1	// SPDX-License-Identifier: GPL-2.0-or-later
2	/*
3	*
4	* Generic Bluetooth USB driver
5	*
6	* Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
7	*/
8
9	#include <linux/dmi.h>
10	#include <linux/module.h>
11	#include <linux/usb.h>
12	#include <linux/usb/quirks.h>
13	#include <linux/firmware.h>
14	#include <linux/iopoll.h>
15	#include <linux/of_device.h>
16	#include <linux/of_irq.h>
17	#include <linux/suspend.h>
18	#include <linux/gpio/consumer.h>
19	#include <linux/debugfs.h>
20	#include <asm/unaligned.h>
21
22	#include <net/bluetooth/bluetooth.h>
23	#include <net/bluetooth/hci_core.h>
24
25	#include "btintel.h"
26	#include "btbcm.h"
27	#include "btrtl.h"
28	#include "btmtk.h"
29
30	#define VERSION "0.8"
31
32	static bool disable_scofix;
33	static bool force_scofix;
34	static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND);
35	static bool enable_poll_sync = IS_ENABLED(CONFIG_BT_HCIBTUSB_POLL_SYNC);
36	static bool reset = true;
37
38	static struct usb_driver btusb_driver;
39
40	#define BTUSB_IGNORE BIT(0)
41	#define BTUSB_DIGIANSWER BIT(1)
42	#define BTUSB_CSR BIT(2)
43	#define BTUSB_SNIFFER BIT(3)
44	#define BTUSB_BCM92035 BIT(4)
45	#define BTUSB_BROKEN_ISOC BIT(5)
46	#define BTUSB_WRONG_SCO_MTU BIT(6)
47	#define BTUSB_ATH3012 BIT(7)
48	#define BTUSB_INTEL_COMBINED BIT(8)
49	#define BTUSB_INTEL_BOOT BIT(9)
50	#define BTUSB_BCM_PATCHRAM BIT(10)
51	#define BTUSB_MARVELL BIT(11)
52	#define BTUSB_SWAVE BIT(12)
53	#define BTUSB_AMP BIT(13)
54	#define BTUSB_QCA_ROME BIT(14)
55	#define BTUSB_BCM_APPLE BIT(15)
56	#define BTUSB_REALTEK BIT(16)
57	#define BTUSB_BCM2045 BIT(17)
58	#define BTUSB_IFNUM_2 BIT(18)
59	#define BTUSB_CW6622 BIT(19)
60	#define BTUSB_MEDIATEK BIT(20)
61	#define BTUSB_WIDEBAND_SPEECH BIT(21)
62	#define BTUSB_VALID_LE_STATES BIT(22)
63	#define BTUSB_QCA_WCN6855 BIT(23)
64	#define BTUSB_INTEL_BROKEN_SHUTDOWN_LED BIT(24)
65	#define BTUSB_INTEL_BROKEN_INITIAL_NCMD BIT(25)
66	#define BTUSB_INTEL_NO_WBS_SUPPORT BIT(26)
67	#define BTUSB_ACTIONS_SEMI BIT(27)
68
69	static const struct usb_device_id btusb_table[] = {
70	/* Generic Bluetooth USB device */
71	{ USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
72
73	/* Generic Bluetooth AMP device */
74	{ USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP },
75
76	/* Generic Bluetooth USB interface */
77	{ USB_INTERFACE_INFO(0xe0, 0x01, 0x01) },
78
79	/* Apple-specific (Broadcom) devices */
80	{ USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01),
81	.driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 },
82
83	/* MediaTek MT76x0E */
84	{ USB_DEVICE(0x0e8d, 0x763f) },
85
86	/* Broadcom SoftSailing reporting vendor specific */
87	{ USB_DEVICE(0x0a5c, 0x21e1) },
88
89	/* Apple MacBookPro 7,1 */
90	{ USB_DEVICE(0x05ac, 0x8213) },
91
92	/* Apple iMac11,1 */
93	{ USB_DEVICE(0x05ac, 0x8215) },
94
95	/* Apple MacBookPro6,2 */
96	{ USB_DEVICE(0x05ac, 0x8218) },
97
98	/* Apple MacBookAir3,1, MacBookAir3,2 */
99	{ USB_DEVICE(0x05ac, 0x821b) },
100
101	/* Apple MacBookAir4,1 */
102	{ USB_DEVICE(0x05ac, 0x821f) },
103
104	/* Apple MacBookPro8,2 */
105	{ USB_DEVICE(0x05ac, 0x821a) },
106
107	/* Apple MacMini5,1 */
108	{ USB_DEVICE(0x05ac, 0x8281) },
109
110	/* AVM BlueFRITZ! USB v2.0 */
111	{ USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE },
112
113	/* Bluetooth Ultraport Module from IBM */
114	{ USB_DEVICE(0x04bf, 0x030a) },
115
116	/* ALPS Modules with non-standard id */
117	{ USB_DEVICE(0x044e, 0x3001) },
118	{ USB_DEVICE(0x044e, 0x3002) },
119
120	/* Ericsson with non-standard id */
121	{ USB_DEVICE(0x0bdb, 0x1002) },
122
123	/* Canyon CN-BTU1 with HID interfaces */
124	{ USB_DEVICE(0x0c10, 0x0000) },
125
126	/* Broadcom BCM20702B0 (Dynex/Insignia) */
127	{ USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM },
128
129	/* Broadcom BCM43142A0 (Foxconn/Lenovo) */
130	{ USB_VENDOR_AND_INTERFACE_INFO(0x105b, 0xff, 0x01, 0x01),
131	.driver_info = BTUSB_BCM_PATCHRAM },
132
133	/* Broadcom BCM920703 (HTC Vive) */
134	{ USB_VENDOR_AND_INTERFACE_INFO(0x0bb4, 0xff, 0x01, 0x01),
135	.driver_info = BTUSB_BCM_PATCHRAM },
136
137	/* Foxconn - Hon Hai */
138	{ USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01),
139	.driver_info = BTUSB_BCM_PATCHRAM },
140
141	/* Lite-On Technology - Broadcom based */
142	{ USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01),
143	.driver_info = BTUSB_BCM_PATCHRAM },
144
145	/* Broadcom devices with vendor specific id */
146	{ USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
147	.driver_info = BTUSB_BCM_PATCHRAM },
148
149	/* ASUSTek Computer - Broadcom based */
150	{ USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01),
151	.driver_info = BTUSB_BCM_PATCHRAM },
152
153	/* Belkin F8065bf - Broadcom based */
154	{ USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01),
155	.driver_info = BTUSB_BCM_PATCHRAM },
156
157	/* IMC Networks - Broadcom based */
158	{ USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01),
159	.driver_info = BTUSB_BCM_PATCHRAM },
160
161	/* Dell Computer - Broadcom based */
162	{ USB_VENDOR_AND_INTERFACE_INFO(0x413c, 0xff, 0x01, 0x01),
163	.driver_info = BTUSB_BCM_PATCHRAM },
164
165	/* Toshiba Corp - Broadcom based */
166	{ USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01),
167	.driver_info = BTUSB_BCM_PATCHRAM },
168
169	/* Intel Bluetooth USB Bootloader (RAM module) */
170	{ USB_DEVICE(0x8087, 0x0a5a),
171	.driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC },
172
173	{ } /* Terminating entry */
174	};
175
176	MODULE_DEVICE_TABLE(usb, btusb_table);
177
178	static const struct usb_device_id quirks_table[] = {
179	/* CSR BlueCore devices */
180	{ USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
181
182	/* Broadcom BCM2033 without firmware */
183	{ USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
184
185	/* Broadcom BCM2045 devices */
186	{ USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 },
187
188	/* Atheros 3011 with sflash firmware */
189	{ USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
190	{ USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
191	{ USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE },
192	{ USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
193	{ USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
194	{ USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
195	{ USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
196
197	/* Atheros AR9285 Malbec with sflash firmware */
198	{ USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
199
200	/* Atheros 3012 with sflash firmware */
201	{ USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
202	{ USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
203	{ USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
204	{ USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
205	{ USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
206	{ USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
207	{ USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
208	{ USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 },
209	{ USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
210	{ USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
211	{ USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
212	{ USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
213	{ USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
214	{ USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
215	{ USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
216	{ USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 },
217	{ USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 },
218	{ USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 },
219	{ USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 },
220	{ USB_DEVICE(0x04ca, 0x3018), .driver_info = BTUSB_ATH3012 },
221	{ USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
222	{ USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 },
223	{ USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
224	{ USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 },
225	{ USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
226	{ USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
227	{ USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
228	{ USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
229	{ USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
230	{ USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
231	{ USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
232	{ USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
233	{ USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
234	{ USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 },
235	{ USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
236	{ USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
237	{ USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
238	{ USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 },
239	{ USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
240	{ USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
241	{ USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
242	{ USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 },
243	{ USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
244	{ USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
245	{ USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
246	{ USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
247	{ USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 },
248	{ USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
249	{ USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 },
250	{ USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 },
251
252	/* Atheros AR5BBU12 with sflash firmware */
253	{ USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
254
255	/* Atheros AR5BBU12 with sflash firmware */
256	{ USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
257	{ USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
258
259	/* QCA ROME chipset */
260	{ USB_DEVICE(0x0cf3, 0x535b), .driver_info = BTUSB_QCA_ROME |
261	BTUSB_WIDEBAND_SPEECH },
262	{ USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME |
263	BTUSB_WIDEBAND_SPEECH },
264	{ USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME |
265	BTUSB_WIDEBAND_SPEECH },
266	{ USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME |
267	BTUSB_WIDEBAND_SPEECH },
268	{ USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME |
269	BTUSB_WIDEBAND_SPEECH },
270	{ USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME |
271	BTUSB_WIDEBAND_SPEECH },
272	{ USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME |
273	BTUSB_WIDEBAND_SPEECH },
274	{ USB_DEVICE(0x0cf3, 0xe500), .driver_info = BTUSB_QCA_ROME |
275	BTUSB_WIDEBAND_SPEECH },
276	{ USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME |
277	BTUSB_WIDEBAND_SPEECH },
278	{ USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME |
279	BTUSB_WIDEBAND_SPEECH },
280	{ USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME |
281	BTUSB_WIDEBAND_SPEECH },
282	{ USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME |
283	BTUSB_WIDEBAND_SPEECH },
284	{ USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME |
285	BTUSB_WIDEBAND_SPEECH },
286	{ USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME |
287	BTUSB_WIDEBAND_SPEECH },
288	{ USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME |
289	BTUSB_WIDEBAND_SPEECH },
290	{ USB_DEVICE(0x04ca, 0x3021), .driver_info = BTUSB_QCA_ROME |
291	BTUSB_WIDEBAND_SPEECH },
292	{ USB_DEVICE(0x13d3, 0x3491), .driver_info = BTUSB_QCA_ROME |
293	BTUSB_WIDEBAND_SPEECH },
294	{ USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME |
295	BTUSB_WIDEBAND_SPEECH },
296	{ USB_DEVICE(0x13d3, 0x3501), .driver_info = BTUSB_QCA_ROME |
297	BTUSB_WIDEBAND_SPEECH },
298
299	/* QCA WCN6855 chipset */
300	{ USB_DEVICE(0x0cf3, 0xe600), .driver_info = BTUSB_QCA_WCN6855 |
301	BTUSB_WIDEBAND_SPEECH |
302	BTUSB_VALID_LE_STATES },
303	{ USB_DEVICE(0x0489, 0xe0cc), .driver_info = BTUSB_QCA_WCN6855 |
304	BTUSB_WIDEBAND_SPEECH |
305	BTUSB_VALID_LE_STATES },
306	{ USB_DEVICE(0x0489, 0xe0d6), .driver_info = BTUSB_QCA_WCN6855 |
307	BTUSB_WIDEBAND_SPEECH |
308	BTUSB_VALID_LE_STATES },
309	{ USB_DEVICE(0x0489, 0xe0e3), .driver_info = BTUSB_QCA_WCN6855 |
310	BTUSB_WIDEBAND_SPEECH |
311	BTUSB_VALID_LE_STATES },
312	{ USB_DEVICE(0x10ab, 0x9309), .driver_info = BTUSB_QCA_WCN6855 |
313	BTUSB_WIDEBAND_SPEECH |
314	BTUSB_VALID_LE_STATES },
315	{ USB_DEVICE(0x10ab, 0x9409), .driver_info = BTUSB_QCA_WCN6855 |
316	BTUSB_WIDEBAND_SPEECH |
317	BTUSB_VALID_LE_STATES },
318	{ USB_DEVICE(0x0489, 0xe0d0), .driver_info = BTUSB_QCA_WCN6855 |
319	BTUSB_WIDEBAND_SPEECH |
320	BTUSB_VALID_LE_STATES },
321	{ USB_DEVICE(0x10ab, 0x9108), .driver_info = BTUSB_QCA_WCN6855 |
322	BTUSB_WIDEBAND_SPEECH |
323	BTUSB_VALID_LE_STATES },
324	{ USB_DEVICE(0x10ab, 0x9109), .driver_info = BTUSB_QCA_WCN6855 |
325	BTUSB_WIDEBAND_SPEECH |
326	BTUSB_VALID_LE_STATES },
327	{ USB_DEVICE(0x10ab, 0x9208), .driver_info = BTUSB_QCA_WCN6855 |
328	BTUSB_WIDEBAND_SPEECH |
329	BTUSB_VALID_LE_STATES },
330	{ USB_DEVICE(0x10ab, 0x9209), .driver_info = BTUSB_QCA_WCN6855 |
331	BTUSB_WIDEBAND_SPEECH |
332	BTUSB_VALID_LE_STATES },
333	{ USB_DEVICE(0x10ab, 0x9308), .driver_info = BTUSB_QCA_WCN6855 |
334	BTUSB_WIDEBAND_SPEECH |
335	BTUSB_VALID_LE_STATES },
336	{ USB_DEVICE(0x10ab, 0x9408), .driver_info = BTUSB_QCA_WCN6855 |
337	BTUSB_WIDEBAND_SPEECH |
338	BTUSB_VALID_LE_STATES },
339	{ USB_DEVICE(0x10ab, 0x9508), .driver_info = BTUSB_QCA_WCN6855 |
340	BTUSB_WIDEBAND_SPEECH |
341	BTUSB_VALID_LE_STATES },
342	{ USB_DEVICE(0x10ab, 0x9509), .driver_info = BTUSB_QCA_WCN6855 |
343	BTUSB_WIDEBAND_SPEECH |
344	BTUSB_VALID_LE_STATES },
345	{ USB_DEVICE(0x10ab, 0x9608), .driver_info = BTUSB_QCA_WCN6855 |
346	BTUSB_WIDEBAND_SPEECH |
347	BTUSB_VALID_LE_STATES },
348	{ USB_DEVICE(0x10ab, 0x9609), .driver_info = BTUSB_QCA_WCN6855 |
349	BTUSB_WIDEBAND_SPEECH |
350	BTUSB_VALID_LE_STATES },
351	{ USB_DEVICE(0x10ab, 0x9f09), .driver_info = BTUSB_QCA_WCN6855 |
352	BTUSB_WIDEBAND_SPEECH |
353	BTUSB_VALID_LE_STATES },
354	{ USB_DEVICE(0x04ca, 0x3022), .driver_info = BTUSB_QCA_WCN6855 |
355	BTUSB_WIDEBAND_SPEECH |
356	BTUSB_VALID_LE_STATES },
357	{ USB_DEVICE(0x0489, 0xe0c7), .driver_info = BTUSB_QCA_WCN6855 |
358	BTUSB_WIDEBAND_SPEECH |
359	BTUSB_VALID_LE_STATES },
360	{ USB_DEVICE(0x0489, 0xe0c9), .driver_info = BTUSB_QCA_WCN6855 |
361	BTUSB_WIDEBAND_SPEECH |
362	BTUSB_VALID_LE_STATES },
363	{ USB_DEVICE(0x0489, 0xe0ca), .driver_info = BTUSB_QCA_WCN6855 |
364	BTUSB_WIDEBAND_SPEECH |
365	BTUSB_VALID_LE_STATES },
366	{ USB_DEVICE(0x0489, 0xe0cb), .driver_info = BTUSB_QCA_WCN6855 |
367	BTUSB_WIDEBAND_SPEECH |
368	BTUSB_VALID_LE_STATES },
369	{ USB_DEVICE(0x0489, 0xe0ce), .driver_info = BTUSB_QCA_WCN6855 |
370	BTUSB_WIDEBAND_SPEECH |
371	BTUSB_VALID_LE_STATES },
372	{ USB_DEVICE(0x0489, 0xe0de), .driver_info = BTUSB_QCA_WCN6855 |
373	BTUSB_WIDEBAND_SPEECH |
374	BTUSB_VALID_LE_STATES },
375	{ USB_DEVICE(0x0489, 0xe0df), .driver_info = BTUSB_QCA_WCN6855 |
376	BTUSB_WIDEBAND_SPEECH |
377	BTUSB_VALID_LE_STATES },
378	{ USB_DEVICE(0x0489, 0xe0e1), .driver_info = BTUSB_QCA_WCN6855 |
379	BTUSB_WIDEBAND_SPEECH |
380	BTUSB_VALID_LE_STATES },
381	{ USB_DEVICE(0x0489, 0xe0ea), .driver_info = BTUSB_QCA_WCN6855 |
382	BTUSB_WIDEBAND_SPEECH |
383	BTUSB_VALID_LE_STATES },
384	{ USB_DEVICE(0x0489, 0xe0ec), .driver_info = BTUSB_QCA_WCN6855 |
385	BTUSB_WIDEBAND_SPEECH |
386	BTUSB_VALID_LE_STATES },
387	{ USB_DEVICE(0x04ca, 0x3023), .driver_info = BTUSB_QCA_WCN6855 |
388	BTUSB_WIDEBAND_SPEECH |
389	BTUSB_VALID_LE_STATES },
390	{ USB_DEVICE(0x04ca, 0x3024), .driver_info = BTUSB_QCA_WCN6855 |
391	BTUSB_WIDEBAND_SPEECH |
392	BTUSB_VALID_LE_STATES },
393	{ USB_DEVICE(0x04ca, 0x3a22), .driver_info = BTUSB_QCA_WCN6855 |
394	BTUSB_WIDEBAND_SPEECH |
395	BTUSB_VALID_LE_STATES },
396	{ USB_DEVICE(0x04ca, 0x3a24), .driver_info = BTUSB_QCA_WCN6855 |
397	BTUSB_WIDEBAND_SPEECH |
398	BTUSB_VALID_LE_STATES },
399	{ USB_DEVICE(0x04ca, 0x3a26), .driver_info = BTUSB_QCA_WCN6855 |
400	BTUSB_WIDEBAND_SPEECH |
401	BTUSB_VALID_LE_STATES },
402	{ USB_DEVICE(0x04ca, 0x3a27), .driver_info = BTUSB_QCA_WCN6855 |
403	BTUSB_WIDEBAND_SPEECH |
404	BTUSB_VALID_LE_STATES },
405
406	/* QCA WCN785x chipset */
407	{ USB_DEVICE(0x0cf3, 0xe700), .driver_info = BTUSB_QCA_WCN6855 |
408	BTUSB_WIDEBAND_SPEECH |
409	BTUSB_VALID_LE_STATES },
410
411	/* Broadcom BCM2035 */
412	{ USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
413	{ USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
414	{ USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
415
416	/* Broadcom BCM2045 */
417	{ USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
418	{ USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
419
420	/* IBM/Lenovo ThinkPad with Broadcom chip */
421	{ USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
422	{ USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
423
424	/* HP laptop with Broadcom chip */
425	{ USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
426
427	/* Dell laptop with Broadcom chip */
428	{ USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
429
430	/* Dell Wireless 370 and 410 devices */
431	{ USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
432	{ USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
433
434	/* Belkin F8T012 and F8T013 devices */
435	{ USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
436	{ USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
437
438	/* Asus WL-BTD202 device */
439	{ USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
440
441	/* Kensington Bluetooth USB adapter */
442	{ USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
443
444	/* RTX Telecom based adapters with buggy SCO support */
445	{ USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
446	{ USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
447
448	/* CONWISE Technology based adapters with buggy SCO support */
449	{ USB_DEVICE(0x0e5e, 0x6622),
450	.driver_info = BTUSB_BROKEN_ISOC | BTUSB_CW6622},
451
452	/* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */
453	{ USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE },
454
455	/* Digianswer devices */
456	{ USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
457	{ USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
458
459	/* CSR BlueCore Bluetooth Sniffer */
460	{ USB_DEVICE(0x0a12, 0x0002),
461	.driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
462
463	/* Frontline ComProbe Bluetooth Sniffer */
464	{ USB_DEVICE(0x16d3, 0x0002),
465	.driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
466
467	/* Marvell Bluetooth devices */
468	{ USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL },
469	{ USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL },
470	{ USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL },
471
472	/* Intel Bluetooth devices */
473	{ USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_COMBINED },
474	{ USB_DEVICE(0x8087, 0x0026), .driver_info = BTUSB_INTEL_COMBINED },
