buffer_length = skb->len;
563
564         __fill_isoc_desc(urb, skb->len, le16_to_cpu(husb->isoc_out_ep->desc.wMaxPacketSize));
565
566         _urb->priv = skb;
567         return __tx_submit(husb, _urb);
568 }
569 #endif
570
571 static void hci_usb_tx_process(struct hci_usb *husb)
572 {
573         struct sk_buff_head *q;
574         struct sk_buff *skb;
575
576         BT_DBG("%s", husb->hdev->name);
577
578         do {
579                 clear_bit(HCI_USB_TX_WAKEUP, &husb->state);
580
581                 /* Process command queue */
582                 q = __transmit_q(husb, HCI_COMMAND_PKT);
583                 if (!atomic_read(__pending_tx(husb, HCI_COMMAND_PKT)) &&
584                                 (skb = skb_dequeue(q))) {
585                         if (hci_usb_send_ctrl(husb, skb) < 0)
586                                 skb_queue_head(q, skb);
587                 }
588
589 #ifdef CONFIG_BT_HCIUSB_SCO
590                 /* Process SCO queue */
591                 q = __transmit_q(husb, HCI_SCODATA_PKT);
592                 if (atomic_read(__pending_tx(husb, HCI_SCODATA_PKT)) < HCI_MAX_ISOC_TX &&
593                                 (skb = skb_dequeue(q))) {
594                         if (hci_usb_send_isoc(husb, skb) < 0)
595                                 skb_queue_head(q, skb);
596                 }
597 #endif
598
599                 /* Process ACL queue */
600                 q = __transmit_q(husb, HCI_ACLDATA_PKT);
601                 while (atomic_read(__pending_tx(husb, HCI_ACLDATA_PKT)) < HCI_MAX_BULK_TX &&
602                                 (skb = skb_dequeue(q))) {
603                         if (hci_usb_send_bulk(husb, skb) < 0) {
604                                 skb_queue_head(q, skb);
605                                 break;
606                         }
607                 }
608         } while(test_bit(HCI_USB_TX_WAKEUP, &husb->state));
609 }
610
611 static inline void hci_usb_tx_wakeup(struct hci_usb *husb)
612 {
613         /* Serialize TX queue processing to avoid data reordering */
614         if (!test_and_set_bit(HCI_USB_TX_PROCESS, &husb->state)) {
615                 hci_usb_tx_process(husb);
616                 clear_bit(HCI_USB_TX_PROCESS, &husb->state);
617         } else
618                 set_bit(HCI_USB_TX_WAKEUP, &husb->state);
619 }
620
621 /* Send frames from HCI layer */
622 static int hci_usb_send_frame(struct sk_buff *skb)
623 {
624         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
625         struct hci_usb *husb;
626
627         if (!hdev) {
628                 BT_ERR("frame for uknown device (hdev=NULL)");
629                 return -ENODEV;
630         }
631
632         if (!test_bit(HCI_RUNNING, &hdev->flags))
633                 return -EBUSY;
634
635         BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
636
637         husb = (struct hci_usb *) hdev->driver_data;
638
639         switch (bt_cb(skb)->pkt_type) {
640         case HCI_COMMAND_PKT:
641                 hdev->stat.cmd_tx++;
642                 break;
643
644         case HCI_ACLDATA_PKT:
645                 hdev->stat.acl_tx++;
646                 break;
647
648 #ifdef CONFIG_BT_HCIUSB_SCO
649         case HCI_SCODATA_PKT:
650                 hdev->stat.sco_tx++;
651                 break;
652 #endif
653
654         default:
655                 kfree_skb(skb);
656                 return 0;
657         }
658
659         read_lock(&husb->completion_lock);
660
661         skb_queue_tail(__transmit_q(husb, bt_cb(skb)->pkt_type), skb);
662         hci_usb_tx_wakeup(husb);
663
664         read_unlock(&husb->completion_lock);
665         return 0;
666 }
667
668 static inline int __recv_frame(struct hci_usb *husb, int type, void *data, int count)
669 {
670         BT_DBG("%s type %d data %p count %d", husb->hdev->name, type, data, count);
671
672         husb->hdev->stat.byte_rx += count;
673
674         while (count) {
675                 struct sk_buff *skb = __reassembly(husb, type);
676                 struct { int expect; } *scb;
677                 int len = 0;
678         
679                 if (!skb) {
680                         /* Start of the frame */
681
682                         switch (type) {
683                         case HCI_EVENT_PKT:
684                                 if (count >= HCI_EVENT_HDR_SIZE) {
685                                         struct hci_event_hdr *h = data;
686                                         len = HCI_EVENT_HDR_SIZE + h->plen;
687                                 } else
688                                         return -EILSEQ;
689                                 break;
690
691                         case HCI_ACLDATA_PKT:
692                                 if (count >= HCI_ACL_HDR_SIZE) {
