summaryrefslogtreecommitdiff
path: root/drivers/bluetooth/bfusb.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/bluetooth/bfusb.c')
-rw-r--r--drivers/bluetooth/bfusb.c750
1 files changed, 750 insertions, 0 deletions
diff --git a/drivers/bluetooth/bfusb.c b/drivers/bluetooth/bfusb.c
new file mode 100644
index 000000000..73b214c39
--- /dev/null
+++ b/drivers/bluetooth/bfusb.c
@@ -0,0 +1,750 @@
+/*
+ *
+ * AVM BlueFRITZ! USB driver
+ *
+ * Copyright (C) 2003-2006 Marcel Holtmann <marcel@holtmann.org>
+ *
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ */
+
+#include <linux/module.h>
+
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/slab.h>
+#include <linux/types.h>
+#include <linux/errno.h>
+#include <linux/skbuff.h>
+
+#include <linux/device.h>
+#include <linux/firmware.h>
+
+#include <linux/usb.h>
+
+#include <net/bluetooth/bluetooth.h>
+#include <net/bluetooth/hci_core.h>
+
+#define VERSION "1.2"
+
+static struct usb_driver bfusb_driver;
+
+static const struct usb_device_id bfusb_table[] = {
+ /* AVM BlueFRITZ! USB */
+ { USB_DEVICE(0x057c, 0x2200) },
+
+ { } /* Terminating entry */
+};
+
+MODULE_DEVICE_TABLE(usb, bfusb_table);
+
+#define BFUSB_MAX_BLOCK_SIZE 256
+
+#define BFUSB_BLOCK_TIMEOUT 3000
+
+#define BFUSB_TX_PROCESS 1
+#define BFUSB_TX_WAKEUP 2
+
+#define BFUSB_MAX_BULK_TX 2
+#define BFUSB_MAX_BULK_RX 2
+
+struct bfusb_data {
+ struct hci_dev *hdev;
+
+ unsigned long state;
+
+ struct usb_device *udev;
+
+ unsigned int bulk_in_ep;
+ unsigned int bulk_out_ep;
+ unsigned int bulk_pkt_size;
+
+ rwlock_t lock;
+
+ struct sk_buff_head transmit_q;
+
+ struct sk_buff *reassembly;
+
+ atomic_t pending_tx;
+ struct sk_buff_head pending_q;
+ struct sk_buff_head completed_q;
+};
+
+struct bfusb_data_scb {
+ struct urb *urb;
+};
+
+static void bfusb_tx_complete(struct urb *urb);
+static void bfusb_rx_complete(struct urb *urb);
+
+static struct urb *bfusb_get_completed(struct bfusb_data *data)
+{
+ struct sk_buff *skb;
+ struct urb *urb = NULL;
+
+ BT_DBG("bfusb %p", data);
+
+ skb = skb_dequeue(&data->completed_q);
+ if (skb) {
+ urb = ((struct bfusb_data_scb *) skb->cb)->urb;
+ kfree_skb(skb);
+ }
+
+ return urb;
+}
+
+static void bfusb_unlink_urbs(struct bfusb_data *data)
+{
+ struct sk_buff *skb;
+ struct urb *urb;
+
+ BT_DBG("bfusb %p", data);
+
+ while ((skb = skb_dequeue(&data->pending_q))) {
+ urb = ((struct bfusb_data_scb *) skb->cb)->urb;
+ usb_kill_urb(urb);
+ skb_queue_tail(&data->completed_q, skb);
+ }
+
+ while ((urb = bfusb_get_completed(data)))
+ usb_free_urb(urb);
+}
+
+static int bfusb_send_bulk(struct bfusb_data *data, struct sk_buff *skb)
+{
+ struct bfusb_data_scb *scb = (void *) skb->cb;
+ struct urb *urb = bfusb_get_completed(data);
+ int err, pipe;