475	{ USB_DEVICE(0x8087, 0x0029), .driver_info = BTUSB_INTEL_COMBINED },
476	{ USB_DEVICE(0x8087, 0x0032), .driver_info = BTUSB_INTEL_COMBINED },
477	{ USB_DEVICE(0x8087, 0x0033), .driver_info = BTUSB_INTEL_COMBINED },
478	{ USB_DEVICE(0x8087, 0x0035), .driver_info = BTUSB_INTEL_COMBINED },
479	{ USB_DEVICE(0x8087, 0x0036), .driver_info = BTUSB_INTEL_COMBINED },
480	{ USB_DEVICE(0x8087, 0x0038), .driver_info = BTUSB_INTEL_COMBINED },
481	{ USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR },
482	{ USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL_COMBINED |
483	BTUSB_INTEL_NO_WBS_SUPPORT |
484	BTUSB_INTEL_BROKEN_INITIAL_NCMD |
485	BTUSB_INTEL_BROKEN_SHUTDOWN_LED },
486	{ USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL_COMBINED |
487	BTUSB_INTEL_NO_WBS_SUPPORT |
488	BTUSB_INTEL_BROKEN_SHUTDOWN_LED },
489	{ USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_COMBINED },
490	{ USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL_COMBINED |
491	BTUSB_INTEL_BROKEN_SHUTDOWN_LED },
492	{ USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_COMBINED },
493
494	/* Other Intel Bluetooth devices */
495	{ USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01),
496	.driver_info = BTUSB_IGNORE },
497
498	/* Realtek 8821CE Bluetooth devices */
499	{ USB_DEVICE(0x13d3, 0x3529), .driver_info = BTUSB_REALTEK |
500	BTUSB_WIDEBAND_SPEECH },
501
502	/* Realtek 8822CE Bluetooth devices */
503	{ USB_DEVICE(0x0bda, 0xb00c), .driver_info = BTUSB_REALTEK |
504	BTUSB_WIDEBAND_SPEECH },
505	{ USB_DEVICE(0x0bda, 0xc822), .driver_info = BTUSB_REALTEK |
506	BTUSB_WIDEBAND_SPEECH },
507
508	/* Realtek 8822CU Bluetooth devices */
509	{ USB_DEVICE(0x13d3, 0x3549), .driver_info = BTUSB_REALTEK |
510	BTUSB_WIDEBAND_SPEECH },
511
512	/* Realtek 8852AE Bluetooth devices */
513	{ USB_DEVICE(0x0bda, 0x2852), .driver_info = BTUSB_REALTEK |
514	BTUSB_WIDEBAND_SPEECH },
515	{ USB_DEVICE(0x0bda, 0xc852), .driver_info = BTUSB_REALTEK |
516	BTUSB_WIDEBAND_SPEECH },
517	{ USB_DEVICE(0x0bda, 0x385a), .driver_info = BTUSB_REALTEK |
518	BTUSB_WIDEBAND_SPEECH },
519	{ USB_DEVICE(0x0bda, 0x4852), .driver_info = BTUSB_REALTEK |
520	BTUSB_WIDEBAND_SPEECH },
521	{ USB_DEVICE(0x04c5, 0x165c), .driver_info = BTUSB_REALTEK |
522	BTUSB_WIDEBAND_SPEECH },
523	{ USB_DEVICE(0x04ca, 0x4006), .driver_info = BTUSB_REALTEK |
524	BTUSB_WIDEBAND_SPEECH },
525	{ USB_DEVICE(0x0cb8, 0xc549), .driver_info = BTUSB_REALTEK |
526	BTUSB_WIDEBAND_SPEECH },
527
528	/* Realtek 8852CE Bluetooth devices */
529	{ USB_DEVICE(0x04ca, 0x4007), .driver_info = BTUSB_REALTEK |
530	BTUSB_WIDEBAND_SPEECH },
531	{ USB_DEVICE(0x04c5, 0x1675), .driver_info = BTUSB_REALTEK |
532	BTUSB_WIDEBAND_SPEECH },
533	{ USB_DEVICE(0x0cb8, 0xc558), .driver_info = BTUSB_REALTEK |
534	BTUSB_WIDEBAND_SPEECH },
535	{ USB_DEVICE(0x13d3, 0x3587), .driver_info = BTUSB_REALTEK |
536	BTUSB_WIDEBAND_SPEECH },
537	{ USB_DEVICE(0x13d3, 0x3586), .driver_info = BTUSB_REALTEK |
538	BTUSB_WIDEBAND_SPEECH },
539	{ USB_DEVICE(0x13d3, 0x3592), .driver_info = BTUSB_REALTEK |
540	BTUSB_WIDEBAND_SPEECH },
541
542	/* Realtek 8852BE Bluetooth devices */
543	{ USB_DEVICE(0x0cb8, 0xc559), .driver_info = BTUSB_REALTEK |
544	BTUSB_WIDEBAND_SPEECH },
545	{ USB_DEVICE(0x0bda, 0x887b), .driver_info = BTUSB_REALTEK |
546	BTUSB_WIDEBAND_SPEECH },
547	{ USB_DEVICE(0x0bda, 0xb85b), .driver_info = BTUSB_REALTEK |
548	BTUSB_WIDEBAND_SPEECH },
549	{ USB_DEVICE(0x13d3, 0x3570), .driver_info = BTUSB_REALTEK |
550	BTUSB_WIDEBAND_SPEECH },
551	{ USB_DEVICE(0x13d3, 0x3571), .driver_info = BTUSB_REALTEK |
552	BTUSB_WIDEBAND_SPEECH },
553	{ USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK |
554	BTUSB_WIDEBAND_SPEECH },
555
556	/* Realtek 8852BT/8852BE-VT Bluetooth devices */
557	{ USB_DEVICE(0x0bda, 0x8520), .driver_info = BTUSB_REALTEK |
558	BTUSB_WIDEBAND_SPEECH },
559	/* Realtek Bluetooth devices */
560	{ USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01),
561	.driver_info = BTUSB_REALTEK },
562
563	/* MediaTek Bluetooth devices */
564	{ USB_VENDOR_AND_INTERFACE_INFO(0x0e8d, 0xe0, 0x01, 0x01),
565	.driver_info = BTUSB_MEDIATEK |
566	BTUSB_WIDEBAND_SPEECH |
567	BTUSB_VALID_LE_STATES },
568
569	/* Additional MediaTek MT7615E Bluetooth devices */
570	{ USB_DEVICE(0x13d3, 0x3560), .driver_info = BTUSB_MEDIATEK},
571
572	/* Additional MediaTek MT7663 Bluetooth devices */
573	{ USB_DEVICE(0x043e, 0x310c), .driver_info = BTUSB_MEDIATEK |
574	BTUSB_WIDEBAND_SPEECH |
575	BTUSB_VALID_LE_STATES },
576	{ USB_DEVICE(0x04ca, 0x3801), .driver_info = BTUSB_MEDIATEK |
577	BTUSB_WIDEBAND_SPEECH |
578	BTUSB_VALID_LE_STATES },
579
580	/* Additional MediaTek MT7668 Bluetooth devices */
581	{ USB_DEVICE(0x043e, 0x3109), .driver_info = BTUSB_MEDIATEK |
582	BTUSB_WIDEBAND_SPEECH |
583	BTUSB_VALID_LE_STATES },
584
585	/* Additional MediaTek MT7921 Bluetooth devices */
586	{ USB_DEVICE(0x0489, 0xe0c8), .driver_info = BTUSB_MEDIATEK |
587	BTUSB_WIDEBAND_SPEECH |
588	BTUSB_VALID_LE_STATES },
589	{ USB_DEVICE(0x0489, 0xe0e0), .driver_info = BTUSB_MEDIATEK |
590	BTUSB_WIDEBAND_SPEECH |
591	BTUSB_VALID_LE_STATES },
592	{ USB_DEVICE(0x0489, 0xe0f2), .driver_info = BTUSB_MEDIATEK |
593	BTUSB_WIDEBAND_SPEECH |
594	BTUSB_VALID_LE_STATES },
595	{ USB_DEVICE(0x04ca, 0x3802), .driver_info = BTUSB_MEDIATEK |
596	BTUSB_WIDEBAND_SPEECH |
597	BTUSB_VALID_LE_STATES },
598	{ USB_DEVICE(0x13d3, 0x3563), .driver_info = BTUSB_MEDIATEK |
599	BTUSB_WIDEBAND_SPEECH |
600	BTUSB_VALID_LE_STATES },
601	{ USB_DEVICE(0x13d3, 0x3564), .driver_info = BTUSB_MEDIATEK |
602	BTUSB_WIDEBAND_SPEECH |
603	BTUSB_VALID_LE_STATES },
604	{ USB_DEVICE(0x13d3, 0x3567), .driver_info = BTUSB_MEDIATEK |
605	BTUSB_WIDEBAND_SPEECH |
606	BTUSB_VALID_LE_STATES },
607	{ USB_DEVICE(0x13d3, 0x3578), .driver_info = BTUSB_MEDIATEK |
608	BTUSB_WIDEBAND_SPEECH |
609	BTUSB_VALID_LE_STATES },
610	{ USB_DEVICE(0x13d3, 0x3583), .driver_info = BTUSB_MEDIATEK |
611	BTUSB_WIDEBAND_SPEECH |
612	BTUSB_VALID_LE_STATES },
613	{ USB_DEVICE(0x0489, 0xe0cd), .driver_info = BTUSB_MEDIATEK |
614	BTUSB_WIDEBAND_SPEECH |
615	BTUSB_VALID_LE_STATES },
616	{ USB_DEVICE(0x0e8d, 0x0608), .driver_info = BTUSB_MEDIATEK |
617	BTUSB_WIDEBAND_SPEECH |
618	BTUSB_VALID_LE_STATES },
619
620	/* MediaTek MT7922A Bluetooth devices */
621	{ USB_DEVICE(0x0489, 0xe0d8), .driver_info = BTUSB_MEDIATEK |
622	BTUSB_WIDEBAND_SPEECH |
623	BTUSB_VALID_LE_STATES },
624	{ USB_DEVICE(0x0489, 0xe0d9), .driver_info = BTUSB_MEDIATEK |
625	BTUSB_WIDEBAND_SPEECH |
626	BTUSB_VALID_LE_STATES },
627	{ USB_DEVICE(0x0489, 0xe0f5), .driver_info = BTUSB_MEDIATEK |
628	BTUSB_WIDEBAND_SPEECH |
629	BTUSB_VALID_LE_STATES },
630	{ USB_DEVICE(0x13d3, 0x3568), .driver_info = BTUSB_MEDIATEK |
631	BTUSB_WIDEBAND_SPEECH |
632	BTUSB_VALID_LE_STATES },
633	{ USB_DEVICE(0x0489, 0xe0e2), .driver_info = BTUSB_MEDIATEK |
634	BTUSB_WIDEBAND_SPEECH |
635	BTUSB_VALID_LE_STATES },
636	{ USB_DEVICE(0x0489, 0xe0e4), .driver_info = BTUSB_MEDIATEK |
637	BTUSB_WIDEBAND_SPEECH |
638	BTUSB_VALID_LE_STATES },
639	{ USB_DEVICE(0x0489, 0xe0f1), .driver_info = BTUSB_MEDIATEK |
640	BTUSB_WIDEBAND_SPEECH |
641	BTUSB_VALID_LE_STATES },
642	{ USB_DEVICE(0x0489, 0xe0f2), .driver_info = BTUSB_MEDIATEK |
643	BTUSB_WIDEBAND_SPEECH |
644	BTUSB_VALID_LE_STATES },
645	{ USB_DEVICE(0x0489, 0xe0f5), .driver_info = BTUSB_MEDIATEK |
646	BTUSB_WIDEBAND_SPEECH |
647	BTUSB_VALID_LE_STATES },
648	{ USB_DEVICE(0x0489, 0xe0f6), .driver_info = BTUSB_MEDIATEK |
649	BTUSB_WIDEBAND_SPEECH |
650	BTUSB_VALID_LE_STATES },
651	{ USB_DEVICE(0x0489, 0xe102), .driver_info = BTUSB_MEDIATEK |
652	BTUSB_WIDEBAND_SPEECH |
653	BTUSB_VALID_LE_STATES },
654	{ USB_DEVICE(0x04ca, 0x3804), .driver_info = BTUSB_MEDIATEK |
655	BTUSB_WIDEBAND_SPEECH |
656	BTUSB_VALID_LE_STATES },
657	{ USB_DEVICE(0x35f5, 0x7922), .driver_info = BTUSB_MEDIATEK |
658	BTUSB_WIDEBAND_SPEECH |
659	BTUSB_VALID_LE_STATES },
660
661	/* Additional MediaTek MT7925 Bluetooth devices */
662	{ USB_DEVICE(0x13d3, 0x3602), .driver_info = BTUSB_MEDIATEK |
663	BTUSB_WIDEBAND_SPEECH |
664	BTUSB_VALID_LE_STATES },
665
666	/* Additional Realtek 8723AE Bluetooth devices */
667	{ USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK },
668	{ USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK },
669
670	/* Additional Realtek 8723BE Bluetooth devices */
671	{ USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK },
672	{ USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK },
673	{ USB_DEVICE(0x04f2, 0xb49f), .driver_info = BTUSB_REALTEK },
674	{ USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK },
675	{ USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK },
676	{ USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK },
677	{ USB_DEVICE(0x13d3, 0x3494), .driver_info = BTUSB_REALTEK },
678
679	/* Additional Realtek 8723BU Bluetooth devices */
680	{ USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK },
681
682	/* Additional Realtek 8723DE Bluetooth devices */
683	{ USB_DEVICE(0x0bda, 0xb009), .driver_info = BTUSB_REALTEK },
684	{ USB_DEVICE(0x2ff8, 0xb011), .driver_info = BTUSB_REALTEK },
685
686	/* Additional Realtek 8761BUV Bluetooth devices */
687	{ USB_DEVICE(0x2357, 0x0604), .driver_info = BTUSB_REALTEK |
688	BTUSB_WIDEBAND_SPEECH },
689	{ USB_DEVICE(0x0b05, 0x190e), .driver_info = BTUSB_REALTEK |
690	BTUSB_WIDEBAND_SPEECH },
691	{ USB_DEVICE(0x2550, 0x8761), .driver_info = BTUSB_REALTEK |
692	BTUSB_WIDEBAND_SPEECH },
693	{ USB_DEVICE(0x0bda, 0x8771), .driver_info = BTUSB_REALTEK |
694	BTUSB_WIDEBAND_SPEECH },
695	{ USB_DEVICE(0x6655, 0x8771), .driver_info = BTUSB_REALTEK |
696	BTUSB_WIDEBAND_SPEECH },
697	{ USB_DEVICE(0x7392, 0xc611), .driver_info = BTUSB_REALTEK |
698	BTUSB_WIDEBAND_SPEECH },
699	{ USB_DEVICE(0x2b89, 0x8761), .driver_info = BTUSB_REALTEK |
700	BTUSB_WIDEBAND_SPEECH },
701
702	/* Additional Realtek 8821AE Bluetooth devices */
703	{ USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK },
704	{ USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK },
705	{ USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK },
706	{ USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK },
707	{ USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK },
708
709	/* Additional Realtek 8822BE Bluetooth devices */
710	{ USB_DEVICE(0x13d3, 0x3526), .driver_info = BTUSB_REALTEK },
711	{ USB_DEVICE(0x0b05, 0x185c), .driver_info = BTUSB_REALTEK },
712
713	/* Additional Realtek 8822CE Bluetooth devices */
714	{ USB_DEVICE(0x04ca, 0x4005), .driver_info = BTUSB_REALTEK |
715	BTUSB_WIDEBAND_SPEECH },
716	{ USB_DEVICE(0x04c5, 0x161f), .driver_info = BTUSB_REALTEK |
717	BTUSB_WIDEBAND_SPEECH },
718	{ USB_DEVICE(0x0b05, 0x18ef), .driver_info = BTUSB_REALTEK |
719	BTUSB_WIDEBAND_SPEECH },
720	{ USB_DEVICE(0x13d3, 0x3548), .driver_info = BTUSB_REALTEK |
721	BTUSB_WIDEBAND_SPEECH },
722	{ USB_DEVICE(0x13d3, 0x3549), .driver_info = BTUSB_REALTEK |
723	BTUSB_WIDEBAND_SPEECH },
724	{ USB_DEVICE(0x13d3, 0x3553), .driver_info = BTUSB_REALTEK |
725	BTUSB_WIDEBAND_SPEECH },
726	{ USB_DEVICE(0x13d3, 0x3555), .driver_info = BTUSB_REALTEK |
727	BTUSB_WIDEBAND_SPEECH },
728	{ USB_DEVICE(0x2ff8, 0x3051), .driver_info = BTUSB_REALTEK |
729	BTUSB_WIDEBAND_SPEECH },
730	{ USB_DEVICE(0x1358, 0xc123), .driver_info = BTUSB_REALTEK |
731	BTUSB_WIDEBAND_SPEECH },
732	{ USB_DEVICE(0x0bda, 0xc123), .driver_info = BTUSB_REALTEK |
733	BTUSB_WIDEBAND_SPEECH },
734	{ USB_DEVICE(0x0cb5, 0xc547), .driver_info = BTUSB_REALTEK |
735	BTUSB_WIDEBAND_SPEECH },
736
737	/* Actions Semiconductor ATS2851 based devices */
738	{ USB_DEVICE(0x10d7, 0xb012), .driver_info = BTUSB_ACTIONS_SEMI },
739
740	/* Silicon Wave based devices */
741	{ USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE },
742
743	{ } /* Terminating entry */
744	};
745
746	/* The Bluetooth USB module build into some devices needs to be reset on resume,
747	* this is a problem with the platform (likely shutting off all power) not with
748	* the module itself. So we use a DMI list to match known broken platforms.
749	*/
750	static const struct dmi_system_id btusb_needs_reset_resume_table[] = {
751	{
752	/* Dell OptiPlex 3060 (QCA ROME device 0cf3:e007) */
753	.matches = {
754	DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
755	DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 3060"),
756	},
757	},
758	{
759	/* Dell XPS 9360 (QCA ROME device 0cf3:e300) */
760	.matches = {
761	DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
762	DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9360"),
763	},
764	},
765	{
766	/* Dell Inspiron 5565 (QCA ROME device 0cf3:e009) */
767	.matches = {
768	DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
769	DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5565"),
770	},
771	},
772	{}
773	};
774
775	struct qca_dump_info {
776	/* fields for dump collection */
777	u16 id_vendor;
778	u16 id_product;
779	u32 fw_version;
780	u32 controller_id;
781	u32 ram_dump_size;
782	u16 ram_dump_seqno;
783	};
784
785	#define BTUSB_MAX_ISOC_FRAMES 10
786
787	#define BTUSB_INTR_RUNNING 0
788	#define BTUSB_BULK_RUNNING 1
789	#define BTUSB_ISOC_RUNNING 2
790	#define BTUSB_SUSPENDING 3
791	#define BTUSB_DID_ISO_RESUME 4
792	#define BTUSB_BOOTLOADER 5
793	#define BTUSB_DOWNLOADING 6
794	#define BTUSB_FIRMWARE_LOADED 7
795	#define BTUSB_FIRMWARE_FAILED 8
796	#define BTUSB_BOOTING 9
797	#define BTUSB_DIAG_RUNNING 10
798	#define BTUSB_OOB_WAKE_ENABLED 11
799	#define BTUSB_HW_RESET_ACTIVE 12
800	#define BTUSB_TX_WAIT_VND_EVT 13
801	#define BTUSB_WAKEUP_AUTOSUSPEND 14
802	#define BTUSB_USE_ALT3_FOR_WBS 15
803	#define BTUSB_ALT6_CONTINUOUS_TX 16
804	#define BTUSB_HW_SSR_ACTIVE 17
805
806	struct btusb_data {
807	struct hci_dev *hdev;
808	struct usb_device *udev;
809	struct usb_interface *intf;
810	struct usb_interface *isoc;
811	struct usb_interface *diag;
812	unsigned isoc_ifnum;
813
814	unsigned long flags;
815
816	bool poll_sync;
817	int intr_interval;
818	struct work_struct work;
819	struct work_struct waker;
820	struct delayed_work rx_work;
821
822	struct sk_buff_head acl_q;
823
824	struct usb_anchor deferred;
825	struct usb_anchor tx_anchor;
826	int tx_in_flight;
827	spinlock_t txlock;
828
829	struct usb_anchor intr_anchor;
830	struct usb_anchor bulk_anchor;
831	struct usb_anchor isoc_anchor;
832	struct usb_anchor diag_anchor;
833	struct usb_anchor ctrl_anchor;
834	spinlock_t rxlock;
835
836	struct sk_buff *evt_skb;
837	struct sk_buff *acl_skb;
838	struct sk_buff *sco_skb;
839
840	struct usb_endpoint_descriptor *intr_ep;
841	struct usb_endpoint_descriptor *bulk_tx_ep;
842	struct usb_endpoint_descriptor *bulk_rx_ep;
843	struct usb_endpoint_descriptor *isoc_tx_ep;
844	struct usb_endpoint_descriptor *isoc_rx_ep;
845	struct usb_endpoint_descriptor *diag_tx_ep;
846	struct usb_endpoint_descriptor *diag_rx_ep;
847
848	struct gpio_desc *reset_gpio;
849
850	__u8 cmdreq_type;
851	__u8 cmdreq;
852
853	unsigned int sco_num;
854	unsigned int air_mode;
855	bool usb_alt6_packet_flow;
856	int isoc_altsetting;
857	int suspend_count;
858
859	int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb);
860	int (*recv_acl)(struct hci_dev *hdev, struct sk_buff *skb);
861	int (*recv_bulk)(struct btusb_data *data, void *buffer, int count);
862
863	int (*setup_on_usb)(struct hci_dev *hdev);
864
865	int oob_wake_irq; /* irq for out-of-band wake-on-bt */
866	unsigned cmd_timeout_cnt;
867
868	struct qca_dump_info qca_dump;
869	};
870
871	static void btusb_reset(struct hci_dev *hdev)
872	{
873	struct btusb_data *data;
874	int err;
875
876	if (hdev->reset) {
877	hdev->reset(hdev);
878	return;
879	}
880
881	data = hci_get_drvdata(hdev);
882	/* This is not an unbalanced PM reference since the device will reset */
883	err = usb_autopm_get_interface(intf: data->intf);
884	if (err) {
885	bt_dev_err(hdev, "Failed usb_autopm_get_interface: %d", err);
886	return;
887	}
888
889	bt_dev_err(hdev, "Resetting usb device.");
890	usb_queue_reset_device(dev: data->intf);
891	}
892
893	static void btusb_intel_cmd_timeout(struct hci_dev *hdev)
894	{
895	struct btusb_data *data = hci_get_drvdata(hdev);
896	struct gpio_desc *reset_gpio = data->reset_gpio;
897	struct btintel_data *intel_data = hci_get_priv(hdev);
898
899	if (++data->cmd_timeout_cnt < 5)
900	return;
901
902	if (intel_data->acpi_reset_method) {
903	if (test_and_set_bit(nr: INTEL_ACPI_RESET_ACTIVE, addr: intel_data->flags)) {
904	bt_dev_err(hdev, "acpi: last reset failed ? Not resetting again");
905	return;
906	}
907
908	bt_dev_err(hdev, "Initiating acpi reset method");
909	/* If ACPI reset method fails, lets try with legacy GPIO
910	* toggling
911	*/
912	if (!intel_data->acpi_reset_method(hdev)) {
913	return;
914	}
915	}
916
917	if (!reset_gpio) {
918	btusb_reset(hdev);
919	return;
920	}
921
922	/*
923	* Toggle the hard reset line if the platform provides one. The reset
924	* is going to yank the device off the USB and then replug. So doing
925	* once is enough. The cleanup is handled correctly on the way out
926	* (standard USB disconnect), and the new device is detected cleanly
927	* and bound to the driver again like it should be.
928	*/
929	if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, addr: &data->flags)) {
930	bt_dev_err(hdev, "last reset failed? Not resetting again");
931	return;
932	}
933
934	bt_dev_err(hdev, "Initiating HW reset via gpio");
935	gpiod_set_value_cansleep(desc: reset_gpio, value: 1);
936	msleep(msecs: 100);
937	gpiod_set_value_cansleep(desc: reset_gpio, value: 0);
938	}
939
940	#define RTK_DEVCOREDUMP_CODE_MEMDUMP 0x01
941	#define RTK_DEVCOREDUMP_CODE_HW_ERR 0x02
942	#define RTK_DEVCOREDUMP_CODE_CMD_TIMEOUT 0x03
943
944	#define RTK_SUB_EVENT_CODE_COREDUMP 0x34
945
946	struct rtk_dev_coredump_hdr {
947	u8 type;
948	u8 code;
949	u8 reserved[2];
950	} __packed;
951
952	static inline void btusb_rtl_alloc_devcoredump(struct hci_dev *hdev,
953	struct rtk_dev_coredump_hdr *hdr, u8 *buf, u32 len)
954	{
955	struct sk_buff *skb;
956
957	skb = alloc_skb(size: len + sizeof(*hdr), GFP_ATOMIC);
958	if (!skb)
959	return;
960
961	skb_put_data(skb, data: hdr, len: sizeof(*hdr));
962	if (len)
963	skb_put_data(skb, data: buf, len);
964
965	if (!hci_devcd_init(hdev, dump_size: skb->len)) {
966	hci_devcd_append(hdev, skb);
967	hci_devcd_complete(hdev);
968	} else {
969	bt_dev_err(hdev, "RTL: Failed to generate devcoredump");
970	kfree_skb(skb);
971	}
972	}
973
974	static void btusb_rtl_cmd_timeout(struct hci_dev *hdev)
975	{
976	struct btusb_data *data = hci_get_drvdata(hdev);
977	struct gpio_desc *reset_gpio = data->reset_gpio;
978	struct rtk_dev_coredump_hdr hdr = {
979	.type = RTK_DEVCOREDUMP_CODE_CMD_TIMEOUT,
980	};
981
982	btusb_rtl_alloc_devcoredump(hdev, hdr: &hdr, NULL, len: 0);
983
984	if (++data->cmd_timeout_cnt < 5)
985	return;
986
987	if (!reset_gpio) {
988	btusb_reset(hdev);
989	return;
990	}
991
992	/* Toggle the hard reset line. The Realtek device is going to
993	* yank itself off the USB and then replug. The cleanup is handled
994	* correctly on the way out (standard USB disconnect), and the new
995	* device is detected cleanly and bound to the driver again like
996	* it should be.