693                                         struct hci_acl_hdr *h = data;
694                                         len = HCI_ACL_HDR_SIZE + __le16_to_cpu(h->dlen);
695                                 } else
696                                         return -EILSEQ;
697                                 break;
698 #ifdef CONFIG_BT_HCIUSB_SCO
699                         case HCI_SCODATA_PKT:
700                                 if (count >= HCI_SCO_HDR_SIZE) {
701                                         struct hci_sco_hdr *h = data;
702                                         len = HCI_SCO_HDR_SIZE + h->dlen;
703                                 } else
704                                         return -EILSEQ;
705                                 break;
706 #endif
707                         }
708                         BT_DBG("new packet len %d", len);
709
710                         skb = bt_skb_alloc(len, GFP_ATOMIC);
711                         if (!skb) {
712                                 BT_ERR("%s no memory for the packet", husb->hdev->name);
713                                 return -ENOMEM;
714                         }
715                         skb->dev = (void *) husb->hdev;
716                         bt_cb(skb)->pkt_type = type;
717         
718                         __reassembly(husb, type) = skb;
719
720                         scb = (void *) skb->cb;
721                         scb->expect = len;
722                 } else {
723                         /* Continuation */
724                         scb = (void *) skb->cb;
725                         len = scb->expect;
726                 }
727
728                 len = min(len, count);
729                 
730                 memcpy(skb_put(skb, len), data, len);
731
732                 scb->expect -= len;
733                 if (!scb->expect) {
734                         /* Complete frame */
735                         __reassembly(husb, type) = NULL;
736                         bt_cb(skb)->pkt_type = type;
737                         hci_recv_frame(skb);
738                 }
739
740                 count -= len; data += len;
741         }
742         return 0;
743 }
744
745 static void hci_usb_rx_complete(struct urb *urb)
746 {
747         struct _urb *_urb = container_of(urb, struct _urb, urb);
748         struct hci_usb *husb = (void *) urb->context;
749         struct hci_dev *hdev = husb->hdev;
750         int err, count = urb->actual_length;
751
752         BT_DBG("%s urb %p type %d status %d count %d flags %x", hdev->name, urb,
753                         _urb->type, urb->status, count, urb->transfer_flags);
754
755         read_lock(&husb->completion_lock);
756
757         if (!test_bit(HCI_RUNNING, &hdev->flags))
758                 goto unlock;
759
760         if (urb->status || !count)
761                 goto resubmit;
762
763         if (_urb->type == HCI_SCODATA_PKT) {
764 #ifdef CONFIG_BT_HCIUSB_SCO
765                 int i;
766                 for (i=0; i < urb->number_of_packets; i++) {
767                         BT_DBG("desc %d status %d offset %d len %d", i,
768                                         urb->iso_frame_desc[i].status,
769                                         urb->iso_frame_desc[i].offset,
770                                         urb->iso_frame_desc[i].actual_length);
771         
772                         if (!urb->iso_frame_desc[i].status)
773                                 __recv_frame(husb, _urb->type, 
774                                         urb->transfer_buffer + urb->iso_frame_desc[i].offset,
775                                         urb->iso_frame_desc[i].actual_length);
776                 }
777 #else
778                 ;
779 #endif
780         } else {
781                 err = __recv_frame(husb, _urb->type, urb->transfer_buffer, count);
782                 if (err < 0) { 
783                         BT_ERR("%s corrupted packet: type %d count %d",
784                                         husb->hdev->name, _urb->type, count);
785                         hdev->stat.err_rx++;
786                 }
787         }
788
789 resubmit:
790         urb->dev = husb->udev;
791         err = usb_submit_urb(urb, GFP_ATOMIC);
792         BT_DBG("%s urb %p type %d resubmit status %d", hdev->name, urb,
793                         _urb->type, err);
794
795 unlock:
796         read_unlock(&husb->completion_lock);
797 }
798
799 static void hci_usb_tx_complete(struct urb *urb)
800 {
801         struct _urb *_urb = container_of(urb, struct _urb, urb);
802         struct hci_usb *husb = (void *) urb->context;
803         struct hci_dev *hdev = husb->hdev;
804
805         BT_DBG("%s urb %p status %d flags %x", hdev->name, urb,
806                         urb->status, urb->transfer_flags);