+
+ BT_DBG("bfusb %p skb %p len %d", data, skb, skb->len);
+
+ if (!urb) {
+ urb = usb_alloc_urb(0, GFP_ATOMIC);
+ if (!urb)
+ return -ENOMEM;
+ }
+
+ pipe = usb_sndbulkpipe(data->udev, data->bulk_out_ep);
+
+ usb_fill_bulk_urb(urb, data->udev, pipe, skb->data, skb->len,
+ bfusb_tx_complete, skb);
+
+ scb->urb = urb;
+
+ skb_queue_tail(&data->pending_q, skb);
+
+ err = usb_submit_urb(urb, GFP_ATOMIC);
+ if (err) {
+ BT_ERR("%s bulk tx submit failed urb %p err %d",
+ data->hdev->name, urb, err);
+ skb_unlink(skb, &data->pending_q);
+ usb_free_urb(urb);
+ } else
+ atomic_inc(&data->pending_tx);
+
+ return err;
+}
+
+static void bfusb_tx_wakeup(struct bfusb_data *data)
+{
+ struct sk_buff *skb;
+
+ BT_DBG("bfusb %p", data);
+
+ if (test_and_set_bit(BFUSB_TX_PROCESS, &data->state)) {
+ set_bit(BFUSB_TX_WAKEUP, &data->state);
+ return;
+ }
+
+ do {
+ clear_bit(BFUSB_TX_WAKEUP, &data->state);
+
+ while ((atomic_read(&data->pending_tx) < BFUSB_MAX_BULK_TX) &&
+ (skb = skb_dequeue(&data->transmit_q))) {
+ if (bfusb_send_bulk(data, skb) < 0) {
+ skb_queue_head(&data->transmit_q, skb);
+ break;
+ }
+ }
+
+ } while (test_bit(BFUSB_TX_WAKEUP, &data->state));
+
+ clear_bit(BFUSB_TX_PROCESS, &data->state);
+}
+
+static void bfusb_tx_complete(struct urb *urb)
+{
+ struct sk_buff *skb = (struct sk_buff *) urb->context;
+ struct bfusb_data *data = (struct bfusb_data *) skb->dev;
+
+ BT_DBG("bfusb %p urb %p skb %p len %d", data, urb, skb, skb->len);
+
+ atomic_dec(&data->pending_tx);
+
+ if (!test_bit(HCI_RUNNING, &data->hdev->flags))
+ return;
+
+ if (!urb->status)
+ data->hdev->stat.byte_tx += skb->len;
+ else
+ data->hdev->stat.err_tx++;
+
+ read_lock(&data->lock);
+
+ skb_unlink(skb, &data->pending_q);
+ skb_queue_tail(&data->completed_q, skb);
+
+ bfusb_tx_wakeup(data);
+
+ read_unlock(&data->lock);
+}
+
+
+static int bfusb_rx_submit(struct bfusb_data *data, struct urb *urb)
+{
+ struct bfusb_data_scb *scb;
+ struct sk_buff *skb;
+ int err, pipe, size = HCI_MAX_FRAME_SIZE + 32;
+
+ BT_DBG("bfusb %p urb %p", data, urb);
+
+ if (!urb) {
+ urb = usb_alloc_urb(0, GFP_ATOMIC);
+ if (!urb)
+ return -ENOMEM;
+ }
+
+ skb = bt_skb_alloc(size, GFP_ATOMIC);
+ if (!skb) {
+ usb_free_urb(urb);
+ return -ENOMEM;
+ }
+
+ skb->dev = (void *) data;
+
+ scb = (struct bfusb_data_scb *) skb->cb;
+ scb->urb = urb;
+
+ pipe = usb_rcvbulkpipe(data->udev, data->bulk_in_ep);
+
+ usb_fill_bulk_urb(urb, data->udev, pipe, skb->data, size,
+ bfusb_rx_complete, skb);
+
+ skb_queue_tail(&data->pending_q, skb);
+
+ err = usb_submit_urb(urb, GFP_ATOMIC);
+ if (err) {
+ BT_ERR("%s bulk rx submit failed urb %p err %d",
+ data->hdev->name, urb, err);
+ skb_unlink(skb, &data->pending_q);
+ kfree_skb(skb);
+ usb_free_urb(urb);
+ }
+