997	*/
998	if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, addr: &data->flags)) {
999	bt_dev_err(hdev, "last reset failed? Not resetting again");
1000	return;
1001	}
1002
1003	bt_dev_err(hdev, "Reset Realtek device via gpio");
1004	gpiod_set_value_cansleep(desc: reset_gpio, value: 1);
1005	msleep(msecs: 200);
1006	gpiod_set_value_cansleep(desc: reset_gpio, value: 0);
1007	}
1008
1009	static void btusb_rtl_hw_error(struct hci_dev *hdev, u8 code)
1010	{
1011	struct rtk_dev_coredump_hdr hdr = {
1012	.type = RTK_DEVCOREDUMP_CODE_HW_ERR,
1013	.code = code,
1014	};
1015
1016	bt_dev_err(hdev, "RTL: hw err, trigger devcoredump (%d)", code);
1017
1018	btusb_rtl_alloc_devcoredump(hdev, hdr: &hdr, NULL, len: 0);
1019	}
1020
1021	static void btusb_qca_cmd_timeout(struct hci_dev *hdev)
1022	{
1023	struct btusb_data *data = hci_get_drvdata(hdev);
1024	struct gpio_desc *reset_gpio = data->reset_gpio;
1025
1026	if (test_bit(BTUSB_HW_SSR_ACTIVE, &data->flags)) {
1027	bt_dev_info(hdev, "Ramdump in progress, defer cmd_timeout");
1028	return;
1029	}
1030
1031	if (++data->cmd_timeout_cnt < 5)
1032	return;
1033
1034	if (reset_gpio) {
1035	bt_dev_err(hdev, "Reset qca device via bt_en gpio");
1036
1037	/* Toggle the hard reset line. The qca bt device is going to
1038	* yank itself off the USB and then replug. The cleanup is handled
1039	* correctly on the way out (standard USB disconnect), and the new
1040	* device is detected cleanly and bound to the driver again like
1041	* it should be.
1042	*/
1043	if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, addr: &data->flags)) {
1044	bt_dev_err(hdev, "last reset failed? Not resetting again");
1045	return;
1046	}
1047
1048	gpiod_set_value_cansleep(desc: reset_gpio, value: 0);
1049	msleep(msecs: 200);
1050	gpiod_set_value_cansleep(desc: reset_gpio, value: 1);
1051
1052	return;
1053	}
1054
1055	btusb_reset(hdev);
1056	}
1057
1058	static inline void btusb_free_frags(struct btusb_data *data)
1059	{
1060	unsigned long flags;
1061
1062	spin_lock_irqsave(&data->rxlock, flags);
1063
1064	dev_kfree_skb_irq(skb: data->evt_skb);
1065	data->evt_skb = NULL;
1066
1067	dev_kfree_skb_irq(skb: data->acl_skb);
1068	data->acl_skb = NULL;
1069
1070	dev_kfree_skb_irq(skb: data->sco_skb);
1071	data->sco_skb = NULL;
1072
1073	spin_unlock_irqrestore(lock: &data->rxlock, flags);
1074	}
1075
1076	static int btusb_recv_event(struct btusb_data *data, struct sk_buff *skb)
1077	{
1078	if (data->intr_interval) {
1079	/* Trigger dequeue immediatelly if an event is received */
1080	schedule_delayed_work(dwork: &data->rx_work, delay: 0);
1081	}
1082
1083	return data->recv_event(data->hdev, skb);
1084	}
1085
1086	static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count)
1087	{
1088	struct sk_buff *skb;
1089	unsigned long flags;
1090	int err = 0;
1091
1092	spin_lock_irqsave(&data->rxlock, flags);
1093	skb = data->evt_skb;
1094
1095	while (count) {
1096	int len;
1097
1098	if (!skb) {
1099	skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC);
1100	if (!skb) {
1101	err = -ENOMEM;
1102	break;
1103	}
1104
1105	hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1106	hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE;
1107	}
1108
1109	len = min_t(uint, hci_skb_expect(skb), count);
1110	skb_put_data(skb, data: buffer, len);
1111
1112	count -= len;
1113	buffer += len;
1114	hci_skb_expect(skb) -= len;
1115
1116	if (skb->len == HCI_EVENT_HDR_SIZE) {
1117	/* Complete event header */
1118	hci_skb_expect(skb) = hci_event_hdr(skb)->plen;
1119
1120	if (skb_tailroom(skb) < hci_skb_expect(skb)) {
1121	kfree_skb(skb);
1122	skb = NULL;
1123
1124	err = -EILSEQ;
1125	break;
1126	}
1127	}
1128
1129	if (!hci_skb_expect(skb)) {
1130	/* Complete frame */
1131	btusb_recv_event(data, skb);
1132	skb = NULL;
1133	}
1134	}
1135
1136	data->evt_skb = skb;
1137	spin_unlock_irqrestore(lock: &data->rxlock, flags);
1138
1139	return err;
1140	}
1141
1142	static int btusb_recv_acl(struct btusb_data *data, struct sk_buff *skb)
1143	{
1144	/* Only queue ACL packet if intr_interval is set as it means
1145	* force_poll_sync has been enabled.
1146	*/
1147	if (!data->intr_interval)
1148	return data->recv_acl(data->hdev, skb);
1149
1150	skb_queue_tail(list: &data->acl_q, newsk: skb);
1151	schedule_delayed_work(dwork: &data->rx_work, delay: data->intr_interval);
1152
1153	return 0;
1154	}
1155
1156	static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count)
1157	{
1158	struct sk_buff *skb;
1159	unsigned long flags;
1160	int err = 0;
1161
1162	spin_lock_irqsave(&data->rxlock, flags);
1163	skb = data->acl_skb;
1164
1165	while (count) {
1166	int len;
1167
1168	if (!skb) {
1169	skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC);
1170	if (!skb) {
1171	err = -ENOMEM;
1172	break;
1173	}
1174
1175	hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
1176	hci_skb_expect(skb) = HCI_ACL_HDR_SIZE;
1177	}
1178
1179	len = min_t(uint, hci_skb_expect(skb), count);
1180	skb_put_data(skb, data: buffer, len);
1181
1182	count -= len;
1183	buffer += len;
1184	hci_skb_expect(skb) -= len;
1185
1186	if (skb->len == HCI_ACL_HDR_SIZE) {
1187	__le16 dlen = hci_acl_hdr(skb)->dlen;
1188
1189	/* Complete ACL header */
1190	hci_skb_expect(skb) = __le16_to_cpu(dlen);
1191
1192	if (skb_tailroom(skb) < hci_skb_expect(skb)) {
1193	kfree_skb(skb);
1194	skb = NULL;
1195
1196	err = -EILSEQ;
1197	break;
1198	}
1199	}
1200
1201	if (!hci_skb_expect(skb)) {
1202	/* Complete frame */
1203	btusb_recv_acl(data, skb);
1204	skb = NULL;
1205	}
1206	}
1207
1208	data->acl_skb = skb;
1209	spin_unlock_irqrestore(lock: &data->rxlock, flags);
1210
1211	return err;
1212	}
1213
1214	static bool btusb_validate_sco_handle(struct hci_dev *hdev,
1215	struct hci_sco_hdr *hdr)
1216	{
1217	__u16 handle;
1218
1219	if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
1220	// Can't validate, userspace controls everything.
1221	return true;
1222
1223	/*
1224	* USB isochronous transfers are not designed to be reliable and may
1225	* lose fragments. When this happens, the next first fragment
1226	* encountered might actually be a continuation fragment.
1227	* Validate the handle to detect it and drop it, or else the upper
1228	* layer will get garbage for a while.
1229	*/
1230
1231	handle = hci_handle(__le16_to_cpu(hdr->handle));
1232
1233	switch (hci_conn_lookup_type(hdev, handle)) {
1234	case SCO_LINK:
1235	case ESCO_LINK:
1236	return true;
1237	default:
1238	return false;
1239	}
1240	}
1241
1242	static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count)
1243	{
1244	struct sk_buff *skb;
1245	unsigned long flags;
1246	int err = 0;
1247
1248	spin_lock_irqsave(&data->rxlock, flags);
1249	skb = data->sco_skb;
1250
1251	while (count) {
1252	int len;
1253
1254	if (!skb) {
1255	skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC);
1256	if (!skb) {
1257	err = -ENOMEM;
1258	break;
1259	}
1260
1261	hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
1262	hci_skb_expect(skb) = HCI_SCO_HDR_SIZE;
1263	}
1264
1265	len = min_t(uint, hci_skb_expect(skb), count);
1266	skb_put_data(skb, data: buffer, len);
1267
1268	count -= len;
1269	buffer += len;
1270	hci_skb_expect(skb) -= len;
1271
1272	if (skb->len == HCI_SCO_HDR_SIZE) {
1273	/* Complete SCO header */
1274	struct hci_sco_hdr *hdr = hci_sco_hdr(skb);
1275
1276	hci_skb_expect(skb) = hdr->dlen;
1277
1278	if (skb_tailroom(skb) < hci_skb_expect(skb) ||
1279	!btusb_validate_sco_handle(hdev: data->hdev, hdr)) {
1280	kfree_skb(skb);
1281	skb = NULL;
1282
1283	err = -EILSEQ;
1284	break;
1285	}
1286	}
1287
1288	if (!hci_skb_expect(skb)) {
1289	/* Complete frame */
1290	hci_recv_frame(hdev: data->hdev, skb);
1291	skb = NULL;
1292	}
1293	}
1294
1295	data->sco_skb = skb;
1296	spin_unlock_irqrestore(lock: &data->rxlock, flags);
1297
1298	return err;
1299	}
1300
1301	static void btusb_intr_complete(struct urb *urb)
1302	{
1303	struct hci_dev *hdev = urb->context;
1304	struct btusb_data *data = hci_get_drvdata(hdev);
1305	int err;
1306
1307	BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1308	urb->actual_length);
1309
1310	if (!test_bit(HCI_RUNNING, &hdev->flags))
1311	return;
1312
1313	if (urb->status == 0) {
1314	hdev->stat.byte_rx += urb->actual_length;
1315
1316	if (btusb_recv_intr(data, buffer: urb->transfer_buffer,
1317	count: urb->actual_length) < 0) {
1318	bt_dev_err(hdev, "corrupted event packet");
1319	hdev->stat.err_rx++;
1320	}
1321	} else if (urb->status == -ENOENT) {
1322	/* Avoid suspend failed when usb_kill_urb */
1323	return;
1324	}
1325
1326	if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
1327	return;
1328
1329	usb_mark_last_busy(udev: data->udev);
1330	usb_anchor_urb(urb, anchor: &data->intr_anchor);
1331
1332	err = usb_submit_urb(urb, GFP_ATOMIC);
1333	if (err < 0) {
1334	/* -EPERM: urb is being killed;
1335	* -ENODEV: device got disconnected
1336	*/
1337	if (err != -EPERM && err != -ENODEV)
1338	bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1339	urb, -err);
1340	if (err != -EPERM)
1341	hci_cmd_sync_cancel(hdev, err: -err);
1342	usb_unanchor_urb(urb);
1343	}
1344	}
1345
1346	static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
1347	{
1348	struct btusb_data *data = hci_get_drvdata(hdev);
1349	struct urb *urb;
1350	unsigned char *buf;
1351	unsigned int pipe;
1352	int err, size;
1353
1354	BT_DBG("%s", hdev->name);
1355
1356	if (!data->intr_ep)
1357	return -ENODEV;
1358
1359	urb = usb_alloc_urb(iso_packets: 0, mem_flags);
1360	if (!urb)
1361	return -ENOMEM;
1362
1363	size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
1364
1365	buf = kmalloc(size, flags: mem_flags);
1366	if (!buf) {
1367	usb_free_urb(urb);
1368	return -ENOMEM;
1369	}
1370
1371	pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
1372
1373	usb_fill_int_urb(urb, dev: data->udev, pipe, transfer_buffer: buf, buffer_length: size,
1374	complete_fn: btusb_intr_complete, context: hdev, interval: data->intr_ep->bInterval);
1375
1376	urb->transfer_flags |= URB_FREE_BUFFER;
1377
1378	usb_anchor_urb(urb, anchor: &data->intr_anchor);
1379
1380	err = usb_submit_urb(urb, mem_flags);
1381	if (err < 0) {
1382	if (err != -EPERM && err != -ENODEV)
1383	bt_dev_err(hdev, "urb %p submission failed (%d)",
1384	urb, -err);
1385	if (err != -EPERM)
1386	hci_cmd_sync_cancel(hdev, err: -err);
1387	usb_unanchor_urb(urb);
1388	}
1389
1390	/* Only initialize intr_interval if URB poll sync is enabled */
1391	if (!data->poll_sync)
1392	goto done;
1393
1394	/* The units are frames (milliseconds) for full and low speed devices,
1395	* and microframes (1/8 millisecond) for highspeed and SuperSpeed
1396	* devices.
1397	*
1398	* This is done once on open/resume so it shouldn't change even if
1399	* force_poll_sync changes.
1400	*/
1401	switch (urb->dev->speed) {
1402	case USB_SPEED_SUPER_PLUS:
1403	case USB_SPEED_SUPER: /* units are 125us */
1404	data->intr_interval = usecs_to_jiffies(u: urb->interval * 125);
1405	break;
1406	default:
1407	data->intr_interval = msecs_to_jiffies(m: urb->interval);
1408	break;
1409	}
1410
1411	done:
1412	usb_free_urb(urb);
1413
1414	return err;
1415	}
1416
1417	static void btusb_bulk_complete(struct urb *urb)
1418	{
1419	struct hci_dev *hdev = urb->context;
1420	struct btusb_data *data = hci_get_drvdata(hdev);
1421	int err;
1422
1423	BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1424	urb->actual_length);
1425
1426	if (!test_bit(HCI_RUNNING, &hdev->flags))
1427	return;
1428
1429	if (urb->status == 0) {
1430	hdev->stat.byte_rx += urb->actual_length;
1431
1432	if (data->recv_bulk(data, urb->transfer_buffer,
1433	urb->actual_length) < 0) {
1434	bt_dev_err(hdev, "corrupted ACL packet");
1435	hdev->stat.err_rx++;
1436	}
1437	} else if (urb->status == -ENOENT) {
1438	/* Avoid suspend failed when usb_kill_urb */
1439	return;
1440	}
1441
1442	if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
1443	return;
1444
1445	usb_anchor_urb(urb, anchor: &data->bulk_anchor);
1446	usb_mark_last_busy(udev: data->udev);
1447
1448	err = usb_submit_urb(urb, GFP_ATOMIC);
1449	if (err < 0) {
1450	/* -EPERM: urb is being killed;
1451	* -ENODEV: device got disconnected
1452	*/
1453	if (err != -EPERM && err != -ENODEV)
1454	bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1455	urb, -err);
1456	usb_unanchor_urb(urb);
1457	}
1458	}
1459
1460	static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
1461	{
1462	struct btusb_data *data = hci_get_drvdata(hdev);
1463	struct urb *urb;
1464	unsigned char *buf;
1465	unsigned int pipe;
1466	int err, size = HCI_MAX_FRAME_SIZE;
1467
1468	BT_DBG("%s", hdev->name);
1469
1470	if (!data->bulk_rx_ep)
1471	return -ENODEV;
1472
1473	urb = usb_alloc_urb(iso_packets: 0, mem_flags);
1474	if (!urb)
1475	return -ENOMEM;
1476
1477	buf = kmalloc(size, flags: mem_flags);
1478	if (!buf) {
1479	usb_free_urb(urb);
1480	return -ENOMEM;
1481	}
1482
1483	pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
1484
1485	usb_fill_bulk_urb(urb, dev: data->udev, pipe, transfer_buffer: buf, buffer_length: size,
1486	complete_fn: btusb_bulk_complete, context: hdev);
1487
1488	urb->transfer_flags |= URB_FREE_BUFFER;
1489
1490	usb_mark_last_busy(udev: data->udev);
1491	usb_anchor_urb(urb, anchor: &data->bulk_anchor);
1492
1493	err = usb_submit_urb(urb, mem_flags);
1494	if (err < 0) {
1495	if (err != -EPERM && err != -ENODEV)
1496	bt_dev_err(hdev, "urb %p submission failed (%d)",
1497	urb, -err);
1498	usb_unanchor_urb(urb);
1499	}
1500
1501	usb_free_urb(urb);
1502
1503	return err;
1504	}
1505
1506	static void btusb_isoc_complete(struct urb *urb)
1507	{
1508	struct hci_dev *hdev = urb->context;
1509	struct btusb_data *data = hci_get_drvdata(hdev);
1510	int i, err;
1511
1512	BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1513	urb->actual_length);
1514
1515	if (!test_bit(HCI_RUNNING, &hdev->flags))
1516	return;
1517
1518	if (urb->status == 0) {
1519	for (i = 0; i < urb->number_of_packets; i++) {
1520	unsigned int offset = urb->iso_frame_desc[i].offset;
1521	unsigned int length = urb->iso_frame_desc[i].actual_length;
1522
1523	if (urb->iso_frame_desc[i].status)
1524	continue;
1525
1526	hdev->stat.byte_rx += length;
1527
1528	if (btusb_recv_isoc(data, buffer: urb->transfer_buffer + offset,
1529	count: length) < 0) {
1530	bt_dev_err(hdev, "corrupted SCO packet");
1531	hdev->stat.err_rx++;
1532	}
1533	}
1534	} else if (urb->status == -ENOENT) {
1535	/* Avoid suspend failed when usb_kill_urb */
1536	return;
1537	}
1538
1539	if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
1540	return;
1541
1542	usb_anchor_urb(urb, anchor: &data->isoc_anchor);
1543
1544	err = usb_submit_urb(urb, GFP_ATOMIC);
1545	if (err < 0) {
1546	/* -EPERM: urb is being killed;
1547	* -ENODEV: device got disconnected
1548	*/
1549	if (err != -EPERM && err != -ENODEV)
1550	bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1551	urb, -err);
1552	usb_unanchor_urb(urb);
1553	}
1554	}
1555
1556	static inline void __fill_isoc_descriptor_msbc(struct urb *urb, int len,
1557	int mtu, struct btusb_data *data)
1558	{
1559	int i = 0, offset = 0;
1560	unsigned int interval;
1561
1562	BT_DBG("len %d mtu %d", len, mtu);
1563
1564	/* For mSBC ALT 6 settings some chips need to transmit the data
1565	* continuously without the zero length of USB packets.
1566	*/
1567	if (test_bit(BTUSB_ALT6_CONTINUOUS_TX, &data->flags))
1568	goto ignore_usb_alt6_packet_flow;
1569
1570	/* For mSBC ALT 6 setting the host will send the packet at continuous
1571	* flow. As per core spec 5, vol 4, part B, table 2.1. For ALT setting
1572	* 6 the HCI PACKET INTERVAL should be 7.5ms for every usb packets.
1573	* To maintain the rate we send 63bytes of usb packets alternatively for
1574	* 7ms and 8ms to maintain the rate as 7.5ms.
