3 * Realtek Bluetooth USB driver
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/kernel.h>
23 #include <linux/module.h>
24 #include <linux/init.h>
25 #include <linux/slab.h>
26 #include <linux/types.h>
27 #include <linux/sched.h>
28 #include <linux/errno.h>
29 #include <linux/skbuff.h>
30 #include <linux/usb.h>
32 /*******************************/
33 #include "rtk_btusb.h"
34 #define VERSION "2.19"
38 #define RTKBT_DBG(fmt, arg...) printk(KERN_INFO "rtk_btusb: " fmt "\n" , ## arg)
40 #define RTKBT_DBG(fmt, arg...)
42 #define RTKBT_INFO(fmt, arg...) printk(KERN_INFO "rtk_btusb: " fmt "\n" , ## arg)
43 #define RTKBT_WARN(fmt, arg...) printk(KERN_WARNING "rtk_btusb: " fmt "\n" , ## arg)
44 #define RTKBT_ERR(fmt, arg...) printk(KERN_ERR "rtk_btusb: " fmt "\n" , ## arg)
46 /*******************************
48 ********************************/
49 #define CMD_CMP_EVT 0x0e
52 #define PATCH_SEG_MAX 252
54 #define DOWNLOAD_OPCODE 0xfc20
55 #define BTOFF_OPCODE 0xfc28
58 #define CMD_HDR_LEN sizeof(struct hci_command_hdr)
59 #define EVT_HDR_LEN sizeof(struct hci_event_hdr)
60 #define CMD_CMP_LEN sizeof(struct hci_ev_cmd_complete)
71 uint16_t lmp_sub_default;
82 struct usb_interface *intf;
83 struct usb_device *udev;
84 patch_info *patch_entry;
85 int pipe_in, pipe_out;
88 struct hci_command_hdr *cmd_hdr;
89 struct hci_event_hdr *evt_hdr;
90 struct hci_ev_cmd_complete *cmd_cmp;
91 uint8_t *req_para, *rsp_para;
99 uint8_t data[PATCH_SEG_MAX];
100 } __attribute__((packed)) download_cp;
105 } __attribute__((packed)) download_rp;
107 static patch_info fw_patch_table[] = {
108 /* { pid, lmp_sub_default, lmp_sub, everion, mp_fw_name, fw_name, config_name, fw_cache, fw_len } */
109 { 0x1724, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* RTL8723A */
110 { 0x8723, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* 8723AE */
111 { 0xA723, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* 8723AE for LI */
112 { 0x0723, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* 8723AE */
113 { 0x3394, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* 8723AE for Azurewave*/
115 { 0x0724, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* 8723AU */
116 { 0x8725, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* 8723AU */
117 { 0x872A, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* 8723AU */
118 { 0x872B, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* 8723AU */
120 { 0xb720, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723bu_config", NULL, 0 }, /* RTL8723BU */
121 { 0xb72A, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723bu_config", NULL, 0 }, /* RTL8723BU */
122 { 0xb728, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE for LC */
123 { 0xb723, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE */
124 { 0xb72B, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE */
125 { 0xb001, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE for HP */
126 { 0xb002, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE */
127 { 0xb003, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE */
128 { 0xb004, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE */
129 { 0xb005, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE */
131 { 0x3410, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE for Azurewave */
132 { 0x3416, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE for Azurewave */
133 { 0x3459, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE for Azurewave */
134 { 0xE085, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE for Foxconn */
135 { 0xE08B, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE for Foxconn */
137 { 0xA761, 0x8761, 0, 0, "mp_rtl8761a_fw", "rtl8761au_fw", "rtl8761a_config", NULL, 0 }, /* RTL8761AU only */
138 { 0x818B, 0x8761, 0, 0, "mp_rtl8761a_fw", "rtl8761aw8192eu_fw", "rtl8761aw8192eu_config", NULL, 0 }, /* RTL8761AW + 8192EU */
139 { 0x818C, 0x8761, 0, 0, "mp_rtl8761a_fw", "rtl8761aw8192eu_fw", "rtl8761aw8192eu_config", NULL, 0 }, /* RTL8761AW + 8192EU */
140 { 0x8760, 0x8761, 0, 0, "mp_rtl8761a_fw", "rtl8761au8192ee_fw", "rtl8761a_config", NULL, 0 }, /* RTL8761AU + 8192EE */
141 { 0xB761, 0x8761, 0, 0, "mp_rtl8761a_fw", "rtl8761au8192ee_fw", "rtl8761a_config", NULL, 0 }, /* RTL8761AU + 8192EE */
142 { 0x8761, 0x8761, 0, 0, "mp_rtl8761a_fw", "rtl8761au8192ee_fw", "rtl8761a_config", NULL, 0 }, /* RTL8761AU + 8192EE for LI */
143 { 0x8A60, 0x8761, 0, 0, "mp_rtl8761a_fw", "rtl8761au8812ae_fw", "rtl8761a_config", NULL, 0 }, /* RTL8761AU + 8812AE */
145 { 0x8821, 0x8821, 0, 0, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", NULL, 0 }, /* RTL8821AE */
146 { 0x0821, 0x8821, 0, 0, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", NULL, 0 }, /* RTL8821AE */
147 { 0x0823, 0x8821, 0, 0, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", NULL, 0 }, /* RTL8821AU */
148 { 0x3414, 0x8821, 0, 0, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", NULL, 0 }, /* RTL8821AE */
149 { 0x3458, 0x8821, 0, 0, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", NULL, 0 }, /* RTL8821AE */
150 { 0x3461, 0x8821, 0, 0, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", NULL, 0 }, /* RTL8821AE */
151 { 0x3462, 0x8821, 0, 0, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", NULL, 0 }, /* RTL8821AE */
153 /* NOTE: must append patch entries above the null entry */
154 { 0, 0, 0, 0, NULL, NULL, NULL, NULL, 0 }
158 struct hci_dev *hdev;
159 struct usb_device *udev;
160 struct usb_interface *intf;
161 struct usb_interface *isoc;
167 struct work_struct work;
168 struct work_struct waker;
170 struct usb_anchor tx_anchor;
171 struct usb_anchor intr_anchor;
172 struct usb_anchor bulk_anchor;
173 struct usb_anchor isoc_anchor;
174 struct usb_anchor deferred;
178 struct usb_endpoint_descriptor *intr_ep;
179 struct usb_endpoint_descriptor *bulk_tx_ep;
180 struct usb_endpoint_descriptor *bulk_rx_ep;
181 struct usb_endpoint_descriptor *isoc_tx_ep;
182 struct usb_endpoint_descriptor *isoc_rx_ep;
186 unsigned int sco_num;
189 //#ifdef CONFIG_HAS_EARLYSUSPEND
191 struct early_suspend early_suspend;
193 struct notifier_block pm_notifier;
195 firmware_info *fw_info;
197 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 7, 1)
198 static bool reset_on_close = 0;