+ return err;
+}
+
+static inline int bfusb_recv_block(struct bfusb_data *data, int hdr, unsigned char *buf, int len)
+{
+ BT_DBG("bfusb %p hdr 0x%02x data %p len %d", data, hdr, buf, len);
+
+ if (hdr & 0x10) {
+ BT_ERR("%s error in block", data->hdev->name);
+ kfree_skb(data->reassembly);
+ data->reassembly = NULL;
+ return -EIO;
+ }
+
+ if (hdr & 0x04) {
+ struct sk_buff *skb;
+ unsigned char pkt_type;
+ int pkt_len = 0;
+
+ if (data->reassembly) {
+ BT_ERR("%s unexpected start block", data->hdev->name);
+ kfree_skb(data->reassembly);
+ data->reassembly = NULL;
+ }
+
+ if (len < 1) {
+ BT_ERR("%s no packet type found", data->hdev->name);
+ return -EPROTO;
+ }
+
+ pkt_type = *buf++; len--;
+
+ switch (pkt_type) {
+ case HCI_EVENT_PKT:
+ if (len >= HCI_EVENT_HDR_SIZE) {
+ struct hci_event_hdr *hdr = (struct hci_event_hdr *) buf;
+ pkt_len = HCI_EVENT_HDR_SIZE + hdr->plen;
+ } else {
+ BT_ERR("%s event block is too short", data->hdev->name);
+ return -EILSEQ;
+ }
+ break;
+
+ case HCI_ACLDATA_PKT:
+ if (len >= HCI_ACL_HDR_SIZE) {
+ struct hci_acl_hdr *hdr = (struct hci_acl_hdr *) buf;
+ pkt_len = HCI_ACL_HDR_SIZE + __le16_to_cpu(hdr->dlen);
+ } else {
+ BT_ERR("%s data block is too short", data->hdev->name);
+ return -EILSEQ;
+ }
+ break;
+
+ case HCI_SCODATA_PKT:
+ if (len >= HCI_SCO_HDR_SIZE) {
+ struct hci_sco_hdr *hdr = (struct hci_sco_hdr *) buf;
+ pkt_len = HCI_SCO_HDR_SIZE + hdr->dlen;
+ } else {
+ BT_ERR("%s audio block is too short", data->hdev->name);
+ return -EILSEQ;
+ }
+ break;
+ }
+
+ skb = bt_skb_alloc(pkt_len, GFP_ATOMIC);
+ if (!skb) {
+ BT_ERR("%s no memory for the packet", data->hdev->name);
+ return -ENOMEM;
+ }
+
+ bt_cb(skb)->pkt_type = pkt_type;
+
+ data->reassembly = skb;
+ } else {
+ if (!data->reassembly) {
+ BT_ERR("%s unexpected continuation block", data->hdev->name);
+ return -EIO;
+ }
+ }
+
+ if (len > 0)
+ memcpy(skb_put(data->reassembly, len), buf, len);
+
+ if (hdr & 0x08) {
+ hci_recv_frame(data->hdev, data->reassembly);
+ data->reassembly = NULL;
+ }
+
+ return 0;
+}
+
+static void bfusb_rx_complete(struct urb *urb)
+{
+ struct sk_buff *skb = (struct sk_buff *) urb->context;
+ struct bfusb_data *data = (struct bfusb_data *) skb->dev;
+ unsigned char *buf = urb->transfer_buffer;
+ int count = urb->actual_length;
+ int err, hdr, len;
+
+ BT_DBG("bfusb %p urb %p skb %p len %d", data, urb, skb, skb->len);
+
+ read_lock(&data->lock);
+
+ if (!test_bit(HCI_RUNNING, &data->hdev->flags))
+ goto unlock;
+
+ if (urb->status || !count)
+ goto resubmit;
+
+ data->hdev->stat.byte_rx += count;
+
+ skb_put(skb, count);
+
+ while (count) {
+ hdr = buf[0] | (buf[1] << 8);
+
+ if (hdr & 0x4000) {
+ len = 0;
+ count -= 2;
+ buf += 2;
+ } else {
+ len = (buf[2] == 0) ? 256 : buf[2];