1575	*/
1576	if (data->usb_alt6_packet_flow) {
1577	interval = 7;
1578	data->usb_alt6_packet_flow = false;
1579	} else {
1580	interval = 6;
1581	data->usb_alt6_packet_flow = true;
1582	}
1583
1584	for (i = 0; i < interval; i++) {
1585	urb->iso_frame_desc[i].offset = offset;
1586	urb->iso_frame_desc[i].length = offset;
1587	}
1588
1589	ignore_usb_alt6_packet_flow:
1590	if (len && i < BTUSB_MAX_ISOC_FRAMES) {
1591	urb->iso_frame_desc[i].offset = offset;
1592	urb->iso_frame_desc[i].length = len;
1593	i++;
1594	}
1595
1596	urb->number_of_packets = i;
1597	}
1598
1599	static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
1600	{
1601	int i, offset = 0;
1602
1603	BT_DBG("len %d mtu %d", len, mtu);
1604
1605	for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
1606	i++, offset += mtu, len -= mtu) {
1607	urb->iso_frame_desc[i].offset = offset;
1608	urb->iso_frame_desc[i].length = mtu;
1609	}
1610
1611	if (len && i < BTUSB_MAX_ISOC_FRAMES) {
1612	urb->iso_frame_desc[i].offset = offset;
1613	urb->iso_frame_desc[i].length = len;
1614	i++;
1615	}
1616
1617	urb->number_of_packets = i;
1618	}
1619
1620	static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
1621	{
1622	struct btusb_data *data = hci_get_drvdata(hdev);
1623	struct urb *urb;
1624	unsigned char *buf;
1625	unsigned int pipe;
1626	int err, size;
1627
1628	BT_DBG("%s", hdev->name);
1629
1630	if (!data->isoc_rx_ep)
1631	return -ENODEV;
1632
1633	urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
1634	if (!urb)
1635	return -ENOMEM;
1636
1637	size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
1638	BTUSB_MAX_ISOC_FRAMES;
1639
1640	buf = kmalloc(size, flags: mem_flags);
1641	if (!buf) {
1642	usb_free_urb(urb);
1643	return -ENOMEM;
1644	}
1645
1646	pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
1647
1648	usb_fill_int_urb(urb, dev: data->udev, pipe, transfer_buffer: buf, buffer_length: size, complete_fn: btusb_isoc_complete,
1649	context: hdev, interval: data->isoc_rx_ep->bInterval);
1650
1651	urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
1652
1653	__fill_isoc_descriptor(urb, len: size,
1654	le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
1655
1656	usb_anchor_urb(urb, anchor: &data->isoc_anchor);
1657
1658	err = usb_submit_urb(urb, mem_flags);
1659	if (err < 0) {
1660	if (err != -EPERM && err != -ENODEV)
1661	bt_dev_err(hdev, "urb %p submission failed (%d)",
1662	urb, -err);
1663	usb_unanchor_urb(urb);
1664	}
1665
1666	usb_free_urb(urb);
1667
1668	return err;
1669	}
1670
1671	static void btusb_diag_complete(struct urb *urb)
1672	{
1673	struct hci_dev *hdev = urb->context;
1674	struct btusb_data *data = hci_get_drvdata(hdev);
1675	int err;
1676
1677	BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1678	urb->actual_length);
1679
1680	if (urb->status == 0) {
1681	struct sk_buff *skb;
1682
1683	skb = bt_skb_alloc(len: urb->actual_length, GFP_ATOMIC);
1684	if (skb) {
1685	skb_put_data(skb, data: urb->transfer_buffer,
1686	len: urb->actual_length);
1687	hci_recv_diag(hdev, skb);
1688	}
1689	} else if (urb->status == -ENOENT) {
1690	/* Avoid suspend failed when usb_kill_urb */
1691	return;
1692	}
1693
1694	if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags))
1695	return;
1696
1697	usb_anchor_urb(urb, anchor: &data->diag_anchor);
1698	usb_mark_last_busy(udev: data->udev);
1699
1700	err = usb_submit_urb(urb, GFP_ATOMIC);
1701	if (err < 0) {
1702	/* -EPERM: urb is being killed;
1703	* -ENODEV: device got disconnected
1704	*/
1705	if (err != -EPERM && err != -ENODEV)
1706	bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1707	urb, -err);
1708	usb_unanchor_urb(urb);
1709	}
1710	}
1711
1712	static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags)
1713	{
1714	struct btusb_data *data = hci_get_drvdata(hdev);
1715	struct urb *urb;
1716	unsigned char *buf;
1717	unsigned int pipe;
1718	int err, size = HCI_MAX_FRAME_SIZE;
1719
1720	BT_DBG("%s", hdev->name);
1721
1722	if (!data->diag_rx_ep)
1723	return -ENODEV;
1724
1725	urb = usb_alloc_urb(iso_packets: 0, mem_flags);
1726	if (!urb)
1727	return -ENOMEM;
1728
1729	buf = kmalloc(size, flags: mem_flags);
1730	if (!buf) {
1731	usb_free_urb(urb);
1732	return -ENOMEM;
1733	}
1734
1735	pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress);
1736
1737	usb_fill_bulk_urb(urb, dev: data->udev, pipe, transfer_buffer: buf, buffer_length: size,
1738	complete_fn: btusb_diag_complete, context: hdev);
1739
1740	urb->transfer_flags |= URB_FREE_BUFFER;
1741
1742	usb_mark_last_busy(udev: data->udev);
1743	usb_anchor_urb(urb, anchor: &data->diag_anchor);
1744
1745	err = usb_submit_urb(urb, mem_flags);
1746	if (err < 0) {
1747	if (err != -EPERM && err != -ENODEV)
1748	bt_dev_err(hdev, "urb %p submission failed (%d)",
1749	urb, -err);
1750	usb_unanchor_urb(urb);
1751	}
1752
1753	usb_free_urb(urb);
1754
1755	return err;
1756	}
1757
1758	static void btusb_tx_complete(struct urb *urb)
1759	{
1760	struct sk_buff *skb = urb->context;
1761	struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1762	struct btusb_data *data = hci_get_drvdata(hdev);
1763	unsigned long flags;
1764
1765	BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1766	urb->actual_length);
1767
1768	if (!test_bit(HCI_RUNNING, &hdev->flags))
1769	goto done;
1770
1771	if (!urb->status) {
1772	hdev->stat.byte_tx += urb->transfer_buffer_length;
1773	} else {
1774	if (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT)
1775	hci_cmd_sync_cancel(hdev, err: -urb->status);
1776	hdev->stat.err_tx++;
1777	}
1778
1779	done:
1780	spin_lock_irqsave(&data->txlock, flags);
1781	data->tx_in_flight--;
1782	spin_unlock_irqrestore(lock: &data->txlock, flags);
1783
1784	kfree(objp: urb->setup_packet);
1785
1786	kfree_skb(skb);
1787	}
1788
1789	static void btusb_isoc_tx_complete(struct urb *urb)
1790	{
1791	struct sk_buff *skb = urb->context;
1792	struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1793
1794	BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1795	urb->actual_length);
1796
1797	if (!test_bit(HCI_RUNNING, &hdev->flags))
1798	goto done;
1799
1800	if (!urb->status)
1801	hdev->stat.byte_tx += urb->transfer_buffer_length;
1802	else
1803	hdev->stat.err_tx++;
1804
1805	done:
1806	kfree(objp: urb->setup_packet);
1807
1808	kfree_skb(skb);
1809	}
1810
1811	static int btusb_open(struct hci_dev *hdev)
1812	{
1813	struct btusb_data *data = hci_get_drvdata(hdev);
1814	int err;
1815
1816	BT_DBG("%s", hdev->name);
1817
1818	err = usb_autopm_get_interface(intf: data->intf);
1819	if (err < 0)
1820	return err;
1821
1822	/* Patching USB firmware files prior to starting any URBs of HCI path
1823	* It is more safe to use USB bulk channel for downloading USB patch
1824	*/
1825	if (data->setup_on_usb) {
1826	err = data->setup_on_usb(hdev);
1827	if (err < 0)
1828	goto setup_fail;
1829	}
1830
1831	data->intf->needs_remote_wakeup = 1;
1832
1833	if (test_and_set_bit(BTUSB_INTR_RUNNING, addr: &data->flags))
1834	goto done;
1835
1836	err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
1837	if (err < 0)
1838	goto failed;
1839
1840	err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1841	if (err < 0) {
1842	usb_kill_anchored_urbs(anchor: &data->intr_anchor);
1843	goto failed;
1844	}
1845
1846	set_bit(BTUSB_BULK_RUNNING, addr: &data->flags);
1847	btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1848
1849	if (data->diag) {
1850	if (!btusb_submit_diag_urb(hdev, GFP_KERNEL))
1851	set_bit(BTUSB_DIAG_RUNNING, addr: &data->flags);
1852	}
1853
1854	done:
1855	usb_autopm_put_interface(intf: data->intf);
1856	return 0;
1857
1858	failed:
1859	clear_bit(BTUSB_INTR_RUNNING, addr: &data->flags);
1860	setup_fail:
1861	usb_autopm_put_interface(intf: data->intf);
1862	return err;
1863	}
1864
1865	static void btusb_stop_traffic(struct btusb_data *data)
1866	{
1867	usb_kill_anchored_urbs(anchor: &data->intr_anchor);
1868	usb_kill_anchored_urbs(anchor: &data->bulk_anchor);
1869	usb_kill_anchored_urbs(anchor: &data->isoc_anchor);
1870	usb_kill_anchored_urbs(anchor: &data->diag_anchor);
1871	usb_kill_anchored_urbs(anchor: &data->ctrl_anchor);
1872	}
1873
1874	static int btusb_close(struct hci_dev *hdev)
1875	{
1876	struct btusb_data *data = hci_get_drvdata(hdev);
1877	int err;
1878
1879	BT_DBG("%s", hdev->name);
1880
1881	cancel_delayed_work(dwork: &data->rx_work);
1882	cancel_work_sync(work: &data->work);
1883	cancel_work_sync(work: &data->waker);
1884
1885	skb_queue_purge(list: &data->acl_q);
1886
1887	clear_bit(BTUSB_ISOC_RUNNING, addr: &data->flags);
1888	clear_bit(BTUSB_BULK_RUNNING, addr: &data->flags);
1889	clear_bit(BTUSB_INTR_RUNNING, addr: &data->flags);
1890	clear_bit(BTUSB_DIAG_RUNNING, addr: &data->flags);
1891
1892	btusb_stop_traffic(data);
1893	btusb_free_frags(data);
1894
1895	err = usb_autopm_get_interface(intf: data->intf);
1896	if (err < 0)
1897	goto failed;
1898
1899	data->intf->needs_remote_wakeup = 0;
1900
1901	/* Enable remote wake up for auto-suspend */
1902	if (test_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags))
1903	data->intf->needs_remote_wakeup = 1;
1904
1905	usb_autopm_put_interface(intf: data->intf);
1906
1907	failed:
1908	usb_scuttle_anchored_urbs(anchor: &data->deferred);
1909	return 0;
1910	}
1911
1912	static int btusb_flush(struct hci_dev *hdev)
1913	{
1914	struct btusb_data *data = hci_get_drvdata(hdev);
1915
1916	BT_DBG("%s", hdev->name);
1917
1918	cancel_delayed_work(dwork: &data->rx_work);
1919
1920	skb_queue_purge(list: &data->acl_q);
1921
1922	usb_kill_anchored_urbs(anchor: &data->tx_anchor);
1923	btusb_free_frags(data);
1924
1925	return 0;
1926	}
1927
1928	static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb)
1929	{
1930	struct btusb_data *data = hci_get_drvdata(hdev);
1931	struct usb_ctrlrequest *dr;
1932	struct urb *urb;
1933	unsigned int pipe;
1934
1935	urb = usb_alloc_urb(iso_packets: 0, GFP_KERNEL);
1936	if (!urb)
1937	return ERR_PTR(error: -ENOMEM);
1938
1939	dr = kmalloc(size: sizeof(*dr), GFP_KERNEL);
1940	if (!dr) {
1941	usb_free_urb(urb);
1942	return ERR_PTR(error: -ENOMEM);
1943	}
1944
1945	dr->bRequestType = data->cmdreq_type;
1946	dr->bRequest = data->cmdreq;
1947	dr->wIndex = 0;
1948	dr->wValue = 0;
1949	dr->wLength = __cpu_to_le16(skb->len);
1950
1951	pipe = usb_sndctrlpipe(data->udev, 0x00);
1952
1953	usb_fill_control_urb(urb, dev: data->udev, pipe, setup_packet: (void *)dr,
1954	transfer_buffer: skb->data, buffer_length: skb->len, complete_fn: btusb_tx_complete, context: skb);
1955
1956	skb->dev = (void *)hdev;
1957
1958	return urb;
1959	}
1960
1961	static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb)
1962	{
1963	struct btusb_data *data = hci_get_drvdata(hdev);
1964	struct urb *urb;
1965	unsigned int pipe;
1966
1967	if (!data->bulk_tx_ep)
1968	return ERR_PTR(error: -ENODEV);
1969
1970	urb = usb_alloc_urb(iso_packets: 0, GFP_KERNEL);
1971	if (!urb)
1972	return ERR_PTR(error: -ENOMEM);
1973
1974	pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress);
1975
1976	usb_fill_bulk_urb(urb, dev: data->udev, pipe,
1977	transfer_buffer: skb->data, buffer_length: skb->len, complete_fn: btusb_tx_complete, context: skb);
1978
1979	skb->dev = (void *)hdev;
1980
1981	return urb;
1982	}
1983
1984	static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb)
1985	{
1986	struct btusb_data *data = hci_get_drvdata(hdev);
1987	struct urb *urb;
1988	unsigned int pipe;
1989
1990	if (!data->isoc_tx_ep)
1991	return ERR_PTR(error: -ENODEV);
1992
1993	urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL);
1994	if (!urb)
1995	return ERR_PTR(error: -ENOMEM);
1996
1997	pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress);
1998
1999	usb_fill_int_urb(urb, dev: data->udev, pipe,
2000	transfer_buffer: skb->data, buffer_length: skb->len, complete_fn: btusb_isoc_tx_complete,
2001	context: skb, interval: data->isoc_tx_ep->bInterval);
2002
2003	urb->transfer_flags = URB_ISO_ASAP;
2004
2005	if (data->isoc_altsetting == 6)
2006	__fill_isoc_descriptor_msbc(urb, len: skb->len,
2007	le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize),
2008	data);
2009	else
2010	__fill_isoc_descriptor(urb, len: skb->len,
2011	le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
2012	skb->dev = (void *)hdev;
2013
2014	return urb;
2015	}
2016
2017	static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb)
2018	{
2019	struct btusb_data *data = hci_get_drvdata(hdev);
2020	int err;
2021
2022	usb_anchor_urb(urb, anchor: &data->tx_anchor);
2023
2024	err = usb_submit_urb(urb, GFP_KERNEL);
2025	if (err < 0) {
2026	if (err != -EPERM && err != -ENODEV)
2027	bt_dev_err(hdev, "urb %p submission failed (%d)",
2028	urb, -err);
2029	kfree(objp: urb->setup_packet);
2030	usb_unanchor_urb(urb);
2031	} else {
2032	usb_mark_last_busy(udev: data->udev);
2033	}
2034
2035	usb_free_urb(urb);
2036	return err;
2037	}
2038
2039	static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb)
2040	{
2041	struct btusb_data *data = hci_get_drvdata(hdev);
2042	unsigned long flags;
2043	bool suspending;
2044
2045	spin_lock_irqsave(&data->txlock, flags);
2046	suspending = test_bit(BTUSB_SUSPENDING, &data->flags);
2047	if (!suspending)
2048	data->tx_in_flight++;
2049	spin_unlock_irqrestore(lock: &data->txlock, flags);
2050
2051	if (!suspending)
2052	return submit_tx_urb(hdev, urb);
2053
2054	usb_anchor_urb(urb, anchor: &data->deferred);
2055	schedule_work(work: &data->waker);
2056
2057	usb_free_urb(urb);
2058	return 0;
2059	}
2060
2061	static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
2062	{
2063	struct urb *urb;
2064
2065	BT_DBG("%s", hdev->name);
2066
2067	switch (hci_skb_pkt_type(skb)) {
2068	case HCI_COMMAND_PKT:
2069	urb = alloc_ctrl_urb(hdev, skb);
2070	if (IS_ERR(ptr: urb))
2071	return PTR_ERR(ptr: urb);
2072
2073	hdev->stat.cmd_tx++;
2074	return submit_or_queue_tx_urb(hdev, urb);
2075
2076	case HCI_ACLDATA_PKT:
2077	urb = alloc_bulk_urb(hdev, skb);
2078	if (IS_ERR(ptr: urb))
2079	return PTR_ERR(ptr: urb);
2080
2081	hdev->stat.acl_tx++;
2082	return submit_or_queue_tx_urb(hdev, urb);
2083
2084	case HCI_SCODATA_PKT:
2085	if (hci_conn_num(hdev, SCO_LINK) < 1)
2086	return -ENODEV;
2087
2088	urb = alloc_isoc_urb(hdev, skb);
2089	if (IS_ERR(ptr: urb))
2090	return PTR_ERR(ptr: urb);
2091
2092	hdev->stat.sco_tx++;
2093	return submit_tx_urb(hdev, urb);
2094
2095	case HCI_ISODATA_PKT:
2096	urb = alloc_bulk_urb(hdev, skb);
2097	if (IS_ERR(ptr: urb))
2098	return PTR_ERR(ptr: urb);
2099
2100	return submit_or_queue_tx_urb(hdev, urb);
2101	}
2102
2103	return -EILSEQ;
2104	}
2105
2106	static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
2107	{
2108	struct btusb_data *data = hci_get_drvdata(hdev);
2109
2110	BT_DBG("%s evt %d", hdev->name, evt);
2111
2112	if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) {
2113	data->sco_num = hci_conn_num(hdev, SCO_LINK);
2114	data->air_mode = evt;
2115	schedule_work(work: &data->work);
2116	}
2117	}
2118
2119	static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
2120	{
2121	struct btusb_data *data = hci_get_drvdata(hdev);
2122	struct usb_interface *intf = data->isoc;
2123	struct usb_endpoint_descriptor *ep_desc;
2124	int i, err;
2125
2126	if (!data->isoc)
2127	return -ENODEV;
2128
2129	err = usb_set_interface(dev: data->udev, ifnum: data->isoc_ifnum, alternate: altsetting);
2130	if (err < 0) {
2131	bt_dev_err(hdev, "setting interface failed (%d)", -err);
2132	return err;
2133	}
2134
2135	data->isoc_altsetting = altsetting;
2136
2137	data->isoc_tx_ep = NULL;
2138	data->isoc_rx_ep = NULL;
2139
2140	for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
2141	ep_desc = &intf->cur_altsetting->endpoint[i].desc;
2142
2143	if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(epd: ep_desc)) {
2144	data->isoc_tx_ep = ep_desc;
2145	continue;
2146	}
2147
2148	if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(epd: ep_desc)) {
2149	data->isoc_rx_ep = ep_desc;
2150	continue;
2151	}
2152	}
2153
2154	if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
2155	bt_dev_err(hdev, "invalid SCO descriptors");
2156	return -ENODEV;
2157	}
2158
2159	return 0;
2160	}
2161
2162	static int btusb_switch_alt_setting(struct hci_dev *hdev, int new_alts)
2163	{
2164	struct btusb_data *data = hci_get_drvdata(hdev);
2165	int err;
2166
2167	if (data->isoc_altsetting != new_alts) {
2168	unsigned long flags;
2169
2170	clear_bit(BTUSB_ISOC_RUNNING, addr: &data->flags);
2171	usb_kill_anchored_urbs(anchor: &data->isoc_anchor);
2172
2173	/* When isochronous alternate setting needs to be
2174	* changed, because SCO connection has been added
2175	* or removed, a packet fragment may be left in the
2176	* reassembling state. This could lead to wrongly
2177	* assembled fragments.
2178	*
2179	* Clear outstanding fragment when selecting a new
2180	* alternate setting.
2181	*/
2182	spin_lock_irqsave(&data->rxlock, flags);
2183	dev_kfree_skb_irq(skb: data->sco_skb);
2184	data->sco_skb = NULL;
2185	spin_unlock_irqrestore(lock: &data->rxlock, flags);
2186
2187	err = __set_isoc_interface(hdev, altsetting: new_alts);
2188	if (err < 0)
2189	return err;
2190	}
2191
2192	if (!test_and_set_bit(BTUSB_ISOC_RUNNING, addr: &data->flags)) {
2193	if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
2194	clear_bit(BTUSB_ISOC_RUNNING, addr: &data->flags);
2195	else
2196	btusb_submit_isoc_urb(hdev, GFP_KERNEL);
2197	}
2198
2199	return 0;
2200	}
2201
2202	static struct usb_host_interface *btusb_find_altsetting(struct btusb_data *data,
2203	int alt)
2204	{
2205	struct usb_interface *intf = data->isoc;
2206	int i;
2207
2208	BT_DBG("Looking for Alt no :%d", alt);
2209
2210	if (!intf)
2211	return NULL;
2212
2213	for (i = 0; i < intf->num_altsetting; i++) {
2214	if (intf->altsetting[i].desc.bAlternateSetting == alt)
2215	return &intf->altsetting[i];
2216	}
2217
2218	return NULL;
2219	}
2220
2221	static void btusb_work(struct work_struct *work)
2222	{
2223	struct btusb_data *data = container_of(work, struct btusb_data, work);
2224	struct hci_dev *hdev = data->hdev;
2225	int new_alts = 0;
2226	int err;
2227
2228	if (data->sco_num > 0) {
2229	if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
2230	err = usb_autopm_get_interface(intf: data->isoc ? data->isoc : data->intf);
2231	if (err < 0) {
2232	clear_bit(BTUSB_ISOC_RUNNING, addr: &data->flags);
2233	usb_kill_anchored_urbs(anchor: &data->isoc_anchor);
2234	return;
2235	}
2236
2237	set_bit(BTUSB_DID_ISO_RESUME, addr: &data->flags);
2238	}
2239
2240	if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_CVSD) {
2241	if (hdev->voice_setting & 0x0020) {
2242	static const int alts[3] = { 2, 4, 5 };
2243
2244	new_alts = alts[data->sco_num - 1];
2245	} else {
2246	new_alts = data->sco_num;
2247	}
2248	} else if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_TRANSP) {
2249	/* Bluetooth USB spec recommends alt 6 (63 bytes), but
2250	* many adapters do not support it. Alt 1 appears to
2251	* work for all adapters that do not have alt 6, and
2252	* which work with WBS at all. Some devices prefer
2253	* alt 3 (HCI payload >= 60 Bytes let air packet
2254	* data satisfy 60 bytes), requiring
2255	* MTU >= 3 (packets) * 25 (size) - 3 (headers) = 72
2256	* see also Core spec 5, vol 4, B 2.1.1 & Table 2.1.
2257	*/
2258	if (btusb_find_altsetting(data, alt: 6))
2259	new_alts = 6;
2260	else if (btusb_find_altsetting(data, alt: 3) &&
2261	hdev->sco_mtu >= 72 &&
2262	test_bit(BTUSB_USE_ALT3_FOR_WBS, &data->flags))
2263	new_alts = 3;
2264	else
2265	new_alts = 1;
2266	}
2267
2268	if (btusb_switch_alt_setting(hdev, new_alts) < 0)
2269	bt_dev_err(hdev, "set USB alt:(%d) failed!", new_alts);
2270	} else {
2271	usb_kill_anchored_urbs(anchor: &data->isoc_anchor);
2272
2273	if (test_and_clear_bit(BTUSB_ISOC_RUNNING, addr: &data->flags))
2274	__set_isoc_interface(hdev, altsetting: 0);
2275
2276	if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, addr: &data->flags))
2277	usb_autopm_put_interface(intf: data->isoc ? data->isoc : data->intf);
2278	}
2279	}
2280
2281	static void btusb_waker(struct work_struct *work)
2282	{
2283	struct btusb_data *data = container_of(work, struct btusb_data, waker);
2284	int err;
2285
2286	err = usb_autopm_get_interface(intf: data->intf);
2287	if (err < 0)
2288	return;
2289
2290	usb_autopm_put_interface(intf: data->intf);
2291	}
2292
2293	static void btusb_rx_work(struct work_struct *work)
2294	{
2295	struct btusb_data *data = container_of(work, struct btusb_data,
2296	rx_work.work);
2297	struct sk_buff *skb;
2298
2299	/* Dequeue ACL data received during the interval */
2300	while ((skb = skb_dequeue(list: &data->acl_q)))
2301	data->recv_acl(data->hdev, skb);
2302	}
2303
2304	static int btusb_setup_bcm92035(struct hci_dev *hdev)
2305	{
2306	struct sk_buff *skb;
2307	u8 val = 0x00;
2308
2309	BT_DBG("%s", hdev->name);
2310
2311	skb = __hci_cmd_sync(hdev, opcode: 0xfc3b, plen: 1, param: &val, HCI_INIT_TIMEOUT);
2312	if (IS_ERR(ptr: skb))
2313	bt_dev_err(hdev, "BCM92035 command failed (%ld)", PTR_ERR(skb));
2314	else
2315	kfree_skb(skb);
2316
2317	return 0;
2318	}
2319
2320	static int btusb_setup_csr(struct hci_dev *hdev)
2321	{
2322	struct btusb_data *data = hci_get_drvdata(hdev);
2323	u16 bcdDevice = le16_to_cpu(data->udev->descriptor.bcdDevice);
2324	struct hci_rp_read_local_version *rp;
2325	struct sk_buff *skb;
2326	bool is_fake = false;
2327	int ret;
2328
2329	BT_DBG("%s", hdev->name);
2330
2331	skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, plen: 0, NULL,
2332	HCI_INIT_TIMEOUT);
2333	if (IS_ERR(ptr: skb)) {
2334	int err = PTR_ERR(ptr: skb);
2335	bt_dev_err(hdev, "CSR: Local version failed (%d)", err);
2336	return err;
2337	}
2338
2339	rp = skb_pull_data(skb, len: sizeof(*rp));
2340	if (!rp) {
2341	bt_dev_err(hdev, "CSR: Local version length mismatch");
2342	kfree_skb(skb);
2343	return -EIO;
2344	}
2345
2346	bt_dev_info(hdev, "CSR: Setting up dongle with HCI ver=%u rev=%04x",
2347	rp->hci_ver, le16_to_cpu(rp->hci_rev));
2348
2349	bt_dev_info(hdev, "LMP ver=%u subver=%04x; manufacturer=%u",
2350	rp->lmp_ver, le16_to_cpu(rp->lmp_subver),
2351	le16_to_cpu(rp->manufacturer));
2352
2353	/* Detect a wide host of Chinese controllers that aren't CSR.
2354	*
2355	* Known fake bcdDevices: 0x0100, 0x0134, 0x1915, 0x2520, 0x7558, 0x8891
2356	*
2357	* The main thing they have in common is that these are really popular low-cost
2358	* options that support newer Bluetooth versions but rely on heavy VID/PID
2359	* squatting of this poor old Bluetooth 1.1 device. Even sold as such.
2360	*
2361	* We detect actual CSR devices by checking that the HCI manufacturer code
2362	* is Cambridge Silicon Radio (10) and ensuring that LMP sub-version and
2363	* HCI rev values always match. As they both store the firmware number.
2364	*/
2365	if (le16_to_cpu(rp->manufacturer) != 10 ||
2366	le16_to_cpu(rp->hci_rev) != le16_to_cpu(rp->lmp_subver))
2367	is_fake = true;
2368
2369	/* Known legit CSR firmware build numbers and their supported BT versions:
2370	* - 1.1 (0x1) -> 0x0073, 0x020d, 0x033c, 0x034e
2371	* - 1.2 (0x2) -> 0x04d9, 0x0529
2372	* - 2.0 (0x3) -> 0x07a6, 0x07ad, 0x0c5c
2373	* - 2.1 (0x4) -> 0x149c, 0x1735, 0x1899 (0x1899 is a BlueCore4-External)
2374	* - 4.0 (0x6) -> 0x1d86, 0x2031, 0x22bb
2375	*
2376	* e.g. Real CSR dongles with LMP subversion 0x73 are old enough that
2377	* support BT 1.1 only; so it's a dead giveaway when some
2378	* third-party BT 4.0 dongle reuses it.
2379	*/
2380	else if (le16_to_cpu(rp->lmp_subver) <= 0x034e &&
2381	rp->hci_ver > BLUETOOTH_VER_1_1)
2382	is_fake = true;
2383
2384	else if (le16_to_cpu(rp->lmp_subver) <= 0x0529 &&
2385	rp->hci_ver > BLUETOOTH_VER_1_2)
2386	is_fake = true;
2387
2388	else if (le16_to_cpu(rp->lmp_subver) <= 0x0c5c &&
2389	rp->hci_ver > BLUETOOTH_VER_2_0)
2390	is_fake = true;
2391
2392	else if (le16_to_cpu(rp->lmp_subver) <= 0x1899 &&
2393	rp->hci_ver > BLUETOOTH_VER_2_1)
2394	is_fake = true;
2395
2396	else if (le16_to_cpu(rp->lmp_subver) <= 0x22bb &&
2397	rp->hci_ver > BLUETOOTH_VER_4_0)
2398	is_fake = true;
2399
2400	/* Other clones which beat all the above checks */
2401	else if (bcdDevice == 0x0134 &&
2402	le16_to_cpu(rp->lmp_subver) == 0x0c5c &&
2403	rp->hci_ver == BLUETOOTH_VER_2_0)
2404	is_fake = true;
2405
2406	if (is_fake) {
2407	bt_dev_warn(hdev, "CSR: Unbranded CSR clone detected; adding workarounds and force-suspending once...");
2408
2409	/* Generally these clones have big discrepancies between
2410	* advertised features and what's actually supported.
2411	* Probably will need to be expanded in the future;
2412	* without these the controller will lock up.