201 static void rtk_free( struct btusb_data *data)
203 #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 7, 1)
209 static struct btusb_data *rtk_alloc(struct usb_interface *intf)
211 struct btusb_data *data;
212 #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 7, 1)
213 data = kzalloc(sizeof(*data), GFP_KERNEL);
215 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
220 static void print_acl(struct sk_buff *skb, int direction)
223 uint wlength = skb->len;
224 u16 *handle = (u16 *)(skb->data);
225 u16 len = *(handle+1);
226 u8 *acl_data = (u8 *)(skb->data);
228 RTK_INFO("%s: direction %d, handle %04x, len %d",
229 __func__, direction, *handle, len);
233 static void print_sco(struct sk_buff *skb, int direction)
236 uint wlength = skb->len;
237 u16 *handle = (u16 *)(skb->data);
238 u8 len = *(u8 *)(handle+1);
239 u8 *sco_data =(u8 *)(skb->data);
241 RTKBT_INFO("%s: direction %d, handle %04x, len %d",
242 __func__, direction, *handle, len);
246 static void print_error_command(struct sk_buff *skb)
248 uint wlength = skb->len;
250 u16 *opcode = (u16*)(skb->data);
251 u8 *cmd_data = (u8*)(skb->data);
252 u8 len = *(cmd_data+2);
256 printk("HCI_OP_INQUIRY");
258 case HCI_OP_INQUIRY_CANCEL:
259 printk("HCI_OP_INQUIRY_CANCEL");
261 case HCI_OP_EXIT_PERIODIC_INQ:
262 printk("HCI_OP_EXIT_PERIODIC_INQ");
264 case HCI_OP_CREATE_CONN:
265 printk("HCI_OP_CREATE_CONN");
267 case HCI_OP_DISCONNECT:
268 printk("HCI_OP_DISCONNECT");
270 case HCI_OP_CREATE_CONN_CANCEL:
271 printk("HCI_OP_CREATE_CONN_CANCEL");
273 case HCI_OP_ACCEPT_CONN_REQ:
274 printk("HCI_OP_ACCEPT_CONN_REQ");
276 case HCI_OP_REJECT_CONN_REQ:
277 printk("HCI_OP_REJECT_CONN_REQ");
279 case HCI_OP_AUTH_REQUESTED:
280 printk("HCI_OP_AUTH_REQUESTED");
282 case HCI_OP_SET_CONN_ENCRYPT:
283 printk("HCI_OP_SET_CONN_ENCRYPT");
285 case HCI_OP_REMOTE_NAME_REQ:
286 printk("HCI_OP_REMOTE_NAME_REQ");
288 case HCI_OP_READ_REMOTE_FEATURES:
289 printk("HCI_OP_READ_REMOTE_FEATURES");
291 case HCI_OP_SNIFF_MODE:
292 printk("HCI_OP_SNIFF_MODE");
294 case HCI_OP_EXIT_SNIFF_MODE:
295 printk("HCI_OP_EXIT_SNIFF_MODE");
297 case HCI_OP_SWITCH_ROLE:
298 printk("HCI_OP_SWITCH_ROLE");
300 case HCI_OP_SNIFF_SUBRATE:
301 printk("HCI_OP_SNIFF_SUBRATE");
304 printk("HCI_OP_RESET");
310 printk(":%04x,len:%d,", *opcode,len);
311 for (icount = 3; (icount < wlength) && (icount < 24); icount++)
312 printk("%02x ", *(cmd_data+icount));
316 static void print_command(struct sk_buff *skb)
319 print_error_command(skb);
324 /* Global parameters for bt usb char driver */
325 #define BT_CHAR_DEVICE_NAME "rtk_btusb"
326 struct mutex btchr_mutex;
327 static struct sk_buff_head btchr_readq;
328 static wait_queue_head_t btchr_read_wait;
329 static int bt_char_dev_registered;
330 static dev_t bt_devid; /* bt char device number */
331 static struct cdev bt_char_dev; /* bt character device structure */
332 static struct class *bt_char_class; /* device class for usb char driver */
333 static int bt_reset = 0;
334 /* HCI device & lock */
335 DEFINE_RWLOCK(hci_dev_lock);
336 struct hci_dev *ghdev = NULL;
338 static void print_event(struct sk_buff *skb)