+ count -= 3;
+ buf += 3;
+ }
+
+ if (count < len) {
+ BT_ERR("%s block extends over URB buffer ranges",
+ data->hdev->name);
+ }
+
+ if ((hdr & 0xe1) == 0xc1)
+ bfusb_recv_block(data, hdr, buf, len);
+
+ count -= len;
+ buf += len;
+ }
+
+ skb_unlink(skb, &data->pending_q);
+ kfree_skb(skb);
+
+ bfusb_rx_submit(data, urb);
+
+ read_unlock(&data->lock);
+
+ return;
+
+resubmit:
+ urb->dev = data->udev;
+
+ err = usb_submit_urb(urb, GFP_ATOMIC);
+ if (err) {
+ BT_ERR("%s bulk resubmit failed urb %p err %d",
+ data->hdev->name, urb, err);
+ }
+
+unlock:
+ read_unlock(&data->lock);
+}
+
+static int bfusb_open(struct hci_dev *hdev)
+{
+ struct bfusb_data *data = hci_get_drvdata(hdev);
+ unsigned long flags;
+ int i, err;
+
+ BT_DBG("hdev %p bfusb %p", hdev, data);
+
+ if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
+ return 0;
+
+ write_lock_irqsave(&data->lock, flags);
+
+ err = bfusb_rx_submit(data, NULL);
+ if (!err) {
+ for (i = 1; i < BFUSB_MAX_BULK_RX; i++)
+ bfusb_rx_submit(data, NULL);
+ } else {
+ clear_bit(HCI_RUNNING, &hdev->flags);
+ }
+
+ write_unlock_irqrestore(&data->lock, flags);
+
+ return err;
+}
+
+static int bfusb_flush(struct hci_dev *hdev)
+{
+ struct bfusb_data *data = hci_get_drvdata(hdev);
+
+ BT_DBG("hdev %p bfusb %p", hdev, data);
+
+ skb_queue_purge(&data->transmit_q);
+
+ return 0;
+}
+
+static int bfusb_close(struct hci_dev *hdev)
+{
+ struct bfusb_data *data = hci_get_drvdata(hdev);
+ unsigned long flags;
+
+ BT_DBG("hdev %p bfusb %p", hdev, data);
+
+ if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
+ return 0;
+
+ write_lock_irqsave(&data->lock, flags);
+ write_unlock_irqrestore(&data->lock, flags);
+
+ bfusb_unlink_urbs(data);
+ bfusb_flush(hdev);
+
+ return 0;
+}
+
+static int bfusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
+{
+ struct bfusb_data *data = hci_get_drvdata(hdev);
+ struct sk_buff *nskb;
+ unsigned char buf[3];
+ int sent = 0, size, count;
+
+ BT_DBG("hdev %p skb %p type %d len %d", hdev, skb, bt_cb(skb)->pkt_type, skb->len);
+
+ if (!test_bit(HCI_RUNNING, &hdev->flags))
+ return -EBUSY;
+
+ switch (bt_cb(skb)->pkt_type) {
+ case HCI_COMMAND_PKT:
+ hdev->stat.cmd_tx++;
+ break;
+ case HCI_ACLDATA_PKT:
+ hdev->stat.acl_tx++;
+ break;
+ case HCI_SCODATA_PKT:
+ hdev->stat.sco_tx++;
+ break;
+ };
+
+ /* Prepend skb with frame type */
+ memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1);
+
+ count = skb->len;
+
+ /* Max HCI frame size seems to be 1511 + 1 */
+ nskb = bt_skb_alloc(count + 32, GFP_ATOMIC);
+ if (!nskb) {
+ BT_ERR("Can't allocate memory for new packet");
+ return -ENOMEM;
+ }
+
+ nskb->dev = (void *) data;
+
+ while (count) {
+ size = min_t(uint, count, BFUSB_MAX_BLOCK_SIZE);
+