2413	*/
2414	set_bit(nr: HCI_QUIRK_BROKEN_STORED_LINK_KEY, addr: &hdev->quirks);
2415	set_bit(nr: HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, addr: &hdev->quirks);
2416	set_bit(nr: HCI_QUIRK_BROKEN_FILTER_CLEAR_ALL, addr: &hdev->quirks);
2417	set_bit(nr: HCI_QUIRK_NO_SUSPEND_NOTIFIER, addr: &hdev->quirks);
2418
2419	/* Clear the reset quirk since this is not an actual
2420	* early Bluetooth 1.1 device from CSR.
2421	*/
2422	clear_bit(nr: HCI_QUIRK_RESET_ON_CLOSE, addr: &hdev->quirks);
2423	clear_bit(nr: HCI_QUIRK_SIMULTANEOUS_DISCOVERY, addr: &hdev->quirks);
2424
2425	/*
2426	* Special workaround for these BT 4.0 chip clones, and potentially more:
2427	*
2428	* - 0x0134: a Barrot 8041a02 (HCI rev: 0x0810 sub: 0x1012)
2429	* - 0x7558: IC markings FR3191AHAL 749H15143 (HCI rev/sub-version: 0x0709)
2430	*
2431	* These controllers are really messed-up.
2432	*
2433	* 1. Their bulk RX endpoint will never report any data unless
2434	* the device was suspended at least once (yes, really).
2435	* 2. They will not wakeup when autosuspended and receiving data
2436	* on their bulk RX endpoint from e.g. a keyboard or mouse
2437	* (IOW remote-wakeup support is broken for the bulk endpoint).
2438	*
2439	* To fix 1. enable runtime-suspend, force-suspend the
2440	* HCI and then wake-it up by disabling runtime-suspend.
2441	*
2442	* To fix 2. clear the HCI's can_wake flag, this way the HCI
2443	* will still be autosuspended when it is not open.
2444	*
2445	* --
2446	*
2447	* Because these are widespread problems we prefer generic solutions; so
2448	* apply this initialization quirk to every controller that gets here,
2449	* it should be harmless. The alternative is to not work at all.
2450	*/
2451	pm_runtime_allow(dev: &data->udev->dev);
2452
2453	ret = pm_runtime_suspend(dev: &data->udev->dev);
2454	if (ret >= 0)
2455	msleep(msecs: 200);
2456	else
2457	bt_dev_warn(hdev, "CSR: Couldn't suspend the device for our Barrot 8041a02 receive-issue workaround");
2458
2459	pm_runtime_forbid(dev: &data->udev->dev);
2460
2461	device_set_wakeup_capable(dev: &data->udev->dev, capable: false);
2462
2463	/* Re-enable autosuspend if this was requested */
2464	if (enable_autosuspend)
2465	usb_enable_autosuspend(udev: data->udev);
2466	}
2467
2468	kfree_skb(skb);
2469
2470	return 0;
2471	}
2472
2473	static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
2474	{
2475	struct sk_buff *skb;
2476	struct hci_event_hdr *hdr;
2477	struct hci_ev_cmd_complete *evt;
2478
2479	skb = bt_skb_alloc(len: sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
2480	if (!skb)
2481	return -ENOMEM;
2482
2483	hdr = skb_put(skb, len: sizeof(*hdr));
2484	hdr->evt = HCI_EV_CMD_COMPLETE;
2485	hdr->plen = sizeof(*evt) + 1;
2486
2487	evt = skb_put(skb, len: sizeof(*evt));
2488	evt->ncmd = 0x01;
2489	evt->opcode = cpu_to_le16(opcode);
2490
2491	skb_put_u8(skb, val: 0x00);
2492
2493	hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
2494
2495	return hci_recv_frame(hdev, skb);
2496	}
2497
2498	static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer,
2499	int count)
2500	{
2501	struct hci_dev *hdev = data->hdev;
2502
2503	/* When the device is in bootloader mode, then it can send
2504	* events via the bulk endpoint. These events are treated the
2505	* same way as the ones received from the interrupt endpoint.
2506	*/
2507	if (btintel_test_flag(hdev, INTEL_BOOTLOADER))
2508	return btusb_recv_intr(data, buffer, count);
2509
2510	return btusb_recv_bulk(data, buffer, count);
2511	}
2512
2513	static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb)
2514	{
2515	struct urb *urb;
2516
2517	BT_DBG("%s", hdev->name);
2518
2519	switch (hci_skb_pkt_type(skb)) {
2520	case HCI_COMMAND_PKT:
2521	if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
2522	struct hci_command_hdr *cmd = (void *)skb->data;
2523	__u16 opcode = le16_to_cpu(cmd->opcode);
2524
2525	/* When in bootloader mode and the command 0xfc09
2526	* is received, it needs to be send down the
2527	* bulk endpoint. So allocate a bulk URB instead.
2528	*/
2529	if (opcode == 0xfc09)
2530	urb = alloc_bulk_urb(hdev, skb);
2531	else
2532	urb = alloc_ctrl_urb(hdev, skb);
2533
2534	/* When the 0xfc01 command is issued to boot into
2535	* the operational firmware, it will actually not
2536	* send a command complete event. To keep the flow
2537	* control working inject that event here.
2538	*/
2539	if (opcode == 0xfc01)
2540	inject_cmd_complete(hdev, opcode);
2541	} else {
2542	urb = alloc_ctrl_urb(hdev, skb);
2543	}
2544	if (IS_ERR(ptr: urb))
2545	return PTR_ERR(ptr: urb);
2546
2547	hdev->stat.cmd_tx++;
2548	return submit_or_queue_tx_urb(hdev, urb);
2549
2550	case HCI_ACLDATA_PKT:
2551	urb = alloc_bulk_urb(hdev, skb);
2552	if (IS_ERR(ptr: urb))
2553	return PTR_ERR(ptr: urb);
2554
2555	hdev->stat.acl_tx++;
2556	return submit_or_queue_tx_urb(hdev, urb);
2557
2558	case HCI_SCODATA_PKT:
2559	if (hci_conn_num(hdev, SCO_LINK) < 1)
2560	return -ENODEV;
2561
2562	urb = alloc_isoc_urb(hdev, skb);
2563	if (IS_ERR(ptr: urb))
2564	return PTR_ERR(ptr: urb);
2565
2566	hdev->stat.sco_tx++;
2567	return submit_tx_urb(hdev, urb);
2568
2569	case HCI_ISODATA_PKT:
2570	urb = alloc_bulk_urb(hdev, skb);
2571	if (IS_ERR(ptr: urb))
2572	return PTR_ERR(ptr: urb);
2573
2574	return submit_or_queue_tx_urb(hdev, urb);
2575	}
2576
2577	return -EILSEQ;
2578	}
2579
2580	static int btusb_setup_realtek(struct hci_dev *hdev)
2581	{
2582	struct btusb_data *data = hci_get_drvdata(hdev);
2583	int ret;
2584
2585	ret = btrtl_setup_realtek(hdev);
2586
2587	if (btrealtek_test_flag(data->hdev, REALTEK_ALT6_CONTINUOUS_TX_CHIP))
2588	set_bit(BTUSB_ALT6_CONTINUOUS_TX, addr: &data->flags);
2589
2590	return ret;
2591	}
2592
2593	static int btusb_recv_event_realtek(struct hci_dev *hdev, struct sk_buff *skb)
2594	{
2595	if (skb->data[0] == HCI_VENDOR_PKT && skb->data[2] == RTK_SUB_EVENT_CODE_COREDUMP) {
2596	struct rtk_dev_coredump_hdr hdr = {
2597	.code = RTK_DEVCOREDUMP_CODE_MEMDUMP,
2598	};
2599
2600	bt_dev_dbg(hdev, "RTL: received coredump vendor evt, len %u",
2601	skb->len);
2602
2603	btusb_rtl_alloc_devcoredump(hdev, hdr: &hdr, buf: skb->data, len: skb->len);
2604	kfree_skb(skb);
2605
2606	return 0;
2607	}
2608
2609	return hci_recv_frame(hdev, skb);
2610	}
2611
2612	/* UHW CR mapping */
2613	#define MTK_BT_MISC 0x70002510
2614	#define MTK_BT_SUBSYS_RST 0x70002610
2615	#define MTK_UDMA_INT_STA_BT 0x74000024
2616	#define MTK_UDMA_INT_STA_BT1 0x74000308
2617	#define MTK_BT_WDT_STATUS 0x740003A0
2618	#define MTK_EP_RST_OPT 0x74011890
2619	#define MTK_EP_RST_IN_OUT_OPT 0x00010001
2620	#define MTK_BT_RST_DONE 0x00000100
2621	#define MTK_BT_RESET_REG_CONNV3 0x70028610
2622	#define MTK_BT_READ_DEV_ID 0x70010200
2623
2624
2625	static void btusb_mtk_wmt_recv(struct urb *urb)
2626	{
2627	struct hci_dev *hdev = urb->context;
2628	struct btusb_data *data = hci_get_drvdata(hdev);
2629	struct sk_buff *skb;
2630	int err;
2631
2632	if (urb->status == 0 && urb->actual_length > 0) {
2633	hdev->stat.byte_rx += urb->actual_length;
2634
2635	/* WMT event shouldn't be fragmented and the size should be
2636	* less than HCI_WMT_MAX_EVENT_SIZE.
2637	*/
2638	skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC);
2639	if (!skb) {
2640	hdev->stat.err_rx++;
2641	kfree(objp: urb->setup_packet);
2642	return;
2643	}
2644
2645	hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
2646	skb_put_data(skb, data: urb->transfer_buffer, len: urb->actual_length);
2647
2648	/* When someone waits for the WMT event, the skb is being cloned
2649	* and being processed the events from there then.
2650	*/
2651	if (test_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags)) {
2652	data->evt_skb = skb_clone(skb, GFP_ATOMIC);
2653	if (!data->evt_skb) {
2654	kfree_skb(skb);
2655	kfree(objp: urb->setup_packet);
2656	return;
2657	}
2658	}
2659
2660	err = hci_recv_frame(hdev, skb);
2661	if (err < 0) {
2662	kfree_skb(skb: data->evt_skb);
2663	data->evt_skb = NULL;
2664	kfree(objp: urb->setup_packet);
2665	return;
2666	}
2667
2668	if (test_and_clear_bit(BTUSB_TX_WAIT_VND_EVT,
2669	addr: &data->flags)) {
2670	/* Barrier to sync with other CPUs */
2671	smp_mb__after_atomic();
2672	wake_up_bit(word: &data->flags,
2673	BTUSB_TX_WAIT_VND_EVT);
2674	}
2675	kfree(objp: urb->setup_packet);
2676	return;
2677	} else if (urb->status == -ENOENT) {
2678	/* Avoid suspend failed when usb_kill_urb */
2679	return;
2680	}
2681
2682	usb_mark_last_busy(udev: data->udev);
2683
2684	/* The URB complete handler is still called with urb->actual_length = 0
2685	* when the event is not available, so we should keep re-submitting
2686	* URB until WMT event returns, Also, It's necessary to wait some time
2687	* between the two consecutive control URBs to relax the target device
2688	* to generate the event. Otherwise, the WMT event cannot return from
2689	* the device successfully.
2690	*/
2691	udelay(500);
2692
2693	usb_anchor_urb(urb, anchor: &data->ctrl_anchor);
2694	err = usb_submit_urb(urb, GFP_ATOMIC);
2695	if (err < 0) {
2696	kfree(objp: urb->setup_packet);
2697	/* -EPERM: urb is being killed;
2698	* -ENODEV: device got disconnected
2699	*/
2700	if (err != -EPERM && err != -ENODEV)
2701	bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
2702	urb, -err);
2703	usb_unanchor_urb(urb);
2704	}
2705	}
2706
2707	static int btusb_mtk_submit_wmt_recv_urb(struct hci_dev *hdev)
2708	{
2709	struct btusb_data *data = hci_get_drvdata(hdev);
2710	struct usb_ctrlrequest *dr;
2711	unsigned char *buf;
2712	int err, size = 64;
2713	unsigned int pipe;
2714	struct urb *urb;
2715
2716	urb = usb_alloc_urb(iso_packets: 0, GFP_KERNEL);
2717	if (!urb)
2718	return -ENOMEM;
2719
2720	dr = kmalloc(size: sizeof(*dr), GFP_KERNEL);
2721	if (!dr) {
2722	usb_free_urb(urb);
2723	return -ENOMEM;
2724	}
2725
2726	dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN;
2727	dr->bRequest = 1;
2728	dr->wIndex = cpu_to_le16(0);
2729	dr->wValue = cpu_to_le16(48);
2730	dr->wLength = cpu_to_le16(size);
2731
2732	buf = kmalloc(size, GFP_KERNEL);
2733	if (!buf) {
2734	kfree(objp: dr);
2735	usb_free_urb(urb);
2736	return -ENOMEM;
2737	}
2738
2739	pipe = usb_rcvctrlpipe(data->udev, 0);
2740
2741	usb_fill_control_urb(urb, dev: data->udev, pipe, setup_packet: (void *)dr,
2742	transfer_buffer: buf, buffer_length: size, complete_fn: btusb_mtk_wmt_recv, context: hdev);
2743
2744	urb->transfer_flags |= URB_FREE_BUFFER;
2745
2746	usb_anchor_urb(urb, anchor: &data->ctrl_anchor);
2747	err = usb_submit_urb(urb, GFP_KERNEL);
2748	if (err < 0) {
2749	if (err != -EPERM && err != -ENODEV)
2750	bt_dev_err(hdev, "urb %p submission failed (%d)",
2751	urb, -err);
2752	usb_unanchor_urb(urb);
2753	}
2754
2755	usb_free_urb(urb);
2756
2757	return err;
2758	}
2759
2760	static int btusb_mtk_hci_wmt_sync(struct hci_dev *hdev,
2761	struct btmtk_hci_wmt_params *wmt_params)
2762	{
2763	struct btusb_data *data = hci_get_drvdata(hdev);
2764	struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc;
2765	u32 hlen, status = BTMTK_WMT_INVALID;
2766	struct btmtk_hci_wmt_evt *wmt_evt;
2767	struct btmtk_hci_wmt_cmd *wc;
2768	struct btmtk_wmt_hdr *hdr;
2769	int err;
2770
2771	/* Send the WMT command and wait until the WMT event returns */
2772	hlen = sizeof(*hdr) + wmt_params->dlen;
2773	if (hlen > 255)
2774	return -EINVAL;
2775
2776	wc = kzalloc(size: hlen, GFP_KERNEL);
2777	if (!wc)
2778	return -ENOMEM;
2779
2780	hdr = &wc->hdr;
2781	hdr->dir = 1;
2782	hdr->op = wmt_params->op;
2783	hdr->dlen = cpu_to_le16(wmt_params->dlen + 1);
2784	hdr->flag = wmt_params->flag;
2785	memcpy(wc->data, wmt_params->data, wmt_params->dlen);
2786
2787	set_bit(BTUSB_TX_WAIT_VND_EVT, addr: &data->flags);
2788
2789	/* WMT cmd/event doesn't follow up the generic HCI cmd/event handling,
2790	* it needs constantly polling control pipe until the host received the
2791	* WMT event, thus, we should require to specifically acquire PM counter
2792	* on the USB to prevent the interface from entering auto suspended
2793	* while WMT cmd/event in progress.
2794	*/
2795	err = usb_autopm_get_interface(intf: data->intf);
2796	if (err < 0)
2797	goto err_free_wc;
2798
2799	err = __hci_cmd_send(hdev, opcode: 0xfc6f, plen: hlen, param: wc);
2800
2801	if (err < 0) {
2802	clear_bit(BTUSB_TX_WAIT_VND_EVT, addr: &data->flags);
2803	usb_autopm_put_interface(intf: data->intf);
2804	goto err_free_wc;
2805	}
2806
2807	/* Submit control IN URB on demand to process the WMT event */
2808	err = btusb_mtk_submit_wmt_recv_urb(hdev);
2809
2810	usb_autopm_put_interface(intf: data->intf);
2811
2812	if (err < 0)
2813	goto err_free_wc;
2814
2815	/* The vendor specific WMT commands are all answered by a vendor
2816	* specific event and will have the Command Status or Command
2817	* Complete as with usual HCI command flow control.
2818	*
2819	* After sending the command, wait for BTUSB_TX_WAIT_VND_EVT
2820	* state to be cleared. The driver specific event receive routine
2821	* will clear that state and with that indicate completion of the
2822	* WMT command.
2823	*/
2824	err = wait_on_bit_timeout(word: &data->flags, BTUSB_TX_WAIT_VND_EVT,
2825	TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT);
2826	if (err == -EINTR) {
2827	bt_dev_err(hdev, "Execution of wmt command interrupted");
2828	clear_bit(BTUSB_TX_WAIT_VND_EVT, addr: &data->flags);
2829	goto err_free_wc;
2830	}
2831
2832	if (err) {
2833	bt_dev_err(hdev, "Execution of wmt command timed out");
2834	clear_bit(BTUSB_TX_WAIT_VND_EVT, addr: &data->flags);
2835	err = -ETIMEDOUT;
2836	goto err_free_wc;
2837	}
2838
2839	if (data->evt_skb == NULL)
2840	goto err_free_wc;
2841
2842	/* Parse and handle the return WMT event */
2843	wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data;
2844	if (wmt_evt->whdr.op != hdr->op) {
2845	bt_dev_err(hdev, "Wrong op received %d expected %d",
2846	wmt_evt->whdr.op, hdr->op);
2847	err = -EIO;
2848	goto err_free_skb;
2849	}
2850
2851	switch (wmt_evt->whdr.op) {
2852	case BTMTK_WMT_SEMAPHORE:
2853	if (wmt_evt->whdr.flag == 2)
2854	status = BTMTK_WMT_PATCH_UNDONE;
2855	else
2856	status = BTMTK_WMT_PATCH_DONE;
2857	break;
2858	case BTMTK_WMT_FUNC_CTRL:
2859	wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt;
2860	if (be16_to_cpu(wmt_evt_funcc->status) == 0x404)
2861	status = BTMTK_WMT_ON_DONE;
2862	else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420)
2863	status = BTMTK_WMT_ON_PROGRESS;
2864	else
2865	status = BTMTK_WMT_ON_UNDONE;
2866	break;
2867	case BTMTK_WMT_PATCH_DWNLD:
2868	if (wmt_evt->whdr.flag == 2)
2869	status = BTMTK_WMT_PATCH_DONE;
2870	else if (wmt_evt->whdr.flag == 1)
2871	status = BTMTK_WMT_PATCH_PROGRESS;
2872	else
2873	status = BTMTK_WMT_PATCH_UNDONE;
2874	break;
2875	}
2876
2877	if (wmt_params->status)
2878	*wmt_params->status = status;
2879
2880	err_free_skb:
2881	kfree_skb(skb: data->evt_skb);
2882	data->evt_skb = NULL;
2883	err_free_wc:
2884	kfree(objp: wc);
2885	return err;
2886	}
2887
2888	static int btusb_mtk_func_query(struct hci_dev *hdev)
2889	{
2890	struct btmtk_hci_wmt_params wmt_params;
2891	int status, err;
2892	u8 param = 0;
2893
2894	/* Query whether the function is enabled */
2895	wmt_params.op = BTMTK_WMT_FUNC_CTRL;
2896	wmt_params.flag = 4;
2897	wmt_params.dlen = sizeof(param);
2898	wmt_params.data = &param;
2899	wmt_params.status = &status;
2900
2901	err = btusb_mtk_hci_wmt_sync(hdev, wmt_params: &wmt_params);
2902	if (err < 0) {
2903	bt_dev_err(hdev, "Failed to query function status (%d)", err);
2904	return err;
2905	}
2906
2907	return status;
2908	}
2909
2910	static int btusb_mtk_uhw_reg_write(struct btusb_data *data, u32 reg, u32 val)
2911	{
2912	struct hci_dev *hdev = data->hdev;
2913	int pipe, err;
2914	void *buf;
2915
2916	buf = kzalloc(size: 4, GFP_KERNEL);
2917	if (!buf)
2918	return -ENOMEM;
2919
2920	put_unaligned_le32(val, p: buf);
2921
2922	pipe = usb_sndctrlpipe(data->udev, 0);
2923	err = usb_control_msg(dev: data->udev, pipe, request: 0x02,
2924	requesttype: 0x5E,
2925	value: reg >> 16, index: reg & 0xffff,
2926	data: buf, size: 4, USB_CTRL_SET_TIMEOUT);
2927	if (err < 0) {
2928	bt_dev_err(hdev, "Failed to write uhw reg(%d)", err);
2929	goto err_free_buf;
2930	}
2931
2932	err_free_buf:
2933	kfree(objp: buf);
2934
2935	return err;
2936	}
2937
2938	static int btusb_mtk_uhw_reg_read(struct btusb_data *data, u32 reg, u32 *val)
2939	{
2940	struct hci_dev *hdev = data->hdev;
2941	int pipe, err;
2942	void *buf;
2943
2944	buf = kzalloc(size: 4, GFP_KERNEL);
2945	if (!buf)
2946	return -ENOMEM;
2947
2948	pipe = usb_rcvctrlpipe(data->udev, 0);
2949	err = usb_control_msg(dev: data->udev, pipe, request: 0x01,
2950	requesttype: 0xDE,
2951	value: reg >> 16, index: reg & 0xffff,
2952	data: buf, size: 4, USB_CTRL_SET_TIMEOUT);
2953	if (err < 0) {
2954	bt_dev_err(hdev, "Failed to read uhw reg(%d)", err);
2955	goto err_free_buf;
2956	}
2957
2958	*val = get_unaligned_le32(p: buf);
2959	bt_dev_dbg(hdev, "reg=%x, value=0x%08x", reg, *val);
2960
2961	err_free_buf:
2962	kfree(objp: buf);
2963
2964	return err;
2965	}
2966
2967	static int btusb_mtk_reg_read(struct btusb_data *data, u32 reg, u32 *val)
2968	{
2969	int pipe, err, size = sizeof(u32);
2970	void *buf;
2971
2972	buf = kzalloc(size, GFP_KERNEL);
2973	if (!buf)
2974	return -ENOMEM;
2975
2976	pipe = usb_rcvctrlpipe(data->udev, 0);
2977	err = usb_control_msg(dev: data->udev, pipe, request: 0x63,
2978	USB_TYPE_VENDOR | USB_DIR_IN,
2979	value: reg >> 16, index: reg & 0xffff,
2980	data: buf, size, USB_CTRL_SET_TIMEOUT);
2981	if (err < 0)
2982	goto err_free_buf;
2983
2984	*val = get_unaligned_le32(p: buf);
2985
2986	err_free_buf:
2987	kfree(objp: buf);
2988
2989	return err;
2990	}
2991
2992	static int btusb_mtk_id_get(struct btusb_data *data, u32 reg, u32 *id)
2993	{
2994	return btusb_mtk_reg_read(data, reg, val: id);
2995	}
2996
2997	static u32 btusb_mtk_reset_done(struct hci_dev *hdev)
2998	{
2999	struct btusb_data *data = hci_get_drvdata(hdev);
3000	u32 val = 0;
3001
3002	btusb_mtk_uhw_reg_read(data, MTK_BT_MISC, val: &val);
3003
3004	return val & MTK_BT_RST_DONE;
3005	}
3006
3007	static int btusb_mtk_reset(struct hci_dev *hdev, void *rst_data)
3008	{
3009	struct btusb_data *data = hci_get_drvdata(hdev);
3010	struct btmediatek_data *mediatek;
3011	u32 val;
3012	int err;
3013
3014	/* It's MediaTek specific bluetooth reset mechanism via USB */
3015	if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, addr: &data->flags)) {
3016	bt_dev_err(hdev, "last reset failed? Not resetting again");
3017	return -EBUSY;
3018	}
3019
3020	err = usb_autopm_get_interface(intf: data->intf);
3021	if (err < 0)
3022	return err;
3023
3024	btusb_stop_traffic(data);
3025	usb_kill_anchored_urbs(anchor: &data->tx_anchor);
3026	mediatek = hci_get_priv(hdev);
3027
3028	if (mediatek->dev_id == 0x7925) {
3029	btusb_mtk_uhw_reg_read(data, MTK_BT_RESET_REG_CONNV3, val: &val);
3030	val |= (1 << 5);
3031	btusb_mtk_uhw_reg_write(data, MTK_BT_RESET_REG_CONNV3, val);
3032	btusb_mtk_uhw_reg_read(data, MTK_BT_RESET_REG_CONNV3, val: &val);
3033	val &= 0xFFFF00FF;
3034	val |= (1 << 13);
3035	btusb_mtk_uhw_reg_write(data, MTK_BT_RESET_REG_CONNV3, val);
3036	btusb_mtk_uhw_reg_write(data, MTK_EP_RST_OPT, val: 0x00010001);
3037	btusb_mtk_uhw_reg_read(data, MTK_BT_RESET_REG_CONNV3, val: &val);
3038	val |= (1 << 0);
3039	btusb_mtk_uhw_reg_write(data, MTK_BT_RESET_REG_CONNV3, val);
3040	btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT, val: 0x000000FF);
3041	btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT, val: &val);
3042	btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT1, val: 0x000000FF);
3043	btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT1, val: &val);
3044	msleep(msecs: 100);
3045	} else {
3046	/* It's Device EndPoint Reset Option Register */
3047	bt_dev_dbg(hdev, "Initiating reset mechanism via uhw");