341 uint wlength = skb->len;
343 u8 *opcode = (u8*)(skb->data);
344 u8 len = *(opcode+1);
347 case HCI_EV_INQUIRY_COMPLETE:
348 printk("HCI_EV_INQUIRY_COMPLETE");
350 case HCI_EV_INQUIRY_RESULT:
351 printk("HCI_EV_INQUIRY_RESULT");
353 case HCI_EV_CONN_COMPLETE:
354 printk("HCI_EV_CONN_COMPLETE");
356 case HCI_EV_CONN_REQUEST:
357 printk("HCI_EV_CONN_REQUEST");
359 case HCI_EV_DISCONN_COMPLETE:
360 printk("HCI_EV_DISCONN_COMPLETE");
362 case HCI_EV_AUTH_COMPLETE:
363 printk("HCI_EV_AUTH_COMPLETE");
365 case HCI_EV_REMOTE_NAME:
366 printk("HCI_EV_REMOTE_NAME");
368 case HCI_EV_ENCRYPT_CHANGE:
369 printk("HCI_EV_ENCRYPT_CHANGE");
371 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
372 printk("HCI_EV_CHANGE_LINK_KEY_COMPLETE");
374 case HCI_EV_REMOTE_FEATURES:
375 printk("HCI_EV_REMOTE_FEATURES");
377 case HCI_EV_REMOTE_VERSION:
378 printk("HCI_EV_REMOTE_VERSION");
380 case HCI_EV_QOS_SETUP_COMPLETE:
381 printk("HCI_EV_QOS_SETUP_COMPLETE");
383 case HCI_EV_CMD_COMPLETE:
384 printk("HCI_EV_CMD_COMPLETE");
386 case HCI_EV_CMD_STATUS:
387 printk("HCI_EV_CMD_STATUS");
389 case HCI_EV_ROLE_CHANGE:
390 printk("HCI_EV_ROLE_CHANGE");
392 case HCI_EV_NUM_COMP_PKTS:
393 printk("HCI_EV_NUM_COMP_PKTS");
395 case HCI_EV_MODE_CHANGE:
396 printk("HCI_EV_MODE_CHANGE");
398 case HCI_EV_PIN_CODE_REQ:
399 printk("HCI_EV_PIN_CODE_REQ");
401 case HCI_EV_LINK_KEY_REQ:
402 printk("HCI_EV_LINK_KEY_REQ");
404 case HCI_EV_LINK_KEY_NOTIFY:
405 printk("HCI_EV_LINK_KEY_NOTIFY");
407 case HCI_EV_CLOCK_OFFSET:
408 printk("HCI_EV_CLOCK_OFFSET");
410 case HCI_EV_PKT_TYPE_CHANGE:
411 printk("HCI_EV_PKT_TYPE_CHANGE");
413 case HCI_EV_PSCAN_REP_MODE:
414 printk("HCI_EV_PSCAN_REP_MODE");
416 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
417 printk("HCI_EV_INQUIRY_RESULT_WITH_RSSI");
419 case HCI_EV_REMOTE_EXT_FEATURES:
420 printk("HCI_EV_REMOTE_EXT_FEATURES");
422 case HCI_EV_SYNC_CONN_COMPLETE:
423 printk("HCI_EV_SYNC_CONN_COMPLETE");
425 case HCI_EV_SYNC_CONN_CHANGED:
426 printk("HCI_EV_SYNC_CONN_CHANGED");
428 case HCI_EV_SNIFF_SUBRATE:
429 printk("HCI_EV_SNIFF_SUBRATE");
431 case HCI_EV_EXTENDED_INQUIRY_RESULT:
432 printk("HCI_EV_EXTENDED_INQUIRY_RESULT");
434 case HCI_EV_IO_CAPA_REQUEST:
435 printk("HCI_EV_IO_CAPA_REQUEST");
437 case HCI_EV_SIMPLE_PAIR_COMPLETE:
438 printk("HCI_EV_SIMPLE_PAIR_COMPLETE");
440 case HCI_EV_REMOTE_HOST_FEATURES:
441 printk("HCI_EV_REMOTE_HOST_FEATURES");
447 printk(":%02x,len:%d,", *opcode,len);
448 for (icount = 2; (icount < wlength) && (icount < 24); icount++)
449 printk("%02x ", *(opcode+icount));
454 static inline ssize_t usb_put_user(struct sk_buff *skb,
455 char __user *buf, int count)
457 char __user *ptr = buf;
458 int len = min_t(unsigned int, skb->len, count);
460 if (copy_to_user(ptr, skb->data, len))
466 static struct sk_buff *rtk_skb_queue[QUEUE_SIZE];
467 static int rtk_skb_queue_front = -1;
468 static int rtk_skb_queue_rear = -1;
470 static void rtk_enqueue(struct sk_buff *skb)
472 if (rtk_skb_queue_front == (rtk_skb_queue_rear + 1) % QUEUE_SIZE) {
474 * If queue is full, current solution is to drop
475 * the following entries.