807
808         atomic_dec(__pending_tx(husb, _urb->type));
809
810         urb->transfer_buffer = NULL;
811         kfree_skb((struct sk_buff *) _urb->priv);
812
813         if (!test_bit(HCI_RUNNING, &hdev->flags))
814                 return;
815
816         if (!urb->status)
817                 hdev->stat.byte_tx += urb->transfer_buffer_length;
818         else
819                 hdev->stat.err_tx++;
820
821         read_lock(&husb->completion_lock);
822
823         _urb_unlink(_urb);
824         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
825
826         hci_usb_tx_wakeup(husb);
827
828         read_unlock(&husb->completion_lock);
829 }
830
831 static void hci_usb_destruct(struct hci_dev *hdev)
832 {
833         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
834
835         BT_DBG("%s", hdev->name);
836
837         kfree(husb);
838 }
839
840 static void hci_usb_notify(struct hci_dev *hdev, unsigned int evt)
841 {
842         BT_DBG("%s evt %d", hdev->name, evt);
843 }
844
845 static int hci_usb_probe(struct usb_interface *intf, const struct usb_device_id *id)
846 {
847         struct usb_device *udev = interface_to_usbdev(intf);
848         struct usb_host_endpoint *bulk_out_ep = NULL;
849         struct usb_host_endpoint *bulk_in_ep = NULL;
850         struct usb_host_endpoint *intr_in_ep = NULL;
851         struct usb_host_endpoint  *ep;
852         struct usb_host_interface *uif;
853         struct usb_interface *isoc_iface;
854         struct hci_usb *husb;
855         struct hci_dev *hdev;
856         int i, e, size, isoc_ifnum, isoc_alts;
857
858         BT_DBG("udev %p intf %p", udev, intf);
859
860         if (!id->driver_info) {
861                 const struct usb_device_id *match;
862                 match = usb_match_id(intf, blacklist_ids);
863                 if (match)
864                         id = match;
865         }
866
867         if (ignore || id->driver_info & HCI_IGNORE)
868                 return -ENODEV;
869
870         if (ignore_dga && id->driver_info & HCI_DIGIANSWER)
871                 return -ENODEV;
872
873         if (ignore_csr && id->driver_info & HCI_CSR)
874                 return -ENODEV;
875
876         if (ignore_sniffer && id->driver_info & HCI_SNIFFER)
877                 return -ENODEV;
878
879         if (intf->cur_altsetting->desc.bInterfaceNumber > 0)
880                 return -ENODEV;
881
882         /* Find endpoints that we need */
883         uif = intf->cur_altsetting;
884         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
885                 ep = &uif->endpoint[e];
886
887                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
888                 case USB_ENDPOINT_XFER_INT:
889                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
890                                 intr_in_ep = ep;
891                         break;
892
893                 case USB_ENDPOINT_XFER_BULK:
894                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
895                                 bulk_in_ep  = ep;
896                         else
897                                 bulk_out_ep = ep;
898                         break;
899                 }
900         }
901
902         if (!bulk_in_ep || !bulk_out_ep || !intr_in_ep) {
903                 BT_DBG("Bulk endpoints not found");
904                 goto done;
905         }
906
907         if (!(husb = kzalloc(sizeof(struct hci_usb), GFP_KERNEL))) {
908                 BT_ERR("Can't allocate: control structure");
909                 goto done;
910         }
911
912         husb->udev = udev;
913         husb->bulk_out_ep = bulk_out_ep;
914         husb->bulk_in_ep  = bulk_in_ep;
915         husb->intr_in_ep  = intr_in_ep;
916
917         if (id->driver_info & HCI_DIGIANSWER)
918                 husb->ctrl_req = USB_TYPE_VENDOR;
919         else
920                 husb->ctrl_req = USB_TYPE_CLASS;
921
922         /* Find isochronous endpoints that we can use */
923         size = 0; 
924         isoc_iface = NULL;
925         isoc_alts  = 0;
926         isoc_ifnum = 1;
927
928 #ifdef CONFIG_BT_HCIUSB_SCO
929         if (isoc && !(id->driver_info & (HCI_BROKEN_ISOC | HCI_SNIFFER)))
930                 isoc_iface = usb_ifnum_to_if(udev, isoc_ifnum);
931
932         if (isoc_iface) {
933                 int a;
934                 struct usb_host_endpoint *isoc_out_ep = NULL;
935                 struct usb_host_endpoint *isoc_in_ep = NULL;
936
937                 for (a = 0; a < isoc_iface->num_altsetting; a++) {
938                         uif = &isoc_iface->altsetting[a];
939                         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
940                                 ep = &uif->endpoint[e];
941