3048	btusb_mtk_uhw_reg_write(data, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT);
3049	btusb_mtk_uhw_reg_read(data, MTK_BT_WDT_STATUS, val: &val);
3050
3051	/* Reset the bluetooth chip via USB interface. */
3052	btusb_mtk_uhw_reg_write(data, MTK_BT_SUBSYS_RST, val: 1);
3053	btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT, val: 0x000000FF);
3054	btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT, val: &val);
3055	btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT1, val: 0x000000FF);
3056	btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT1, val: &val);
3057	/* MT7921 need to delay 20ms between toggle reset bit */
3058	msleep(msecs: 20);
3059	btusb_mtk_uhw_reg_write(data, MTK_BT_SUBSYS_RST, val: 0);
3060	btusb_mtk_uhw_reg_read(data, MTK_BT_SUBSYS_RST, val: &val);
3061	}
3062
3063	err = readx_poll_timeout(btusb_mtk_reset_done, hdev, val,
3064	val & MTK_BT_RST_DONE, 20000, 1000000);
3065	if (err < 0)
3066	bt_dev_err(hdev, "Reset timeout");
3067
3068	btusb_mtk_id_get(data, reg: 0x70010200, id: &val);
3069	if (!val)
3070	bt_dev_err(hdev, "Can't get device id, subsys reset fail.");
3071
3072	usb_queue_reset_device(dev: data->intf);
3073
3074	clear_bit(BTUSB_HW_RESET_ACTIVE, addr: &data->flags);
3075
3076	return err;
3077	}
3078
3079	static int btusb_mtk_setup(struct hci_dev *hdev)
3080	{
3081	struct btusb_data *data = hci_get_drvdata(hdev);
3082	struct btmtk_hci_wmt_params wmt_params;
3083	ktime_t calltime, delta, rettime;
3084	struct btmtk_tci_sleep tci_sleep;
3085	unsigned long long duration;
3086	struct sk_buff *skb;
3087	const char *fwname;
3088	int err, status;
3089	u32 dev_id = 0;
3090	char fw_bin_name[64];
3091	u32 fw_version = 0, fw_flavor = 0;
3092	u8 param;
3093	struct btmediatek_data *mediatek;
3094
3095	calltime = ktime_get();
3096
3097	err = btusb_mtk_id_get(data, reg: 0x80000008, id: &dev_id);
3098	if (err < 0) {
3099	bt_dev_err(hdev, "Failed to get device id (%d)", err);
3100	return err;
3101	}
3102
3103	if (!dev_id || dev_id != 0x7663) {
3104	err = btusb_mtk_id_get(data, reg: 0x70010200, id: &dev_id);
3105	if (err < 0) {
3106	bt_dev_err(hdev, "Failed to get device id (%d)", err);
3107	return err;
3108	}
3109	err = btusb_mtk_id_get(data, reg: 0x80021004, id: &fw_version);
3110	if (err < 0) {
3111	bt_dev_err(hdev, "Failed to get fw version (%d)", err);
3112	return err;
3113	}
3114	err = btusb_mtk_id_get(data, reg: 0x70010020, id: &fw_flavor);
3115	if (err < 0) {
3116	bt_dev_err(hdev, "Failed to get fw flavor (%d)", err);
3117	return err;
3118	}
3119	}
3120
3121	mediatek = hci_get_priv(hdev);
3122	mediatek->dev_id = dev_id;
3123	mediatek->reset_sync = btusb_mtk_reset;
3124
3125	err = btmtk_register_coredump(hdev, name: btusb_driver.name, fw_version);
3126	if (err < 0)
3127	bt_dev_err(hdev, "Failed to register coredump (%d)", err);
3128
3129	switch (dev_id) {
3130	case 0x7663:
3131	fwname = FIRMWARE_MT7663;
3132	break;
3133	case 0x7668:
3134	fwname = FIRMWARE_MT7668;
3135	break;
3136	case 0x7922:
3137	case 0x7961:
3138	case 0x7925:
3139	if (dev_id == 0x7925)
3140	snprintf(buf: fw_bin_name, size: sizeof(fw_bin_name),
3141	fmt: "mediatek/mt%04x/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
3142	dev_id & 0xffff, dev_id & 0xffff, (fw_version & 0xff) + 1);
3143	else if (dev_id == 0x7961 && fw_flavor)
3144	snprintf(buf: fw_bin_name, size: sizeof(fw_bin_name),
3145	fmt: "mediatek/BT_RAM_CODE_MT%04x_1a_%x_hdr.bin",
3146	dev_id & 0xffff, (fw_version & 0xff) + 1);
3147	else
3148	snprintf(buf: fw_bin_name, size: sizeof(fw_bin_name),
3149	fmt: "mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
3150	dev_id & 0xffff, (fw_version & 0xff) + 1);
3151
3152	err = btmtk_setup_firmware_79xx(hdev, fwname: fw_bin_name,
3153	wmt_cmd_sync: btusb_mtk_hci_wmt_sync);
3154	if (err < 0) {
3155	bt_dev_err(hdev, "Failed to set up firmware (%d)", err);
3156	return err;
3157	}
3158
3159	/* It's Device EndPoint Reset Option Register */
3160	btusb_mtk_uhw_reg_write(data, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT);
3161
3162	/* Enable Bluetooth protocol */
3163	param = 1;
3164	wmt_params.op = BTMTK_WMT_FUNC_CTRL;
3165	wmt_params.flag = 0;
3166	wmt_params.dlen = sizeof(param);
3167	wmt_params.data = &param;
3168	wmt_params.status = NULL;
3169
3170	err = btusb_mtk_hci_wmt_sync(hdev, wmt_params: &wmt_params);
3171	if (err < 0) {
3172	bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
3173	return err;
3174	}
3175
3176	hci_set_msft_opcode(hdev, opcode: 0xFD30);
3177	hci_set_aosp_capable(hdev);
3178	goto done;
3179	default:
3180	bt_dev_err(hdev, "Unsupported hardware variant (%08x)",
3181	dev_id);
3182	return -ENODEV;
3183	}
3184
3185	/* Query whether the firmware is already download */
3186	wmt_params.op = BTMTK_WMT_SEMAPHORE;
3187	wmt_params.flag = 1;
3188	wmt_params.dlen = 0;
3189	wmt_params.data = NULL;
3190	wmt_params.status = &status;
3191
3192	err = btusb_mtk_hci_wmt_sync(hdev, wmt_params: &wmt_params);
3193	if (err < 0) {
3194	bt_dev_err(hdev, "Failed to query firmware status (%d)", err);
3195	return err;
3196	}
3197
3198	if (status == BTMTK_WMT_PATCH_DONE) {
3199	bt_dev_info(hdev, "firmware already downloaded");
3200	goto ignore_setup_fw;
3201	}
3202
3203	/* Setup a firmware which the device definitely requires */
3204	err = btmtk_setup_firmware(hdev, fwname,
3205	wmt_cmd_sync: btusb_mtk_hci_wmt_sync);
3206	if (err < 0)
3207	return err;
3208
3209	ignore_setup_fw:
3210	err = readx_poll_timeout(btusb_mtk_func_query, hdev, status,
3211	status < 0 || status != BTMTK_WMT_ON_PROGRESS,
3212	2000, 5000000);
3213	/* -ETIMEDOUT happens */
3214	if (err < 0)
3215	return err;
3216
3217	/* The other errors happen in btusb_mtk_func_query */
3218	if (status < 0)
3219	return status;
3220
3221	if (status == BTMTK_WMT_ON_DONE) {
3222	bt_dev_info(hdev, "function already on");
3223	goto ignore_func_on;
3224	}
3225
3226	/* Enable Bluetooth protocol */
3227	param = 1;
3228	wmt_params.op = BTMTK_WMT_FUNC_CTRL;
3229	wmt_params.flag = 0;
3230	wmt_params.dlen = sizeof(param);
3231	wmt_params.data = &param;
3232	wmt_params.status = NULL;
3233
3234	err = btusb_mtk_hci_wmt_sync(hdev, wmt_params: &wmt_params);
3235	if (err < 0) {
3236	bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
3237	return err;
3238	}
3239
3240	ignore_func_on:
3241	/* Apply the low power environment setup */
3242	tci_sleep.mode = 0x5;
3243	tci_sleep.duration = cpu_to_le16(0x640);
3244	tci_sleep.host_duration = cpu_to_le16(0x640);
3245	tci_sleep.host_wakeup_pin = 0;
3246	tci_sleep.time_compensation = 0;
3247
3248	skb = __hci_cmd_sync(hdev, opcode: 0xfc7a, plen: sizeof(tci_sleep), param: &tci_sleep,
3249	HCI_INIT_TIMEOUT);
3250	if (IS_ERR(ptr: skb)) {
3251	err = PTR_ERR(ptr: skb);
3252	bt_dev_err(hdev, "Failed to apply low power setting (%d)", err);
3253	return err;
3254	}
3255	kfree_skb(skb);
3256
3257	done:
3258	rettime = ktime_get();
3259	delta = ktime_sub(rettime, calltime);
3260	duration = (unsigned long long)ktime_to_ns(kt: delta) >> 10;
3261
3262	bt_dev_info(hdev, "Device setup in %llu usecs", duration);
3263
3264	return 0;
3265	}
3266
3267	static int btusb_mtk_shutdown(struct hci_dev *hdev)
3268	{
3269	struct btmtk_hci_wmt_params wmt_params;
3270	u8 param = 0;
3271	int err;
3272
3273	/* Disable the device */
3274	wmt_params.op = BTMTK_WMT_FUNC_CTRL;
3275	wmt_params.flag = 0;
3276	wmt_params.dlen = sizeof(param);
3277	wmt_params.data = &param;
3278	wmt_params.status = NULL;
3279
3280	err = btusb_mtk_hci_wmt_sync(hdev, wmt_params: &wmt_params);
3281	if (err < 0) {
3282	bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
3283	return err;
3284	}
3285
3286	return 0;
3287	}
3288
3289	static int btusb_recv_acl_mtk(struct hci_dev *hdev, struct sk_buff *skb)
3290	{
3291	struct btusb_data *data = hci_get_drvdata(hdev);
3292	u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle);
3293
3294	switch (handle) {
3295	case 0xfc6f: /* Firmware dump from device */
3296	/* When the firmware hangs, the device can no longer
3297	* suspend and thus disable auto-suspend.
3298	*/
3299	usb_disable_autosuspend(udev: data->udev);
3300
3301	/* We need to forward the diagnostic packet to userspace daemon
3302	* for backward compatibility, so we have to clone the packet
3303	* extraly for the in-kernel coredump support.
3304	*/
3305	if (IS_ENABLED(CONFIG_DEV_COREDUMP)) {
3306	struct sk_buff *skb_cd = skb_clone(skb, GFP_ATOMIC);
3307
3308	if (skb_cd)
3309	btmtk_process_coredump(hdev, skb: skb_cd);
3310	}
3311
3312	fallthrough;
3313	case 0x05ff: /* Firmware debug logging 1 */
3314	case 0x05fe: /* Firmware debug logging 2 */
3315	return hci_recv_diag(hdev, skb);
3316	}
3317
3318	return hci_recv_frame(hdev, skb);
3319	}
3320
3321	#ifdef CONFIG_PM
3322	/* Configure an out-of-band gpio as wake-up pin, if specified in device tree */
3323	static int marvell_config_oob_wake(struct hci_dev *hdev)
3324	{
3325	struct sk_buff *skb;
3326	struct btusb_data *data = hci_get_drvdata(hdev);
3327	struct device *dev = &data->udev->dev;
3328	u16 pin, gap, opcode;
3329	int ret;
3330	u8 cmd[5];
3331
3332	/* Move on if no wakeup pin specified */
3333	if (of_property_read_u16(np: dev->of_node, propname: "marvell,wakeup-pin", out_value: &pin) ||
3334	of_property_read_u16(np: dev->of_node, propname: "marvell,wakeup-gap-ms", out_value: &gap))
3335	return 0;
3336
3337	/* Vendor specific command to configure a GPIO as wake-up pin */
3338	opcode = hci_opcode_pack(0x3F, 0x59);
3339	cmd[0] = opcode & 0xFF;
3340	cmd[1] = opcode >> 8;
3341	cmd[2] = 2; /* length of parameters that follow */
3342	cmd[3] = pin;
3343	cmd[4] = gap; /* time in ms, for which wakeup pin should be asserted */
3344
3345	skb = bt_skb_alloc(len: sizeof(cmd), GFP_KERNEL);
3346	if (!skb) {
3347	bt_dev_err(hdev, "%s: No memory", __func__);
3348	return -ENOMEM;
3349	}
3350
3351	skb_put_data(skb, data: cmd, len: sizeof(cmd));
3352	hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
3353
3354	ret = btusb_send_frame(hdev, skb);
3355	if (ret) {
3356	bt_dev_err(hdev, "%s: configuration failed", __func__);
3357	kfree_skb(skb);
3358	return ret;
3359	}
3360
3361	return 0;
3362	}
3363	#endif
3364
3365	static int btusb_set_bdaddr_marvell(struct hci_dev *hdev,
3366	const bdaddr_t *bdaddr)
3367	{
3368	struct sk_buff *skb;
3369	u8 buf[8];
3370	long ret;
3371
3372	buf[0] = 0xfe;
3373	buf[1] = sizeof(bdaddr_t);
3374	memcpy(buf + 2, bdaddr, sizeof(bdaddr_t));
3375
3376	skb = __hci_cmd_sync(hdev, opcode: 0xfc22, plen: sizeof(buf), param: buf, HCI_INIT_TIMEOUT);
3377	if (IS_ERR(ptr: skb)) {
3378	ret = PTR_ERR(ptr: skb);
3379	bt_dev_err(hdev, "changing Marvell device address failed (%ld)",
3380	ret);
3381	return ret;
3382	}
3383	kfree_skb(skb);
3384
3385	return 0;
3386	}
3387
3388	static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev,
3389	const bdaddr_t *bdaddr)
3390	{
3391	struct sk_buff *skb;
3392	u8 buf[10];
3393	long ret;
3394
3395	buf[0] = 0x01;
3396	buf[1] = 0x01;
3397	buf[2] = 0x00;
3398	buf[3] = sizeof(bdaddr_t);
3399	memcpy(buf + 4, bdaddr, sizeof(bdaddr_t));
3400
3401	skb = __hci_cmd_sync(hdev, opcode: 0xfc0b, plen: sizeof(buf), param: buf, HCI_INIT_TIMEOUT);
3402	if (IS_ERR(ptr: skb)) {
3403	ret = PTR_ERR(ptr: skb);
3404	bt_dev_err(hdev, "Change address command failed (%ld)", ret);
3405	return ret;
3406	}
3407	kfree_skb(skb);
3408
3409	return 0;
3410	}
3411
3412	static int btusb_set_bdaddr_wcn6855(struct hci_dev *hdev,
3413	const bdaddr_t *bdaddr)
3414	{
3415	struct sk_buff *skb;
3416	u8 buf[6];
3417	long ret;
3418
3419	memcpy(buf, bdaddr, sizeof(bdaddr_t));
3420
3421	skb = __hci_cmd_sync_ev(hdev, opcode: 0xfc14, plen: sizeof(buf), param: buf,
3422	HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
3423	if (IS_ERR(ptr: skb)) {
3424	ret = PTR_ERR(ptr: skb);
3425	bt_dev_err(hdev, "Change address command failed (%ld)", ret);
3426	return ret;
3427	}
3428	kfree_skb(skb);
3429
3430	return 0;
3431	}
3432
3433	#define QCA_MEMDUMP_ACL_HANDLE 0x2EDD
3434	#define QCA_MEMDUMP_SIZE_MAX 0x100000
3435	#define QCA_MEMDUMP_VSE_CLASS 0x01
3436	#define QCA_MEMDUMP_MSG_TYPE 0x08
3437	#define QCA_MEMDUMP_PKT_SIZE 248
3438	#define QCA_LAST_SEQUENCE_NUM 0xffff
3439
3440	struct qca_dump_hdr {
3441	u8 vse_class;
3442	u8 msg_type;
3443	__le16 seqno;
3444	u8 reserved;
3445	union {
3446	u8 data[0];
3447	struct {
3448	__le32 ram_dump_size;
3449	u8 data0[0];
3450	} __packed;
3451	};
3452	} __packed;
3453
3454
3455	static void btusb_dump_hdr_qca(struct hci_dev *hdev, struct sk_buff *skb)
3456	{
3457	char buf[128];
3458	struct btusb_data *btdata = hci_get_drvdata(hdev);
3459
3460	snprintf(buf, size: sizeof(buf), fmt: "Controller Name: 0x%x\n",
3461	btdata->qca_dump.controller_id);
3462	skb_put_data(skb, data: buf, strlen(buf));
3463
3464	snprintf(buf, size: sizeof(buf), fmt: "Firmware Version: 0x%x\n",
3465	btdata->qca_dump.fw_version);
3466	skb_put_data(skb, data: buf, strlen(buf));
3467
3468	snprintf(buf, size: sizeof(buf), fmt: "Driver: %s\nVendor: qca\n",
3469	btusb_driver.name);
3470	skb_put_data(skb, data: buf, strlen(buf));
3471
3472	snprintf(buf, size: sizeof(buf), fmt: "VID: 0x%x\nPID:0x%x\n",
3473	btdata->qca_dump.id_vendor, btdata->qca_dump.id_product);
3474	skb_put_data(skb, data: buf, strlen(buf));
3475
3476	snprintf(buf, size: sizeof(buf), fmt: "Lmp Subversion: 0x%x\n",
3477	hdev->lmp_subver);
3478	skb_put_data(skb, data: buf, strlen(buf));
3479	}
3480
3481	static void btusb_coredump_qca(struct hci_dev *hdev)
3482	{
3483	static const u8 param[] = { 0x26 };
3484	struct sk_buff *skb;
3485
3486	skb = __hci_cmd_sync(hdev, opcode: 0xfc0c, plen: 1, param, HCI_CMD_TIMEOUT);
3487	if (IS_ERR(ptr: skb))
3488	bt_dev_err(hdev, "%s: triggle crash failed (%ld)", __func__, PTR_ERR(skb));
3489	kfree_skb(skb);
3490	}
3491
3492	/*
3493	* ==0: not a dump pkt.
3494	* < 0: fails to handle a dump pkt
3495	* > 0: otherwise.
3496	*/
3497	static int handle_dump_pkt_qca(struct hci_dev *hdev, struct sk_buff *skb)
3498	{
3499	int ret = 1;
3500	u8 pkt_type;
3501	u8 *sk_ptr;
3502	unsigned int sk_len;
3503	u16 seqno;
3504	u32 dump_size;
3505
3506	struct hci_event_hdr *event_hdr;
3507	struct hci_acl_hdr *acl_hdr;
3508	struct qca_dump_hdr *dump_hdr;
3509	struct btusb_data *btdata = hci_get_drvdata(hdev);
3510	struct usb_device *udev = btdata->udev;
3511
3512	pkt_type = hci_skb_pkt_type(skb);
3513	sk_ptr = skb->data;
3514	sk_len = skb->len;
3515
3516	if (pkt_type == HCI_ACLDATA_PKT) {
3517	acl_hdr = hci_acl_hdr(skb);
3518	if (le16_to_cpu(acl_hdr->handle) != QCA_MEMDUMP_ACL_HANDLE)
3519	return 0;
3520	sk_ptr += HCI_ACL_HDR_SIZE;
3521	sk_len -= HCI_ACL_HDR_SIZE;
3522	event_hdr = (struct hci_event_hdr *)sk_ptr;
3523	} else {
3524	event_hdr = hci_event_hdr(skb);
3525	}
3526
3527	if ((event_hdr->evt != HCI_VENDOR_PKT)
3528	|| (event_hdr->plen != (sk_len - HCI_EVENT_HDR_SIZE)))
3529	return 0;
3530
3531	sk_ptr += HCI_EVENT_HDR_SIZE;
3532	sk_len -= HCI_EVENT_HDR_SIZE;
3533
3534	dump_hdr = (struct qca_dump_hdr *)sk_ptr;
3535	if ((sk_len < offsetof(struct qca_dump_hdr, data))
3536	|| (dump_hdr->vse_class != QCA_MEMDUMP_VSE_CLASS)
3537	|| (dump_hdr->msg_type != QCA_MEMDUMP_MSG_TYPE))
3538	return 0;
3539
3540	/*it is dump pkt now*/
3541	seqno = le16_to_cpu(dump_hdr->seqno);
3542	if (seqno == 0) {
3543	set_bit(BTUSB_HW_SSR_ACTIVE, addr: &btdata->flags);
3544	dump_size = le32_to_cpu(dump_hdr->ram_dump_size);
3545	if (!dump_size || (dump_size > QCA_MEMDUMP_SIZE_MAX)) {
3546	ret = -EILSEQ;
3547	bt_dev_err(hdev, "Invalid memdump size(%u)",
3548	dump_size);
3549	goto out;
3550	}
3551
3552	ret = hci_devcd_init(hdev, dump_size);
3553	if (ret < 0) {
3554	bt_dev_err(hdev, "memdump init error(%d)", ret);
3555	goto out;
3556	}
3557
3558	btdata->qca_dump.ram_dump_size = dump_size;
3559	btdata->qca_dump.ram_dump_seqno = 0;
3560	sk_ptr += offsetof(struct qca_dump_hdr, data0);
3561	sk_len -= offsetof(struct qca_dump_hdr, data0);
3562
3563	usb_disable_autosuspend(udev);
3564	bt_dev_info(hdev, "%s memdump size(%u)\n",
3565	(pkt_type == HCI_ACLDATA_PKT) ? "ACL" : "event",
3566	dump_size);
3567	} else {
3568	sk_ptr += offsetof(struct qca_dump_hdr, data);
3569	sk_len -= offsetof(struct qca_dump_hdr, data);
3570	}
3571
3572	if (!btdata->qca_dump.ram_dump_size) {
3573	ret = -EINVAL;
3574	bt_dev_err(hdev, "memdump is not active");
3575	goto out;
3576	}
3577
3578	if ((seqno > btdata->qca_dump.ram_dump_seqno + 1) && (seqno != QCA_LAST_SEQUENCE_NUM)) {
3579	dump_size = QCA_MEMDUMP_PKT_SIZE * (seqno - btdata->qca_dump.ram_dump_seqno - 1);
3580	hci_devcd_append_pattern(hdev, pattern: 0x0, len: dump_size);
3581	bt_dev_err(hdev,
3582	"expected memdump seqno(%u) is not received(%u)\n",
3583	btdata->qca_dump.ram_dump_seqno, seqno);
3584	btdata->qca_dump.ram_dump_seqno = seqno;
3585	kfree_skb(skb);
3586	return ret;
3587	}
3588
3589	skb_pull(skb, len: skb->len - sk_len);
3590	hci_devcd_append(hdev, skb);
3591	btdata->qca_dump.ram_dump_seqno++;
3592	if (seqno == QCA_LAST_SEQUENCE_NUM) {
3593	bt_dev_info(hdev,
3594	"memdump done: pkts(%u), total(%u)\n",
3595	btdata->qca_dump.ram_dump_seqno, btdata->qca_dump.ram_dump_size);
3596
3597	hci_devcd_complete(hdev);
3598	goto out;
3599	}
3600	return ret;
3601
3602	out:
3603	if (btdata->qca_dump.ram_dump_size)
3604	usb_enable_autosuspend(udev);
3605	btdata->qca_dump.ram_dump_size = 0;
3606	btdata->qca_dump.ram_dump_seqno = 0;
3607	clear_bit(BTUSB_HW_SSR_ACTIVE, addr: &btdata->flags);
3608
3609	if (ret < 0)
3610	kfree_skb(skb);
3611	return ret;
3612	}
3613
3614	static int btusb_recv_acl_qca(struct hci_dev *hdev, struct sk_buff *skb)
3615	{
3616	if (handle_dump_pkt_qca(hdev, skb))
3617	return 0;
3618	return hci_recv_frame(hdev, skb);
3619	}
3620
3621	static int btusb_recv_evt_qca(struct hci_dev *hdev, struct sk_buff *skb)
3622	{
3623	if (handle_dump_pkt_qca(hdev, skb))
3624	return 0;
3625	return hci_recv_frame(hdev, skb);
3626	}
3627
3628
3629	#define QCA_DFU_PACKET_LEN 4096
3630
3631	#define QCA_GET_TARGET_VERSION 0x09
3632	#define QCA_CHECK_STATUS 0x05
3633	#define QCA_DFU_DOWNLOAD 0x01
3634
3635	#define QCA_SYSCFG_UPDATED 0x40
3636	#define QCA_PATCH_UPDATED 0x80
3637	#define QCA_DFU_TIMEOUT 3000
3638	#define QCA_FLAG_MULTI_NVM 0x80
3639	#define QCA_BT_RESET_WAIT_MS 100
3640
3641	#define WCN6855_2_0_RAM_VERSION_GF 0x400c1200
3642	#define WCN6855_2_1_RAM_VERSION_GF 0x400c1211
3643
3644	struct qca_version {
3645	__le32 rom_version;
3646	__le32 patch_version;
3647	__le32 ram_version;
3648	__u8 chip_id;
3649	__u8 platform_id;
3650	__le16 flag;
3651	__u8 reserved[4];
3652	} __packed;
3653
3654	struct qca_rampatch_version {
3655	__le16 rom_version_high;
3656	__le16 rom_version_low;
3657	__le16 patch_version;
3658	} __packed;
3659
3660	struct qca_device_info {
3661	u32 rom_version;
3662	u8 rampatch_hdr; /* length of header in rampatch */
3663	u8 nvm_hdr; /* length of header in NVM */
3664	u8 ver_offset; /* offset of version structure in rampatch */
3665	};
3666
3667	static const struct qca_device_info qca_devices_table[] = {
3668	{ 0x00000100, 20, 4, 8 }, /* Rome 1.0 */
3669	{ 0x00000101, 20, 4, 8 }, /* Rome 1.1 */
3670	{ 0x00000200, 28, 4, 16 }, /* Rome 2.0 */
3671	{ 0x00000201, 28, 4, 16 }, /* Rome 2.1 */
3672	{ 0x00000300, 28, 4, 16 }, /* Rome 3.0 */
3673	{ 0x00000302, 28, 4, 16 }, /* Rome 3.2 */
3674	{ 0x00130100, 40, 4, 16 }, /* WCN6855 1.0 */
3675	{ 0x00130200, 40, 4, 16 }, /* WCN6855 2.0 */
3676	{ 0x00130201, 40, 4, 16 }, /* WCN6855 2.1 */
3677	{ 0x00190200, 40, 4, 16 }, /* WCN785x 2.0 */
3678	};
3679
3680	static int btusb_qca_send_vendor_req(struct usb_device *udev, u8 request,
3681	void *data, u16 size)
3682	{
3683	int pipe, err;
3684	u8 *buf;
3685
3686	buf = kmalloc(size, GFP_KERNEL);
3687	if (!buf)
3688	return -ENOMEM;
3689
3690	/* Found some of USB hosts have IOT issues with ours so that we should
3691	* not wait until HCI layer is ready.