477 RTKBT_WARN("%s: Queue is full, entry will be dropped", __func__);
479 if (rtk_skb_queue_front == -1) {
480 rtk_skb_queue_front = 0;
481 rtk_skb_queue_rear = 0;
483 rtk_skb_queue_rear++;
484 rtk_skb_queue_rear %= QUEUE_SIZE;
487 rtk_skb_queue[rtk_skb_queue_rear] = skb;
491 static struct sk_buff *rtk_dequeue_try(unsigned int deq_len)
494 struct sk_buff *skb_copy;
496 if (rtk_skb_queue_front == -1) {
497 RTKBT_WARN("%s: Queue is empty", __func__);
501 skb = rtk_skb_queue[rtk_skb_queue_front];
502 if (deq_len >= skb->len) {
503 if (rtk_skb_queue_front == rtk_skb_queue_rear) {
504 rtk_skb_queue_front = -1;
505 rtk_skb_queue_rear = -1;
507 rtk_skb_queue_front++;
508 rtk_skb_queue_front %= QUEUE_SIZE;
511 * Return skb addr to be dequeued, and the caller
512 * should free the skb eventually.
516 skb_copy = pskb_copy(skb, GFP_ATOMIC);
517 skb_pull(skb, deq_len);
518 /* Return its copy to be freed */
523 static inline int is_queue_empty(void)
525 return (rtk_skb_queue_front == -1) ? 1 : 0;
529 * Realtek - Integrate from hci_core.c
532 /* Get HCI device by index.
533 * Device is held on return. */
534 static struct hci_dev *hci_dev_get(int index)
542 /* ---- HCI ioctl helpers ---- */
543 static int hci_dev_open(__u16 dev)
545 struct hci_dev *hdev;
548 RTKBT_DBG("%s: dev %d", __func__, dev);
550 hdev = hci_dev_get(dev);
552 RTKBT_ERR("%s: Failed to get hci dev[Null]", __func__);
556 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
561 if (test_bit(HCI_UP, &hdev->flags)) {
566 if (hdev->open(hdev)) {
571 set_bit(HCI_UP, &hdev->flags);
576 static int hci_dev_do_close(struct hci_dev *hdev)
580 /* After this point our queues are empty
581 * and no tasks are scheduled. */
588 static int hci_dev_close(__u16 dev)
590 struct hci_dev *hdev;
592 hdev = hci_dev_get(dev);
594 RTKBT_ERR("%s: failed to get hci dev[Null]", __func__);
598 err = hci_dev_do_close(hdev);
603 static struct hci_dev *hci_alloc_dev(void)
605 struct hci_dev *hdev;
607 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
614 /* Free HCI device */
615 static void hci_free_dev(struct hci_dev *hdev)
620 /* Register HCI device */
621 static int hci_register_dev(struct hci_dev *hdev)
625 RTKBT_DBG("%s: %p name %s bus %d", __func__, hdev, hdev->name, hdev->bus);
626 /* Do not allow HCI_AMP devices to register at index 0,
627 * so the index can be used as the AMP controller ID.
629 id = (hdev->dev_type == HCI_BREDR) ? 0 : 1;
631 write_lock(&hci_dev_lock);
633 sprintf(hdev->name, "hci%d", id);
637 mutex_init(&hdev->lock);
639 RTKBT_DBG("%s: id %d, name %s", __func__, hdev->id, hdev->name);
642 for (i = 0; i < NUM_REASSEMBLY; i++)
643 hdev->reassembly[i] = NULL;
645 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
646 atomic_set(&hdev->promisc, 0);
649 RTKBT_ERR("%s: Hci device has been registered already", __func__);
654 write_unlock(&hci_dev_lock);
659 /* Unregister HCI device */
660 static void hci_unregister_dev(struct hci_dev *hdev)
664 RTKBT_DBG("%s: hdev %p name %s bus %d", __func__, hdev, hdev->name, hdev->bus);
665 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
667 write_lock(&hci_dev_lock);
669 write_unlock(&hci_dev_lock);
671 hci_dev_do_close(hdev);
672 for (i = 0; i < NUM_REASSEMBLY; i++)
673 kfree_skb(hdev->reassembly[i]);
676 static void hci_send_to_stack(struct hci_dev *hdev, struct sk_buff *skb)
678 struct sk_buff *rtk_skb_copy = NULL;
680 RTKBT_DBG("%s", __func__);