942                                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
943                                 case USB_ENDPOINT_XFER_ISOC:
944                                         if (le16_to_cpu(ep->desc.wMaxPacketSize) < size ||
945                                                         uif->desc.bAlternateSetting != isoc)
946                                                 break;
947                                         size = le16_to_cpu(ep->desc.wMaxPacketSize);
948
949                                         isoc_alts = uif->desc.bAlternateSetting;
950
951                                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
952                                                 isoc_in_ep  = ep;
953                                         else
954                                                 isoc_out_ep = ep;
955                                         break;
956                                 }
957                         }
958                 }
959
960                 if (!isoc_in_ep || !isoc_out_ep)
961                         BT_DBG("Isoc endpoints not found");
962                 else {
963                         BT_DBG("isoc ifnum %d alts %d", isoc_ifnum, isoc_alts);
964                         if (usb_driver_claim_interface(&hci_usb_driver, isoc_iface, husb) != 0)
965                                 BT_ERR("Can't claim isoc interface");
966                         else if (usb_set_interface(udev, isoc_ifnum, isoc_alts)) {
967                                 BT_ERR("Can't set isoc interface settings");
968                                 husb->isoc_iface = isoc_iface;
969                                 usb_driver_release_interface(&hci_usb_driver, isoc_iface);
970                                 husb->isoc_iface = NULL;
971                         } else {
972                                 husb->isoc_iface  = isoc_iface;
973                                 husb->isoc_in_ep  = isoc_in_ep;
974                                 husb->isoc_out_ep = isoc_out_ep;
975                         }
976                 }
977         }
978 #endif
979
980         rwlock_init(&husb->completion_lock);
981
982         for (i = 0; i < 4; i++) {
983                 skb_queue_head_init(&husb->transmit_q[i]);
984                 _urb_queue_init(&husb->pending_q[i]);
985                 _urb_queue_init(&husb->completed_q[i]);
986         }
987
988         /* Initialize and register HCI device */
989         hdev = hci_alloc_dev();
990         if (!hdev) {
991                 BT_ERR("Can't allocate HCI device");
992                 goto probe_error;
993         }
994
995         husb->hdev = hdev;
996
997         hdev->type = HCI_USB;
998         hdev->driver_data = husb;
999         SET_HCIDEV_DEV(hdev, &intf->dev);
1000
1001         hdev->open     = hci_usb_open;
1002         hdev->close    = hci_usb_close;
1003         hdev->flush    = hci_usb_flush;
1004         hdev->send     = hci_usb_send_frame;
1005         hdev->destruct = hci_usb_destruct;
1006         hdev->notify   = hci_usb_notify;
1007
1008         hdev->owner = THIS_MODULE;
1009
1010         if (reset || id->driver_info & HCI_RESET)
1011                 set_bit(HCI_QUIRK_RESET_ON_INIT, &hdev->quirks);
1012
1013         if (force_scofix || id->driver_info & HCI_WRONG_SCO_MTU) {
1014                 if (!disable_scofix)
1015                         set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1016         }
1017
1018         if (id->driver_info & HCI_SNIFFER) {
1019                 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1020                         set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1021         }
1022
1023         if (id->driver_info & HCI_BCM92035) {
1024                 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1025                 struct sk_buff *skb;
1026
1027                 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1028                 if (skb) {
1029                         memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1030                         skb_queue_tail(&hdev->driver_init, skb);
1031                 }
1032         }
1033
1034         if (hci_register_dev(hdev) < 0) {
1035                 BT_ERR("Can't register HCI device");
1036                 hci_free_dev(hdev);
1037                 goto probe_error;
1038         }
1039
1040         usb_set_intfdata(intf, husb);
1041         return 0;
1042
1043 probe_error:
1044         if (husb->isoc_iface)
1045                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1046         kfree(husb);
1047
1048 done:
1049         return -EIO;
1050 }
1051
1052 static void hci_usb_disconnect(struct usb_interface *intf)
1053 {
1054         struct hci_usb *husb = usb_get_intfdata(intf);