3692	*/
3693	pipe = usb_rcvctrlpipe(udev, 0);
3694	err = usb_control_msg(dev: udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN,
3695	value: 0, index: 0, data: buf, size, USB_CTRL_SET_TIMEOUT);
3696	if (err < 0) {
3697	dev_err(&udev->dev, "Failed to access otp area (%d)", err);
3698	goto done;
3699	}
3700
3701	memcpy(data, buf, size);
3702
3703	done:
3704	kfree(objp: buf);
3705
3706	return err;
3707	}
3708
3709	static int btusb_setup_qca_download_fw(struct hci_dev *hdev,
3710	const struct firmware *firmware,
3711	size_t hdr_size)
3712	{
3713	struct btusb_data *btdata = hci_get_drvdata(hdev);
3714	struct usb_device *udev = btdata->udev;
3715	size_t count, size, sent = 0;
3716	int pipe, len, err;
3717	u8 *buf;
3718
3719	buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL);
3720	if (!buf)
3721	return -ENOMEM;
3722
3723	count = firmware->size;
3724
3725	size = min_t(size_t, count, hdr_size);
3726	memcpy(buf, firmware->data, size);
3727
3728	/* USB patches should go down to controller through USB path
3729	* because binary format fits to go down through USB channel.
3730	* USB control path is for patching headers and USB bulk is for
3731	* patch body.
3732	*/
3733	pipe = usb_sndctrlpipe(udev, 0);
3734	err = usb_control_msg(dev: udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR,
3735	value: 0, index: 0, data: buf, size, USB_CTRL_SET_TIMEOUT);
3736	if (err < 0) {
3737	bt_dev_err(hdev, "Failed to send headers (%d)", err);
3738	goto done;
3739	}
3740
3741	sent += size;
3742	count -= size;
3743
3744	/* ep2 need time to switch from function acl to function dfu,
3745	* so we add 20ms delay here.
3746	*/
3747	msleep(msecs: 20);
3748
3749	while (count) {
3750	size = min_t(size_t, count, QCA_DFU_PACKET_LEN);
3751
3752	memcpy(buf, firmware->data + sent, size);
3753
3754	pipe = usb_sndbulkpipe(udev, 0x02);
3755	err = usb_bulk_msg(usb_dev: udev, pipe, data: buf, len: size, actual_length: &len,
3756	QCA_DFU_TIMEOUT);
3757	if (err < 0) {
3758	bt_dev_err(hdev, "Failed to send body at %zd of %zd (%d)",
3759	sent, firmware->size, err);
3760	break;
3761	}
3762
3763	if (size != len) {
3764	bt_dev_err(hdev, "Failed to get bulk buffer");
3765	err = -EILSEQ;
3766	break;
3767	}
3768
3769	sent += size;
3770	count -= size;
3771	}
3772
3773	done:
3774	kfree(objp: buf);
3775	return err;
3776	}
3777
3778	static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev,
3779	struct qca_version *ver,
3780	const struct qca_device_info *info)
3781	{
3782	struct qca_rampatch_version *rver;
3783	const struct firmware *fw;
3784	u32 ver_rom, ver_patch, rver_rom;
3785	u16 rver_rom_low, rver_rom_high, rver_patch;
3786	char fwname[64];
3787	int err;
3788
3789	ver_rom = le32_to_cpu(ver->rom_version);
3790	ver_patch = le32_to_cpu(ver->patch_version);
3791
3792	snprintf(buf: fwname, size: sizeof(fwname), fmt: "qca/rampatch_usb_%08x.bin", ver_rom);
3793
3794	err = request_firmware(fw: &fw, name: fwname, device: &hdev->dev);
3795	if (err) {
3796	bt_dev_err(hdev, "failed to request rampatch file: %s (%d)",
3797	fwname, err);
3798	return err;
3799	}
3800
3801	bt_dev_info(hdev, "using rampatch file: %s", fwname);
3802
3803	rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset);
3804	rver_rom_low = le16_to_cpu(rver->rom_version_low);
3805	rver_patch = le16_to_cpu(rver->patch_version);
3806
3807	if (ver_rom & ~0xffffU) {
3808	rver_rom_high = le16_to_cpu(rver->rom_version_high);
3809	rver_rom = rver_rom_high << 16 | rver_rom_low;
3810	} else {
3811	rver_rom = rver_rom_low;
3812	}
3813
3814	bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, "
3815	"firmware rome 0x%x build 0x%x",
3816	rver_rom, rver_patch, ver_rom, ver_patch);
3817
3818	if (rver_rom != ver_rom || rver_patch <= ver_patch) {
3819	bt_dev_err(hdev, "rampatch file version did not match with firmware");
3820	err = -EINVAL;
3821	goto done;
3822	}
3823
3824	err = btusb_setup_qca_download_fw(hdev, firmware: fw, hdr_size: info->rampatch_hdr);
3825
3826	done:
3827	release_firmware(fw);
3828
3829	return err;
3830	}
3831
3832	static void btusb_generate_qca_nvm_name(char *fwname, size_t max_size,
3833	const struct qca_version *ver)
3834	{
3835	u32 rom_version = le32_to_cpu(ver->rom_version);
3836	u16 flag = le16_to_cpu(ver->flag);
3837
3838	if (((flag >> 8) & 0xff) == QCA_FLAG_MULTI_NVM) {
3839	/* The board_id should be split into two bytes
3840	* The 1st byte is chip ID, and the 2nd byte is platform ID
3841	* For example, board ID 0x010A, 0x01 is platform ID. 0x0A is chip ID
3842	* we have several platforms, and platform IDs are continuously added
3843	* Platform ID:
3844	* 0x00 is for Mobile
3845	* 0x01 is for X86
3846	* 0x02 is for Automotive
3847	* 0x03 is for Consumer electronic
3848	*/
3849	u16 board_id = (ver->chip_id << 8) + ver->platform_id;
3850	const char *variant;
3851
3852	switch (le32_to_cpu(ver->ram_version)) {
3853	case WCN6855_2_0_RAM_VERSION_GF:
3854	case WCN6855_2_1_RAM_VERSION_GF:
3855	variant = "_gf";
3856	break;
3857	default:
3858	variant = "";
3859	break;
3860	}
3861
3862	if (board_id == 0) {
3863	snprintf(buf: fwname, size: max_size, fmt: "qca/nvm_usb_%08x%s.bin",
3864	rom_version, variant);
3865	} else {
3866	snprintf(buf: fwname, size: max_size, fmt: "qca/nvm_usb_%08x%s_%04x.bin",
3867	rom_version, variant, board_id);
3868	}
3869	} else {
3870	snprintf(buf: fwname, size: max_size, fmt: "qca/nvm_usb_%08x.bin",
3871	rom_version);
3872	}
3873
3874	}
3875
3876	static int btusb_setup_qca_load_nvm(struct hci_dev *hdev,
3877	struct qca_version *ver,
3878	const struct qca_device_info *info)
3879	{
3880	const struct firmware *fw;
3881	char fwname[64];
3882	int err;
3883
3884	btusb_generate_qca_nvm_name(fwname, max_size: sizeof(fwname), ver);
3885
3886	err = request_firmware(fw: &fw, name: fwname, device: &hdev->dev);
3887	if (err) {
3888	bt_dev_err(hdev, "failed to request NVM file: %s (%d)",
3889	fwname, err);
3890	return err;
3891	}
3892
3893	bt_dev_info(hdev, "using NVM file: %s", fwname);
3894
3895	err = btusb_setup_qca_download_fw(hdev, firmware: fw, hdr_size: info->nvm_hdr);
3896
3897	release_firmware(fw);
3898
3899	return err;
3900	}
3901
3902	/* identify the ROM version and check whether patches are needed */
3903	static bool btusb_qca_need_patch(struct usb_device *udev)
3904	{
3905	struct qca_version ver;
3906
3907	if (btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, data: &ver,
3908	size: sizeof(ver)) < 0)
3909	return false;
3910	/* only low ROM versions need patches */
3911	return !(le32_to_cpu(ver.rom_version) & ~0xffffU);
3912	}
3913
3914	static int btusb_setup_qca(struct hci_dev *hdev)
3915	{
3916	struct btusb_data *btdata = hci_get_drvdata(hdev);
3917	struct usb_device *udev = btdata->udev;
3918	const struct qca_device_info *info = NULL;
3919	struct qca_version ver;
3920	u32 ver_rom;
3921	u8 status;
3922	int i, err;
3923
3924	err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, data: &ver,
3925	size: sizeof(ver));
3926	if (err < 0)
3927	return err;
3928
3929	ver_rom = le32_to_cpu(ver.rom_version);
3930
3931	for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) {
3932	if (ver_rom == qca_devices_table[i].rom_version)
3933	info = &qca_devices_table[i];
3934	}
3935	if (!info) {
3936	/* If the rom_version is not matched in the qca_devices_table
3937	* and the high ROM version is not zero, we assume this chip no
3938	* need to load the rampatch and nvm.
3939	*/
3940	if (ver_rom & ~0xffffU)
3941	return 0;
3942
3943	bt_dev_err(hdev, "don't support firmware rome 0x%x", ver_rom);
3944	return -ENODEV;
3945	}
3946
3947	err = btusb_qca_send_vendor_req(udev, QCA_CHECK_STATUS, data: &status,
3948	size: sizeof(status));
3949	if (err < 0)
3950	return err;
3951
3952	if (!(status & QCA_PATCH_UPDATED)) {
3953	err = btusb_setup_qca_load_rampatch(hdev, ver: &ver, info);
3954	if (err < 0)
3955	return err;
3956	}
3957
3958	err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, data: &ver,
3959	size: sizeof(ver));
3960	if (err < 0)
3961	return err;
3962
3963	btdata->qca_dump.fw_version = le32_to_cpu(ver.patch_version);
3964	btdata->qca_dump.controller_id = le32_to_cpu(ver.rom_version);
3965
3966	if (!(status & QCA_SYSCFG_UPDATED)) {
3967	err = btusb_setup_qca_load_nvm(hdev, ver: &ver, info);
3968	if (err < 0)
3969	return err;
3970
3971	/* WCN6855 2.1 and later will reset to apply firmware downloaded here, so
3972	* wait ~100ms for reset Done then go ahead, otherwise, it maybe
3973	* cause potential enable failure.
3974	*/
3975	if (info->rom_version >= 0x00130201)
3976	msleep(QCA_BT_RESET_WAIT_MS);
3977	}
3978
3979	/* Mark HCI_OP_ENHANCED_SETUP_SYNC_CONN as broken as it doesn't seem to
3980	* work with the likes of HSP/HFP mSBC.
3981	*/
3982	set_bit(nr: HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN, addr: &hdev->quirks);
3983
3984	return 0;
3985	}
3986
3987	static inline int __set_diag_interface(struct hci_dev *hdev)
3988	{
3989	struct btusb_data *data = hci_get_drvdata(hdev);
3990	struct usb_interface *intf = data->diag;
3991	int i;
3992
3993	if (!data->diag)
3994	return -ENODEV;
3995
3996	data->diag_tx_ep = NULL;
3997	data->diag_rx_ep = NULL;
3998
3999	for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
4000	struct usb_endpoint_descriptor *ep_desc;
4001
4002	ep_desc = &intf->cur_altsetting->endpoint[i].desc;
4003
4004	if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(epd: ep_desc)) {
4005	data->diag_tx_ep = ep_desc;
4006	continue;
4007	}
4008
4009	if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(epd: ep_desc)) {
4010	data->diag_rx_ep = ep_desc;
4011	continue;
4012	}
4013	}
4014
4015	if (!data->diag_tx_ep || !data->diag_rx_ep) {
4016	bt_dev_err(hdev, "invalid diagnostic descriptors");
4017	return -ENODEV;
4018	}
4019
4020	return 0;
4021	}
4022
4023	static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable)
4024	{
4025	struct btusb_data *data = hci_get_drvdata(hdev);
4026	struct sk_buff *skb;
4027	struct urb *urb;
4028	unsigned int pipe;
4029
4030	if (!data->diag_tx_ep)
4031	return ERR_PTR(error: -ENODEV);
4032
4033	urb = usb_alloc_urb(iso_packets: 0, GFP_KERNEL);
4034	if (!urb)
4035	return ERR_PTR(error: -ENOMEM);
4036
4037	skb = bt_skb_alloc(len: 2, GFP_KERNEL);
4038	if (!skb) {
4039	usb_free_urb(urb);
4040	return ERR_PTR(error: -ENOMEM);
4041	}
4042
4043	skb_put_u8(skb, val: 0xf0);
4044	skb_put_u8(skb, val: enable);
4045
4046	pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress);
4047
4048	usb_fill_bulk_urb(urb, dev: data->udev, pipe,
4049	transfer_buffer: skb->data, buffer_length: skb->len, complete_fn: btusb_tx_complete, context: skb);
4050
4051	skb->dev = (void *)hdev;
4052
4053	return urb;
4054	}
4055
4056	static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable)
4057	{
4058	struct btusb_data *data = hci_get_drvdata(hdev);
4059	struct urb *urb;
4060
4061	if (!data->diag)
4062	return -ENODEV;
4063
4064	if (!test_bit(HCI_RUNNING, &hdev->flags))
4065	return -ENETDOWN;
4066
4067	urb = alloc_diag_urb(hdev, enable);
4068	if (IS_ERR(ptr: urb))
4069	return PTR_ERR(ptr: urb);
4070
4071	return submit_or_queue_tx_urb(hdev, urb);
4072	}
4073
4074	#ifdef CONFIG_PM
4075	static irqreturn_t btusb_oob_wake_handler(int irq, void *priv)
4076	{
4077	struct btusb_data *data = priv;
4078
4079	pm_wakeup_event(dev: &data->udev->dev, msec: 0);
4080	pm_system_wakeup();
4081
4082	/* Disable only if not already disabled (keep it balanced) */
4083	if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, addr: &data->flags)) {
4084	disable_irq_nosync(irq);
4085	disable_irq_wake(irq);
4086	}
4087	return IRQ_HANDLED;
4088	}
4089
4090	static const struct of_device_id btusb_match_table[] = {
4091	{ .compatible = "usb1286,204e" },
4092	{ .compatible = "usbcf3,e300" }, /* QCA6174A */
4093	{ .compatible = "usb4ca,301a" }, /* QCA6174A (Lite-On) */
4094	{ }
4095	};
4096	MODULE_DEVICE_TABLE(of, btusb_match_table);
4097
4098	/* Use an oob wakeup pin? */
4099	static int btusb_config_oob_wake(struct hci_dev *hdev)
4100	{
4101	struct btusb_data *data = hci_get_drvdata(hdev);
4102	struct device *dev = &data->udev->dev;
4103	int irq, ret;
4104
4105	clear_bit(BTUSB_OOB_WAKE_ENABLED, addr: &data->flags);
4106
4107	if (!of_match_device(matches: btusb_match_table, dev))
4108	return 0;
4109
4110	/* Move on if no IRQ specified */
4111	irq = of_irq_get_byname(dev: dev->of_node, name: "wakeup");
4112	if (irq <= 0) {
4113	bt_dev_dbg(hdev, "%s: no OOB Wakeup IRQ in DT", __func__);
4114	return 0;
4115	}
4116
4117	irq_set_status_flags(irq, set: IRQ_NOAUTOEN);
4118	ret = devm_request_irq(dev: &hdev->dev, irq, handler: btusb_oob_wake_handler,
4119	irqflags: 0, devname: "OOB Wake-on-BT", dev_id: data);
4120	if (ret) {
4121	bt_dev_err(hdev, "%s: IRQ request failed", __func__);
4122	return ret;
4123	}
4124
4125	ret = device_init_wakeup(dev, enable: true);
4126	if (ret) {
4127	bt_dev_err(hdev, "%s: failed to init_wakeup", __func__);
4128	return ret;
4129	}
4130
4131	data->oob_wake_irq = irq;
4132	bt_dev_info(hdev, "OOB Wake-on-BT configured at IRQ %u", irq);
4133	return 0;
4134	}
4135	#endif
4136
4137	static void btusb_check_needs_reset_resume(struct usb_interface *intf)
4138	{
4139	if (dmi_check_system(list: btusb_needs_reset_resume_table))
4140	interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME;
4141	}
4142
4143	static bool btusb_wakeup(struct hci_dev *hdev)
4144	{
4145	struct btusb_data *data = hci_get_drvdata(hdev);
4146
4147	return device_may_wakeup(dev: &data->udev->dev);
4148	}
4149
4150	static int btusb_shutdown_qca(struct hci_dev *hdev)
4151	{
4152	struct sk_buff *skb;
4153
4154	skb = __hci_cmd_sync(hdev, HCI_OP_RESET, plen: 0, NULL, HCI_INIT_TIMEOUT);
4155	if (IS_ERR(ptr: skb)) {
4156	bt_dev_err(hdev, "HCI reset during shutdown failed");
4157	return PTR_ERR(ptr: skb);
4158	}
4159	kfree_skb(skb);
4160
4161	return 0;
4162	}
4163
4164	static ssize_t force_poll_sync_read(struct file *file, char __user *user_buf,
4165	size_t count, loff_t *ppos)
4166	{
4167	struct btusb_data *data = file->private_data;
4168	char buf[3];
4169
4170	buf[0] = data->poll_sync ? 'Y' : 'N';
4171	buf[1] = '\n';
4172	buf[2] = '\0';
4173	return simple_read_from_buffer(to: user_buf, count, ppos, from: buf, available: 2);
4174	}
4175
4176	static ssize_t force_poll_sync_write(struct file *file,
4177	const char __user *user_buf,
4178	size_t count, loff_t *ppos)
4179	{
4180	struct btusb_data *data = file->private_data;
4181	bool enable;
4182	int err;
4183
4184	err = kstrtobool_from_user(s: user_buf, count, res: &enable);
4185	if (err)
4186	return err;
4187
4188	/* Only allow changes while the adapter is down */
4189	if (test_bit(HCI_UP, &data->hdev->flags))
4190	return -EPERM;
4191
4192	if (data->poll_sync == enable)
4193	return -EALREADY;
4194
4195	data->poll_sync = enable;
4196
4197	return count;
4198	}
4199
4200	static const struct file_operations force_poll_sync_fops = {
4201	.open = simple_open,
4202	.read = force_poll_sync_read,
4203	.write = force_poll_sync_write,
4204	.llseek = default_llseek,
4205	};
4206
4207	static int btusb_probe(struct usb_interface *intf,
4208	const struct usb_device_id *id)
4209	{
4210	struct usb_endpoint_descriptor *ep_desc;
4211	struct gpio_desc *reset_gpio;
4212	struct btusb_data *data;
4213	struct hci_dev *hdev;
4214	unsigned ifnum_base;
4215	int i, err, priv_size;
4216
4217	BT_DBG("intf %p id %p", intf, id);
4218
4219	if ((id->driver_info & BTUSB_IFNUM_2) &&
4220	(intf->cur_altsetting->desc.bInterfaceNumber != 0) &&
4221	(intf->cur_altsetting->desc.bInterfaceNumber != 2))
4222	return -ENODEV;
4223
4224	ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber;
4225
4226	if (!id->driver_info) {
4227	const struct usb_device_id *match;
4228
4229	match = usb_match_id(interface: intf, id: quirks_table);
4230	if (match)
4231	id = match;
4232	}
4233
4234	if (id->driver_info == BTUSB_IGNORE)
4235	return -ENODEV;
4236
4237	if (id->driver_info & BTUSB_ATH3012) {
4238	struct usb_device *udev = interface_to_usbdev(intf);
4239
4240	/* Old firmware would otherwise let ath3k driver load
4241	* patch and sysconfig files
4242	*/
4243	if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001 &&
4244	!btusb_qca_need_patch(udev))
4245	return -ENODEV;
4246	}
4247
4248	data = devm_kzalloc(dev: &intf->dev, size: sizeof(*data), GFP_KERNEL);
4249	if (!data)
4250	return -ENOMEM;
4251
4252	for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
4253	ep_desc = &intf->cur_altsetting->endpoint[i].desc;
4254
4255	if (!data->intr_ep && usb_endpoint_is_int_in(epd: ep_desc)) {
4256	data->intr_ep = ep_desc;
4257	continue;
4258	}
4259
4260	if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(epd: ep_desc)) {
4261	data->bulk_tx_ep = ep_desc;
4262	continue;
4263	}
4264
4265	if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(epd: ep_desc)) {
4266	data->bulk_rx_ep = ep_desc;
4267	continue;
4268	}
4269	}
4270
4271	if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
4272	return -ENODEV;
4273
4274	if (id->driver_info & BTUSB_AMP) {
4275	data->cmdreq_type = USB_TYPE_CLASS | 0x01;
4276	data->cmdreq = 0x2b;
4277	} else {
4278	data->cmdreq_type = USB_TYPE_CLASS;
4279	data->cmdreq = 0x00;
4280	}
4281
4282	data->udev = interface_to_usbdev(intf);
4283	data->intf = intf;
4284
4285	INIT_WORK(&data->work, btusb_work);
4286	INIT_WORK(&data->waker, btusb_waker);
4287	INIT_DELAYED_WORK(&data->rx_work, btusb_rx_work);
4288
4289	skb_queue_head_init(list: &data->acl_q);
4290
4291	init_usb_anchor(anchor: &data->deferred);
4292	init_usb_anchor(anchor: &data->tx_anchor);
4293	spin_lock_init(&data->txlock);
4294
4295	init_usb_anchor(anchor: &data->intr_anchor);
4296	init_usb_anchor(anchor: &data->bulk_anchor);
4297	init_usb_anchor(anchor: &data->isoc_anchor);
4298	init_usb_anchor(anchor: &data->diag_anchor);
4299	init_usb_anchor(anchor: &data->ctrl_anchor);