683 RTKBT_ERR("%s: Frame for unknown HCI device", __func__);
687 if (!test_bit(HCI_RUNNING, &hdev->flags)) {
688 RTKBT_ERR("%s: HCI not running", __func__);
692 rtk_skb_copy = pskb_copy(skb, GFP_ATOMIC);
694 RTKBT_ERR("%s: Copy skb error", __func__);
698 memcpy(skb_push(rtk_skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
699 rtk_enqueue(rtk_skb_copy);
701 /* Make sure bt char device existing before wakeup read queue */
702 hdev = hci_dev_get(0);
704 RTKBT_DBG("%s: Try to wakeup read queue", __func__);
705 wake_up_interruptible(&btchr_read_wait);
711 /* Receive frame from HCI drivers */
712 static int hci_recv_frame(struct sk_buff *skb)
714 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
717 (!test_bit(HCI_UP, &hdev->flags) && !test_bit(HCI_INIT, &hdev->flags))) {
723 bt_cb(skb)->incoming = 1;
726 __net_timestamp(skb);
728 if (atomic_read(&hdev->promisc)) {
729 /* Send copy to the sockets */
730 hci_send_to_stack(hdev, skb);
736 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
737 int count, __u8 index)
743 struct bt_skb_cb *scb;
745 RTKBT_DBG("%s", __func__);
747 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
748 index >= NUM_REASSEMBLY)
751 skb = hdev->reassembly[index];
755 case HCI_ACLDATA_PKT:
756 len = HCI_MAX_FRAME_SIZE;
757 hlen = HCI_ACL_HDR_SIZE;
760 len = HCI_MAX_EVENT_SIZE;
761 hlen = HCI_EVENT_HDR_SIZE;
763 case HCI_SCODATA_PKT:
764 len = HCI_MAX_SCO_SIZE;
765 hlen = HCI_SCO_HDR_SIZE;
769 skb = bt_skb_alloc(len, GFP_ATOMIC);
773 scb = (void *) skb->cb;
775 scb->pkt_type = type;
777 skb->dev = (void *) hdev;
778 hdev->reassembly[index] = skb;
782 scb = (void *) skb->cb;
783 len = min_t(uint, scb->expect, count);
785 memcpy(skb_put(skb, len), data, len);
794 if (skb->len == HCI_EVENT_HDR_SIZE) {
795 struct hci_event_hdr *h = hci_event_hdr(skb);
796 scb->expect = h->plen;
798 if (skb_tailroom(skb) < scb->expect) {
800 hdev->reassembly[index] = NULL;
806 case HCI_ACLDATA_PKT:
807 if (skb->len == HCI_ACL_HDR_SIZE) {
808 struct hci_acl_hdr *h = hci_acl_hdr(skb);
809 scb->expect = __le16_to_cpu(h->dlen);
811 if (skb_tailroom(skb) < scb->expect) {
813 hdev->reassembly[index] = NULL;
819 case HCI_SCODATA_PKT:
820 if (skb->len == HCI_SCO_HDR_SIZE) {
821 struct hci_sco_hdr *h = hci_sco_hdr(skb);
822 scb->expect = h->dlen;
824 if (skb_tailroom(skb) < scb->expect) {
826 hdev->reassembly[index] = NULL;
833 if (scb->expect == 0) {
835 if(HCI_ACLDATA_PKT == type)
837 if(HCI_SCODATA_PKT == type)
839 if(HCI_EVENT_PKT == type)
842 bt_cb(skb)->pkt_type = type;
845 hdev->reassembly[index] = NULL;
853 static int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
857 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
861 rem = hci_reassembly(hdev, type, data, count, type - 1);
865 data += (count - rem);
872 void hci_hardware_error(void)
874 struct sk_buff *rtk_skb_copy = NULL;
876 uint8_t hardware_err_pkt[3] = {HCI_EVENT_PKT, 0x10, 0x00};
878 rtk_skb_copy = alloc_skb(len, GFP_ATOMIC);
880 RTKBT_ERR("%s: Failed to allocate mem", __func__);
884 memcpy(skb_put(rtk_skb_copy, len), hardware_err_pkt, len);
885 rtk_enqueue(rtk_skb_copy);
887 wake_up_interruptible(&btchr_read_wait);
890 static int btchr_open(struct inode *inode_p, struct file *file_p)
892 struct btusb_data *data;
893 struct hci_dev *hdev;
895 RTKBT_INFO("%s: BT usb char device is opening", __func__);
896 /* Not open unless wanna tracing log */
897 /* trace_printk("%s: open....\n", __func__); */
899 hdev = hci_dev_get(0);