+ buf[0] = 0xc1 | ((sent == 0) ? 0x04 : 0) | ((count == size) ? 0x08 : 0);
+ buf[1] = 0x00;
+ buf[2] = (size == BFUSB_MAX_BLOCK_SIZE) ? 0 : size;
+
+ memcpy(skb_put(nskb, 3), buf, 3);
+ skb_copy_from_linear_data_offset(skb, sent, skb_put(nskb, size), size);
+
+ sent += size;
+ count -= size;
+ }
+
+ /* Don't send frame with multiple size of bulk max packet */
+ if ((nskb->len % data->bulk_pkt_size) == 0) {
+ buf[0] = 0xdd;
+ buf[1] = 0x00;
+ memcpy(skb_put(nskb, 2), buf, 2);
+ }
+
+ read_lock(&data->lock);
+
+ skb_queue_tail(&data->transmit_q, nskb);
+ bfusb_tx_wakeup(data);
+
+ read_unlock(&data->lock);
+
+ kfree_skb(skb);
+
+ return 0;
+}
+
+static int bfusb_load_firmware(struct bfusb_data *data,
+ const unsigned char *firmware, int count)
+{
+ unsigned char *buf;
+ int err, pipe, len, size, sent = 0;
+
+ BT_DBG("bfusb %p udev %p", data, data->udev);
+
+ BT_INFO("BlueFRITZ! USB loading firmware");
+
+ buf = kmalloc(BFUSB_MAX_BLOCK_SIZE + 3, GFP_KERNEL);
+ if (!buf) {
+ BT_ERR("Can't allocate memory chunk for firmware");
+ return -ENOMEM;
+ }
+
+ pipe = usb_sndctrlpipe(data->udev, 0);
+
+ if (usb_control_msg(data->udev, pipe, USB_REQ_SET_CONFIGURATION,
+ 0, 1, 0, NULL, 0, USB_CTRL_SET_TIMEOUT) < 0) {
+ BT_ERR("Can't change to loading configuration");
+ kfree(buf);
+ return -EBUSY;
+ }
+
+ data->udev->toggle[0] = data->udev->toggle[1] = 0;
+
+ pipe = usb_sndbulkpipe(data->udev, data->bulk_out_ep);
+
+ while (count) {
+ size = min_t(uint, count, BFUSB_MAX_BLOCK_SIZE + 3);
+
+ memcpy(buf, firmware + sent, size);
+
+ err = usb_bulk_msg(data->udev, pipe, buf, size,
+ &len, BFUSB_BLOCK_TIMEOUT);
+
+ if (err || (len != size)) {
+ BT_ERR("Error in firmware loading");
+ goto error;
+ }
+
+ sent += size;
+ count -= size;
+ }
+
+ err = usb_bulk_msg(data->udev, pipe, NULL, 0,
+ &len, BFUSB_BLOCK_TIMEOUT);
+ if (err < 0) {
+ BT_ERR("Error in null packet request");
+ goto error;
+ }
+
+ pipe = usb_sndctrlpipe(data->udev, 0);
+
+ err = usb_control_msg(data->udev, pipe, USB_REQ_SET_CONFIGURATION,
+ 0, 2, 0, NULL, 0, USB_CTRL_SET_TIMEOUT);
+ if (err < 0) {
+ BT_ERR("Can't change to running configuration");
+ goto error;
+ }
+
+ data->udev->toggle[0] = data->udev->toggle[1] = 0;
+
+ BT_INFO("BlueFRITZ! USB device ready");
+
+ kfree(buf);
+ return 0;
+
+error:
+ kfree(buf);
+
+ pipe = usb_sndctrlpipe(data->udev, 0);
+
+ usb_control_msg(data->udev, pipe, USB_REQ_SET_CONFIGURATION,
+ 0, 0, 0, NULL, 0, USB_CTRL_SET_TIMEOUT);
+
+ return err;
+}
+
+static int bfusb_probe(struct usb_interface *intf, const struct usb_device_id *id)
+{
+ const struct firmware *firmware;
+ struct usb_device *udev = interface_to_usbdev(intf);
+ struct usb_host_endpoint *bulk_out_ep;
+ struct usb_host_endpoint *bulk_in_ep;
+ struct hci_dev *hdev;