4300	spin_lock_init(&data->rxlock);
4301
4302	priv_size = 0;
4303
4304	data->recv_event = hci_recv_frame;
4305	data->recv_bulk = btusb_recv_bulk;
4306
4307	if (id->driver_info & BTUSB_INTEL_COMBINED) {
4308	/* Allocate extra space for Intel device */
4309	priv_size += sizeof(struct btintel_data);
4310
4311	/* Override the rx handlers */
4312	data->recv_event = btintel_recv_event;
4313	data->recv_bulk = btusb_recv_bulk_intel;
4314	} else if (id->driver_info & BTUSB_REALTEK) {
4315	/* Allocate extra space for Realtek device */
4316	priv_size += sizeof(struct btrealtek_data);
4317
4318	data->recv_event = btusb_recv_event_realtek;
4319	} else if (id->driver_info & BTUSB_MEDIATEK) {
4320	/* Allocate extra space for Mediatek device */
4321	priv_size += sizeof(struct btmediatek_data);
4322	}
4323
4324	data->recv_acl = hci_recv_frame;
4325
4326	hdev = hci_alloc_dev_priv(sizeof_priv: priv_size);
4327	if (!hdev)
4328	return -ENOMEM;
4329
4330	hdev->bus = HCI_USB;
4331	hci_set_drvdata(hdev, data);
4332
4333	if (id->driver_info & BTUSB_AMP)
4334	hdev->dev_type = HCI_AMP;
4335	else
4336	hdev->dev_type = HCI_PRIMARY;
4337
4338	data->hdev = hdev;
4339
4340	SET_HCIDEV_DEV(hdev, &intf->dev);
4341
4342	reset_gpio = gpiod_get_optional(dev: &data->udev->dev, con_id: "reset",
4343	flags: GPIOD_OUT_LOW);
4344	if (IS_ERR(ptr: reset_gpio)) {
4345	err = PTR_ERR(ptr: reset_gpio);
4346	goto out_free_dev;
4347	} else if (reset_gpio) {
4348	data->reset_gpio = reset_gpio;
4349	}
4350
4351	hdev->open = btusb_open;
4352	hdev->close = btusb_close;
4353	hdev->flush = btusb_flush;
4354	hdev->send = btusb_send_frame;
4355	hdev->notify = btusb_notify;
4356	hdev->wakeup = btusb_wakeup;
4357
4358	#ifdef CONFIG_PM
4359	err = btusb_config_oob_wake(hdev);
4360	if (err)
4361	goto out_free_dev;
4362
4363	/* Marvell devices may need a specific chip configuration */
4364	if (id->driver_info & BTUSB_MARVELL && data->oob_wake_irq) {
4365	err = marvell_config_oob_wake(hdev);
4366	if (err)
4367	goto out_free_dev;
4368	}
4369	#endif
4370	if (id->driver_info & BTUSB_CW6622)
4371	set_bit(nr: HCI_QUIRK_BROKEN_STORED_LINK_KEY, addr: &hdev->quirks);
4372
4373	if (id->driver_info & BTUSB_BCM2045)
4374	set_bit(nr: HCI_QUIRK_BROKEN_STORED_LINK_KEY, addr: &hdev->quirks);
4375
4376	if (id->driver_info & BTUSB_BCM92035)
4377	hdev->setup = btusb_setup_bcm92035;
4378
4379	if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) &&
4380	(id->driver_info & BTUSB_BCM_PATCHRAM)) {
4381	hdev->manufacturer = 15;
4382	hdev->setup = btbcm_setup_patchram;
4383	hdev->set_diag = btusb_bcm_set_diag;
4384	hdev->set_bdaddr = btbcm_set_bdaddr;
4385
4386	/* Broadcom LM_DIAG Interface numbers are hardcoded */
4387	data->diag = usb_ifnum_to_if(dev: data->udev, ifnum: ifnum_base + 2);
4388	}
4389
4390	if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) &&
4391	(id->driver_info & BTUSB_BCM_APPLE)) {
4392	hdev->manufacturer = 15;
4393	hdev->setup = btbcm_setup_apple;
4394	hdev->set_diag = btusb_bcm_set_diag;
4395
4396	/* Broadcom LM_DIAG Interface numbers are hardcoded */
4397	data->diag = usb_ifnum_to_if(dev: data->udev, ifnum: ifnum_base + 2);
4398	}
4399
4400	/* Combined Intel Device setup to support multiple setup routine */
4401	if (id->driver_info & BTUSB_INTEL_COMBINED) {
4402	err = btintel_configure_setup(hdev, driver_name: btusb_driver.name);
4403	if (err)
4404	goto out_free_dev;
4405
4406	/* Transport specific configuration */
4407	hdev->send = btusb_send_frame_intel;
4408	hdev->cmd_timeout = btusb_intel_cmd_timeout;
4409
4410	if (id->driver_info & BTUSB_INTEL_NO_WBS_SUPPORT)
4411	btintel_set_flag(hdev, INTEL_ROM_LEGACY_NO_WBS_SUPPORT);
4412
4413	if (id->driver_info & BTUSB_INTEL_BROKEN_INITIAL_NCMD)
4414	btintel_set_flag(hdev, INTEL_BROKEN_INITIAL_NCMD);
4415
4416	if (id->driver_info & BTUSB_INTEL_BROKEN_SHUTDOWN_LED)
4417	btintel_set_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED);
4418	}
4419
4420	if (id->driver_info & BTUSB_MARVELL)
4421	hdev->set_bdaddr = btusb_set_bdaddr_marvell;
4422
4423	if (IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK) &&
4424	(id->driver_info & BTUSB_MEDIATEK)) {
4425	hdev->setup = btusb_mtk_setup;
4426	hdev->shutdown = btusb_mtk_shutdown;
4427	hdev->manufacturer = 70;
4428	hdev->cmd_timeout = btmtk_reset_sync;
4429	hdev->set_bdaddr = btmtk_set_bdaddr;
4430	set_bit(nr: HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN, addr: &hdev->quirks);
4431	set_bit(nr: HCI_QUIRK_NON_PERSISTENT_SETUP, addr: &hdev->quirks);
4432	data->recv_acl = btusb_recv_acl_mtk;
4433	}
4434
4435	if (id->driver_info & BTUSB_SWAVE) {
4436	set_bit(nr: HCI_QUIRK_FIXUP_INQUIRY_MODE, addr: &hdev->quirks);
4437	set_bit(nr: HCI_QUIRK_BROKEN_LOCAL_COMMANDS, addr: &hdev->quirks);
4438	}
4439
4440	if (id->driver_info & BTUSB_INTEL_BOOT) {
4441	hdev->manufacturer = 2;
4442	set_bit(nr: HCI_QUIRK_RAW_DEVICE, addr: &hdev->quirks);
4443	}
4444
4445	if (id->driver_info & BTUSB_ATH3012) {
4446	data->setup_on_usb = btusb_setup_qca;
4447	hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
4448	set_bit(nr: HCI_QUIRK_SIMULTANEOUS_DISCOVERY, addr: &hdev->quirks);
4449	set_bit(nr: HCI_QUIRK_STRICT_DUPLICATE_FILTER, addr: &hdev->quirks);
4450	}
4451
4452	if (id->driver_info & BTUSB_QCA_ROME) {
4453	data->setup_on_usb = btusb_setup_qca;
4454	hdev->shutdown = btusb_shutdown_qca;
4455	hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
4456	hdev->cmd_timeout = btusb_qca_cmd_timeout;
4457	set_bit(nr: HCI_QUIRK_SIMULTANEOUS_DISCOVERY, addr: &hdev->quirks);
4458	btusb_check_needs_reset_resume(intf);
4459	}
4460
4461	if (id->driver_info & BTUSB_QCA_WCN6855) {
4462	data->qca_dump.id_vendor = id->idVendor;
4463	data->qca_dump.id_product = id->idProduct;
4464	data->recv_event = btusb_recv_evt_qca;
4465	data->recv_acl = btusb_recv_acl_qca;
4466	hci_devcd_register(hdev, coredump: btusb_coredump_qca, dmp_hdr: btusb_dump_hdr_qca, NULL);
4467	data->setup_on_usb = btusb_setup_qca;
4468	hdev->shutdown = btusb_shutdown_qca;
4469	hdev->set_bdaddr = btusb_set_bdaddr_wcn6855;
4470	hdev->cmd_timeout = btusb_qca_cmd_timeout;
4471	set_bit(nr: HCI_QUIRK_SIMULTANEOUS_DISCOVERY, addr: &hdev->quirks);
4472	hci_set_msft_opcode(hdev, opcode: 0xFD70);
4473	}
4474
4475	if (id->driver_info & BTUSB_AMP) {
4476	/* AMP controllers do not support SCO packets */
4477	data->isoc = NULL;
4478	} else {
4479	/* Interface orders are hardcoded in the specification */
4480	data->isoc = usb_ifnum_to_if(dev: data->udev, ifnum: ifnum_base + 1);
4481	data->isoc_ifnum = ifnum_base + 1;
4482	}
4483
4484	if (IS_ENABLED(CONFIG_BT_HCIBTUSB_RTL) &&
4485	(id->driver_info & BTUSB_REALTEK)) {
4486	btrtl_set_driver_name(hdev, driver_name: btusb_driver.name);
4487	hdev->setup = btusb_setup_realtek;
4488	hdev->shutdown = btrtl_shutdown_realtek;
4489	hdev->cmd_timeout = btusb_rtl_cmd_timeout;
4490	hdev->hw_error = btusb_rtl_hw_error;
4491
4492	/* Realtek devices need to set remote wakeup on auto-suspend */
4493	set_bit(BTUSB_WAKEUP_AUTOSUSPEND, addr: &data->flags);
4494	set_bit(BTUSB_USE_ALT3_FOR_WBS, addr: &data->flags);
4495	}
4496
4497	if (id->driver_info & BTUSB_ACTIONS_SEMI) {
4498	/* Support is advertised, but not implemented */
4499	set_bit(nr: HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, addr: &hdev->quirks);
4500	set_bit(nr: HCI_QUIRK_BROKEN_READ_TRANSMIT_POWER, addr: &hdev->quirks);
4501	set_bit(nr: HCI_QUIRK_BROKEN_SET_RPA_TIMEOUT, addr: &hdev->quirks);
4502	set_bit(nr: HCI_QUIRK_BROKEN_EXT_SCAN, addr: &hdev->quirks);
4503	set_bit(nr: HCI_QUIRK_BROKEN_READ_ENC_KEY_SIZE, addr: &hdev->quirks);
4504	}
4505
4506	if (!reset)
4507	set_bit(nr: HCI_QUIRK_RESET_ON_CLOSE, addr: &hdev->quirks);
4508
4509	if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
4510	if (!disable_scofix)
4511	set_bit(nr: HCI_QUIRK_FIXUP_BUFFER_SIZE, addr: &hdev->quirks);
4512	}
4513
4514	if (id->driver_info & BTUSB_BROKEN_ISOC)
4515	data->isoc = NULL;
4516
4517	if (id->driver_info & BTUSB_WIDEBAND_SPEECH)
4518	set_bit(nr: HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, addr: &hdev->quirks);
4519
4520	if (id->driver_info & BTUSB_VALID_LE_STATES)
4521	set_bit(nr: HCI_QUIRK_VALID_LE_STATES, addr: &hdev->quirks);
4522
4523	if (id->driver_info & BTUSB_DIGIANSWER) {
4524	data->cmdreq_type = USB_TYPE_VENDOR;
4525	set_bit(nr: HCI_QUIRK_RESET_ON_CLOSE, addr: &hdev->quirks);
4526	}
4527
4528	if (id->driver_info & BTUSB_CSR) {
4529	struct usb_device *udev = data->udev;
4530	u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice);
4531
4532	/* Old firmware would otherwise execute USB reset */
4533	if (bcdDevice < 0x117)
4534	set_bit(nr: HCI_QUIRK_RESET_ON_CLOSE, addr: &hdev->quirks);
4535
4536	/* This must be set first in case we disable it for fakes */
4537	set_bit(nr: HCI_QUIRK_SIMULTANEOUS_DISCOVERY, addr: &hdev->quirks);
4538
4539	/* Fake CSR devices with broken commands */
4540	if (le16_to_cpu(udev->descriptor.idVendor) == 0x0a12 &&
4541	le16_to_cpu(udev->descriptor.idProduct) == 0x0001)
4542	hdev->setup = btusb_setup_csr;
4543	}
4544
4545	if (id->driver_info & BTUSB_SNIFFER) {
4546	struct usb_device *udev = data->udev;
4547
4548	/* New sniffer firmware has crippled HCI interface */
4549	if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
4550	set_bit(nr: HCI_QUIRK_RAW_DEVICE, addr: &hdev->quirks);
4551	}
4552
4553	if (id->driver_info & BTUSB_INTEL_BOOT) {
4554	/* A bug in the bootloader causes that interrupt interface is
4555	* only enabled after receiving SetInterface(0, AltSetting=0).
4556	*/
4557	err = usb_set_interface(dev: data->udev, ifnum: 0, alternate: 0);
4558	if (err < 0) {
4559	BT_ERR("failed to set interface 0, alt 0 %d", err);
4560	goto out_free_dev;
4561	}
4562	}
4563
4564	if (data->isoc) {
4565	err = usb_driver_claim_interface(driver: &btusb_driver,
4566	iface: data->isoc, data);
4567	if (err < 0)
4568	goto out_free_dev;
4569	}
4570
4571	if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && data->diag) {
4572	if (!usb_driver_claim_interface(driver: &btusb_driver,
4573	iface: data->diag, data))
4574	__set_diag_interface(hdev);
4575	else
4576	data->diag = NULL;
4577	}
4578
4579	if (enable_autosuspend)
4580	usb_enable_autosuspend(udev: data->udev);
4581
4582	data->poll_sync = enable_poll_sync;
4583
4584	err = hci_register_dev(hdev);
4585	if (err < 0)
4586	goto out_free_dev;
4587
4588	usb_set_intfdata(intf, data);
4589
4590	debugfs_create_file(name: "force_poll_sync", mode: 0644, parent: hdev->debugfs, data,
4591	fops: &force_poll_sync_fops);
4592
4593	return 0;
4594
4595	out_free_dev:
4596	if (data->reset_gpio)
4597	gpiod_put(desc: data->reset_gpio);
4598	hci_free_dev(hdev);
4599	return err;
4600	}
4601
4602	static void btusb_disconnect(struct usb_interface *intf)
4603	{
4604	struct btusb_data *data = usb_get_intfdata(intf);
4605	struct hci_dev *hdev;
4606
4607	BT_DBG("intf %p", intf);
4608
4609	if (!data)
4610	return;
4611
4612	hdev = data->hdev;
4613	usb_set_intfdata(intf: data->intf, NULL);
4614
4615	if (data->isoc)
4616	usb_set_intfdata(intf: data->isoc, NULL);
4617
4618	if (data->diag)
4619	usb_set_intfdata(intf: data->diag, NULL);
4620
4621	hci_unregister_dev(hdev);
4622
4623	if (intf == data->intf) {
4624	if (data->isoc)
4625	usb_driver_release_interface(driver: &btusb_driver, iface: data->isoc);
4626	if (data->diag)
4627	usb_driver_release_interface(driver: &btusb_driver, iface: data->diag);
4628	} else if (intf == data->isoc) {
4629	if (data->diag)
4630	usb_driver_release_interface(driver: &btusb_driver, iface: data->diag);
4631	usb_driver_release_interface(driver: &btusb_driver, iface: data->intf);
4632	} else if (intf == data->diag) {
4633	usb_driver_release_interface(driver: &btusb_driver, iface: data->intf);
4634	if (data->isoc)
4635	usb_driver_release_interface(driver: &btusb_driver, iface: data->isoc);
4636	}
4637
4638	if (data->oob_wake_irq)
4639	device_init_wakeup(dev: &data->udev->dev, enable: false);
4640
4641	if (data->reset_gpio)
4642	gpiod_put(desc: data->reset_gpio);
4643
4644	hci_free_dev(hdev);
4645	}
4646
4647	#ifdef CONFIG_PM
4648	static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
4649	{
4650	struct btusb_data *data = usb_get_intfdata(intf);
4651
4652	BT_DBG("intf %p", intf);
4653
4654	/* Don't suspend if there are connections */
4655	if (hci_conn_count(hdev: data->hdev))
4656	return -EBUSY;
4657
4658	if (data->suspend_count++)
4659	return 0;
4660
4661	spin_lock_irq(lock: &data->txlock);
4662	if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
4663	set_bit(BTUSB_SUSPENDING, addr: &data->flags);
4664	spin_unlock_irq(lock: &data->txlock);
4665	} else {
4666	spin_unlock_irq(lock: &data->txlock);
4667	data->suspend_count--;
4668	return -EBUSY;
4669	}
4670
4671	cancel_work_sync(work: &data->work);
4672
4673	btusb_stop_traffic(data);
4674	usb_kill_anchored_urbs(anchor: &data->tx_anchor);
4675
4676	if (data->oob_wake_irq && device_may_wakeup(dev: &data->udev->dev)) {
4677	set_bit(BTUSB_OOB_WAKE_ENABLED, addr: &data->flags);
4678	enable_irq_wake(irq: data->oob_wake_irq);
4679	enable_irq(irq: data->oob_wake_irq);
4680	}
4681
4682	/* For global suspend, Realtek devices lose the loaded fw
4683	* in them. But for autosuspend, firmware should remain.
4684	* Actually, it depends on whether the usb host sends
4685	* set feature (enable wakeup) or not.
4686	*/
4687	if (test_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags)) {
4688	if (PMSG_IS_AUTO(message) &&
4689	device_can_wakeup(dev: &data->udev->dev))
4690	data->udev->do_remote_wakeup = 1;
4691	else if (!PMSG_IS_AUTO(message) &&
4692	!device_may_wakeup(dev: &data->udev->dev)) {
4693	data->udev->do_remote_wakeup = 0;
4694	data->udev->reset_resume = 1;
4695	}
4696	}
4697
4698	return 0;
4699	}
4700
4701	static void play_deferred(struct btusb_data *data)
4702	{
4703	struct urb *urb;
4704	int err;
4705
4706	while ((urb = usb_get_from_anchor(anchor: &data->deferred))) {
4707	usb_anchor_urb(urb, anchor: &data->tx_anchor);
4708
4709	err = usb_submit_urb(urb, GFP_ATOMIC);
4710	if (err < 0) {
4711	if (err != -EPERM && err != -ENODEV)
4712	BT_ERR("%s urb %p submission failed (%d)",
4713	data->hdev->name, urb, -err);
4714	kfree(objp: urb->setup_packet);
4715	usb_unanchor_urb(urb);
4716	usb_free_urb(urb);
4717	break;
4718	}
4719
4720	data->tx_in_flight++;
4721	usb_free_urb(urb);
4722	}
4723
4724	/* Cleanup the rest deferred urbs. */
4725	while ((urb = usb_get_from_anchor(anchor: &data->deferred))) {
4726	kfree(objp: urb->setup_packet);
4727	usb_free_urb(urb);
4728	}
4729	}
4730
4731	static int btusb_resume(struct usb_interface *intf)
4732	{
4733	struct btusb_data *data = usb_get_intfdata(intf);
4734	struct hci_dev *hdev = data->hdev;
4735	int err = 0;
4736
4737	BT_DBG("intf %p", intf);
4738
4739	if (--data->suspend_count)
4740	return 0;
4741
4742	/* Disable only if not already disabled (keep it balanced) */
4743	if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, addr: &data->flags)) {
4744	disable_irq(irq: data->oob_wake_irq);
4745	disable_irq_wake(irq: data->oob_wake_irq);
4746	}
4747
4748	if (!test_bit(HCI_RUNNING, &hdev->flags))
4749	goto done;
4750
4751	if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
4752	err = btusb_submit_intr_urb(hdev, GFP_NOIO);
4753	if (err < 0) {
4754	clear_bit(BTUSB_INTR_RUNNING, addr: &data->flags);
4755	goto failed;
4756	}
4757	}
4758
4759	if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
4760	err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
4761	if (err < 0) {
4762	clear_bit(BTUSB_BULK_RUNNING, addr: &data->flags);
4763	goto failed;
4764	}
4765
4766	btusb_submit_bulk_urb(hdev, GFP_NOIO);
4767	}
4768
4769	if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
4770	if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
4771	clear_bit(BTUSB_ISOC_RUNNING, addr: &data->flags);
4772	else
4773	btusb_submit_isoc_urb(hdev, GFP_NOIO);
4774	}
4775
4776	spin_lock_irq(lock: &data->txlock);
4777	play_deferred(data);
4778	clear_bit(BTUSB_SUSPENDING, addr: &data->flags);
4779	spin_unlock_irq(lock: &data->txlock);
4780	schedule_work(work: &data->work);
4781
4782	return 0;
4783
4784	failed:
4785	usb_scuttle_anchored_urbs(anchor: &data->deferred);
4786	done:
4787	spin_lock_irq(lock: &data->txlock);
4788	clear_bit(BTUSB_SUSPENDING, addr: &data->flags);
4789	spin_unlock_irq(lock: &data->txlock);
4790
4791	return err;
4792	}
4793	#endif
4794
4795	#ifdef CONFIG_DEV_COREDUMP
4796	static void btusb_coredump(struct device *dev)
4797	{
4798	struct btusb_data *data = dev_get_drvdata(dev);
4799	struct hci_dev *hdev = data->hdev;
4800
4801	if (hdev->dump.coredump)
4802	hdev->dump.coredump(hdev);
4803	}
4804	#endif
4805
4806	static struct usb_driver btusb_driver = {
4807	.name = "btusb",
4808	.probe = btusb_probe,
4809	.disconnect = btusb_disconnect,
4810	#ifdef CONFIG_PM
4811	.suspend = btusb_suspend,
4812	.resume = btusb_resume,
4813	#endif
4814	.id_table = btusb_table,
4815	.supports_autosuspend = 1,
4816	.disable_hub_initiated_lpm = 1,
4817
4818	#ifdef CONFIG_DEV_COREDUMP
4819	.driver = {
4820	.coredump = btusb_coredump,
4821	},
4822	#endif
4823	};
4824
4825	module_usb_driver(btusb_driver);
4826
4827	module_param(disable_scofix, bool, 0644);
4828	MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
4829
4830	module_param(force_scofix, bool, 0644);
4831	MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
4832
4833	module_param(enable_autosuspend, bool, 0644);
4834	MODULE_PARM_DESC(enable_autosuspend, "Enable USB autosuspend by default");
4835
4836	module_param(reset, bool, 0644);
4837	MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
4838
4839	MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4840	MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
4841	MODULE_VERSION(VERSION);
4842	MODULE_LICENSE("GPL");
4843