901 RTKBT_ERR("%s: Failed to get hci dev[NULL]", __func__);
904 data = GET_DRV_DATA(hdev);
906 atomic_inc(&hdev->promisc);
908 * As bt device is not re-opened when hotplugged out, we cannot
909 * trust on file's private data(may be null) when other file ops
912 file_p->private_data = data;
914 mutex_lock(&btchr_mutex);
916 mutex_unlock(&btchr_mutex);
918 return nonseekable_open(inode_p, file_p);
921 static int btchr_close(struct inode *inode_p, struct file *file_p)
923 struct btusb_data *data;
924 struct hci_dev *hdev;
926 RTKBT_INFO("%s: BT usb char device is closing", __func__);
927 /* Not open unless wanna tracing log */
928 /* trace_printk("%s: close....\n", __func__); */
930 data = file_p->private_data;
931 file_p->private_data = NULL;
935 * If the upper layer closes bt char interfaces, no reset
936 * action required even bt device hotplugged out.
941 hdev = hci_dev_get(0);
943 atomic_set(&hdev->promisc, 0);
944 mutex_lock(&btchr_mutex);
946 mutex_unlock(&btchr_mutex);
952 static ssize_t btchr_read(struct file *file_p,
957 struct hci_dev *hdev;
961 RTKBT_DBG("%s: BT usb char device is reading", __func__);
964 hdev = hci_dev_get(0);
967 * Note: Only when BT device hotplugged out, we wil get
968 * into such situation. In order to keep the upper layer
969 * stack alive (blocking the read), we should never return
970 * EFAULT or break the loop.
972 RTKBT_ERR("%s: Failed to get hci dev[Null]", __func__);
975 ret = wait_event_interruptible(btchr_read_wait, !is_queue_empty());
977 RTKBT_ERR("%s: wait event is signaled %d", __func__, ret);
981 skb = rtk_dequeue_try(count);
983 ret = usb_put_user(skb, buf_p, count);
985 RTKBT_ERR("%s: Failed to put data to user space", __func__);
994 static ssize_t btchr_write(struct file *file_p,
995 const char __user *buf_p,
999 struct btusb_data *data = file_p->private_data;
1000 struct hci_dev *hdev;
1001 struct sk_buff *skb;
1003 RTKBT_DBG("%s: BT usb char device is writing", __func__);
1005 hdev = hci_dev_get(0);
1007 RTKBT_WARN("%s: Failed to get hci dev[Null]", __func__);
1009 * Note: we bypass the data from the upper layer if bt device
1010 * is hotplugged out. Fortunatelly, H4 or H5 HCI stack does
1011 * NOT check btchr_write's return value. However, returning
1012 * count instead of EFAULT is preferable.
1014 /* return -EFAULT; */
1018 /* Never trust on btusb_data, as bt device may be hotplugged out */
1019 data = GET_DRV_DATA(hdev);
1021 RTKBT_WARN("%s: Failed to get bt usb driver data[Null]", __func__);
1025 if (count > HCI_MAX_FRAME_SIZE)
1028 skb = bt_skb_alloc(count, GFP_ATOMIC);
1031 skb_reserve(skb, -1); // Add this line
1033 if (copy_from_user(skb_put(skb, count), buf_p, count)) {
1034 RTKBT_ERR("%s: Failed to get data from user space", __func__);
1039 skb->dev = (void *)hdev;
1040 bt_cb(skb)->pkt_type = *((__u8 *)skb->data);
1042 data->hdev->send(skb);
1047 static unsigned int btchr_poll(struct file *file_p, poll_table *wait)
1049 struct btusb_data *data = file_p->private_data;
1050 struct hci_dev *hdev;
1052 RTKBT_DBG("%s: BT usb char device is polling", __func__);
1054 hdev = hci_dev_get(0);
1056 RTKBT_ERR("%s: Failed to get hci dev[Null]", __func__);
1057 mdelay(URB_CANCELING_DELAY_MS);
1058 return POLLOUT | POLLWRNORM;
1061 /* Never trust on btusb_data, as bt device may be hotplugged out */
1062 data = GET_DRV_DATA(hdev);
1065 * When bt device is hotplugged out, btusb_data will
1066 * be freed in disconnect.