1055         struct hci_dev *hdev;
1056
1057         if (!husb || intf == husb->isoc_iface)
1058                 return;
1059
1060         usb_set_intfdata(intf, NULL);
1061         hdev = husb->hdev;
1062
1063         BT_DBG("%s", hdev->name);
1064
1065         hci_usb_close(hdev);
1066
1067         if (husb->isoc_iface)
1068                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1069
1070         if (hci_unregister_dev(hdev) < 0)
1071                 BT_ERR("Can't unregister HCI device %s", hdev->name);
1072
1073         hci_free_dev(hdev);
1074 }
1075
1076 static int hci_usb_suspend(struct usb_interface *intf, pm_message_t message)
1077 {
1078         struct hci_usb *husb = usb_get_intfdata(intf);
1079         struct list_head killed;
1080         unsigned long flags;
1081         int i;
1082
1083         if (!husb || intf == husb->isoc_iface)
1084                 return 0;
1085
1086         hci_suspend_dev(husb->hdev);
1087
1088         INIT_LIST_HEAD(&killed);
1089
1090         for (i = 0; i < 4; i++) {
1091                 struct _urb_queue *q = &husb->pending_q[i];
1092                 struct _urb *_urb, *_tmp;
1093
1094                 while ((_urb = _urb_dequeue(q))) {
1095                         /* reset queue since _urb_dequeue sets it to NULL */
1096                         _urb->queue = q;
1097                         usb_kill_urb(&_urb->urb);
1098                         list_add(&_urb->list, &killed);
1099                 }
1100
1101                 spin_lock_irqsave(&q->lock, flags);
1102
1103                 list_for_each_entry_safe(_urb, _tmp, &killed, list) {
1104                         list_move_tail(&_urb->list, &q->head);
1105                 }
1106
1107                 spin_unlock_irqrestore(&q->lock, flags);
1108         }
1109
1110         return 0;
1111 }
1112
1113 static int hci_usb_resume(struct usb_interface *intf)
1114 {
1115         struct hci_usb *husb = usb_get_intfdata(intf);
1116         unsigned long flags;
1117         int i, err = 0;
1118
1119         if (!husb || intf == husb->isoc_iface)
1120                 return 0;
1121         
1122         for (i = 0; i < 4; i++) {
1123                 struct _urb_queue *q = &husb->pending_q[i];
1124                 struct _urb *_urb;
1125
1126                 spin_lock_irqsave(&q->lock, flags);
1127
1128                 list_for_each_entry(_urb, &q->head, list) {
1129                         err = usb_submit_urb(&_urb->urb, GFP_ATOMIC);
1130                         if (err)
1131                                 break;
1132                 }
1133
1134                 spin_unlock_irqrestore(&q->lock, flags);
1135
1136                 if (err)
1137                         return -EIO;
1138         }
1139
1140         hci_resume_dev(husb->hdev);
1141
1142         return 0;
1143 }
1144
1145 static struct usb_driver hci_usb_driver = {
1146         .name           = "hci_usb",
1147         .probe          = hci_usb_probe,
1148         .disconnect     = hci_usb_disconnect,
1149         .suspend        = hci_usb_suspend,
1150         .resume         = hci_usb_resume,
1151         .id_table       = bluetooth_ids,
1152 };
1153
1154 static int __init hci_usb_init(void)
1155 {
1156         int err;
1157
1158         BT_INFO("HCI USB driver ver %s", VERSION);
1159
1160         if ((err = usb_register(&hci_usb_driver)) < 0)
1161                 BT_ERR("Failed to register HCI USB driver");
1162
1163         return err;
1164 }
1165
1166 static void __exit hci_usb_exit(void)
1167 {
1168         usb_deregister(&hci_usb_driver);
1169 }
1170
1171 module_init(hci_usb_init);
1172 module_exit(hci_usb_exit);
1173
1174 module_param(ignore, bool, 0644);
1175 MODULE_PARM_DESC(ignore, "Ignore devices from the matching table");
1176
1177 module_param(ignore_dga, bool, 0644);
1178 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1179
1180 module_param(ignore_csr, bool, 0644);
1181 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1182
1183 module_param(ignore_sniffer, bool, 0644);
1184 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1185
1186 module_param(disable_scofix, bool, 0644);
1187 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1188
1189 module_param(force_scofix, bool, 0644);
1190 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1191
1192 module_param(reset, bool, 0644);
1193 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1194
1195 #ifdef CONFIG_BT_HCIUSB_SCO
1196 module_param(isoc, int, 0644);
1197 MODULE_PARM_DESC(isoc, "Set isochronous transfers for SCO over HCI support");
1198 #endif
1199
1200 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
1201 MODULE_DESCRIPTION("Bluetooth HCI USB driver ver " VERSION);
1202 MODULE_VERSION(VERSION);
1203 MODULE_LICENSE("GPL");