+ struct bfusb_data *data;
+
+ BT_DBG("intf %p id %p", intf, id);
+
+ /* Check number of endpoints */
+ if (intf->cur_altsetting->desc.bNumEndpoints < 2)
+ return -EIO;
+
+ bulk_out_ep = &intf->cur_altsetting->endpoint[0];
+ bulk_in_ep = &intf->cur_altsetting->endpoint[1];
+
+ if (!bulk_out_ep || !bulk_in_ep) {
+ BT_ERR("Bulk endpoints not found");
+ goto done;
+ }
+
+ /* Initialize control structure and load firmware */
+ data = devm_kzalloc(&intf->dev, sizeof(struct bfusb_data), GFP_KERNEL);
+ if (!data) {
+ BT_ERR("Can't allocate memory for control structure");
+ goto done;
+ }
+
+ data->udev = udev;
+ data->bulk_in_ep = bulk_in_ep->desc.bEndpointAddress;
+ data->bulk_out_ep = bulk_out_ep->desc.bEndpointAddress;
+ data->bulk_pkt_size = le16_to_cpu(bulk_out_ep->desc.wMaxPacketSize);
+
+ rwlock_init(&data->lock);
+
+ data->reassembly = NULL;
+
+ skb_queue_head_init(&data->transmit_q);
+ skb_queue_head_init(&data->pending_q);
+ skb_queue_head_init(&data->completed_q);
+
+ if (reject_firmware(&firmware, "/*(DEBLOBBED)*/", &udev->dev) < 0) {
+ BT_ERR("Firmware request failed");
+ goto done;
+ }
+
+ BT_DBG("firmware data %p size %zu", firmware->data, firmware->size);
+
+ if (bfusb_load_firmware(data, firmware->data, firmware->size) < 0) {
+ BT_ERR("Firmware loading failed");
+ goto release;
+ }
+
+ release_firmware(firmware);
+
+ /* Initialize and register HCI device */
+ hdev = hci_alloc_dev();
+ if (!hdev) {
+ BT_ERR("Can't allocate HCI device");
+ goto done;
+ }
+
+ data->hdev = hdev;
+
+ hdev->bus = HCI_USB;
+ hci_set_drvdata(hdev, data);
+ SET_HCIDEV_DEV(hdev, &intf->dev);
+
+ hdev->open = bfusb_open;
+ hdev->close = bfusb_close;
+ hdev->flush = bfusb_flush;
+ hdev->send = bfusb_send_frame;
+
+ set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks);
+
+ if (hci_register_dev(hdev) < 0) {
+ BT_ERR("Can't register HCI device");
+ hci_free_dev(hdev);
+ goto done;
+ }
+
+ usb_set_intfdata(intf, data);
+
+ return 0;
+
+release:
+ release_firmware(firmware);
+
+done:
+ return -EIO;
+}
+
+static void bfusb_disconnect(struct usb_interface *intf)
+{
+ struct bfusb_data *data = usb_get_intfdata(intf);
+ struct hci_dev *hdev = data->hdev;
+
+ BT_DBG("intf %p", intf);
+
+ if (!hdev)
+ return;
+
+ usb_set_intfdata(intf, NULL);
+
+ bfusb_close(hdev);
+
+ hci_unregister_dev(hdev);
+ hci_free_dev(hdev);
+}
+
+static struct usb_driver bfusb_driver = {
+ .name = "bfusb",
+ .probe = bfusb_probe,
+ .disconnect = bfusb_disconnect,
+ .id_table = bfusb_table,
+ .disable_hub_initiated_lpm = 1,
+};
+
+module_usb_driver(bfusb_driver);
+
+MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
+MODULE_DESCRIPTION("BlueFRITZ! USB driver ver " VERSION);
+MODULE_VERSION(VERSION);
+MODULE_LICENSE("GPL");
+/*(DEBLOBBED)*/