1068 RTKBT_ERR("%s: Failed to get bt usb driver data[Null]", __func__);
1069 mdelay(URB_CANCELING_DELAY_MS);
1070 return POLLOUT | POLLWRNORM;
1073 if (!is_queue_empty())
1074 return POLLIN | POLLRDNORM;
1076 poll_wait(file_p, &btchr_read_wait, wait);
1078 return POLLOUT | POLLWRNORM;
1081 static struct file_operations bt_chrdev_ops = {
1083 release : btchr_close,
1085 write : btchr_write,
1089 static int btchr_init(void)
1094 RTKBT_INFO("Register usb char device interface for BT driver");
1096 * btchr mutex is used to sync between
1097 * 1) downloading patch and opening bt char driver
1098 * 2) the file operations of bt char driver
1100 mutex_init(&btchr_mutex);
1102 skb_queue_head_init(&btchr_readq);
1103 init_waitqueue_head(&btchr_read_wait);
1105 bt_char_class = class_create(THIS_MODULE, BT_CHAR_DEVICE_NAME);
1106 if (IS_ERR(bt_char_class)) {
1107 RTKBT_ERR("Failed to create bt char class");
1108 return PTR_ERR(bt_char_class);
1111 res = alloc_chrdev_region(&bt_devid, 0, 1, BT_CHAR_DEVICE_NAME);
1113 RTKBT_ERR("Failed to allocate bt char device");
1117 dev = device_create(bt_char_class, NULL, bt_devid, NULL, BT_CHAR_DEVICE_NAME);
1119 RTKBT_ERR("Failed to create bt char device");
1124 cdev_init(&bt_char_dev, &bt_chrdev_ops);
1125 res = cdev_add(&bt_char_dev, bt_devid, 1);
1127 RTKBT_ERR("Failed to add bt char device");
1134 device_destroy(bt_char_class, bt_devid);
1136 unregister_chrdev_region(bt_devid, 1);
1138 class_destroy(bt_char_class);
1142 static void btchr_exit(void)
1144 RTKBT_INFO("Unregister usb char device interface for BT driver");
1146 device_destroy(bt_char_class, bt_devid);
1147 cdev_del(&bt_char_dev);
1148 unregister_chrdev_region(bt_devid, 1);
1149 class_destroy(bt_char_class);
1155 int send_hci_cmd(firmware_info *fw_info)
1159 ret_val = usb_control_msg(
1160 fw_info->udev, fw_info->pipe_out,
1161 0, USB_TYPE_CLASS, 0, 0,
1162 (void *)(fw_info->send_pkt),
1163 fw_info->pkt_len, MSG_TO);
1168 int rcv_hci_evt(firmware_info *fw_info)
1170 int ret_len = 0, ret_val = 0;
1174 for(i = 0; i < 5; i++) {
1175 ret_val = usb_interrupt_msg(
1176 fw_info->udev, fw_info->pipe_in,
1177 (void *)(fw_info->rcv_pkt), PKT_LEN,
1186 if (CMD_CMP_EVT == fw_info->evt_hdr->evt) {
1187 if (fw_info->cmd_hdr->opcode == fw_info->cmd_cmp->opcode)
1193 int set_bt_onoff(firmware_info *fw_info, uint8_t onoff)
1195 patch_info *patch_entry;
1198 RTKBT_INFO("%s: %s", __func__, onoff != 0 ? "on" : "off");
1200 patch_entry = fw_info->patch_entry;
1204 fw_info->cmd_hdr->opcode = cpu_to_le16(BTOFF_OPCODE);
1205 fw_info->cmd_hdr->plen = 1;
1206 fw_info->pkt_len = CMD_HDR_LEN + 1;
1207 fw_info->send_pkt[CMD_HDR_LEN] = onoff;
1209 ret_val = send_hci_cmd(fw_info);
1211 RTKBT_ERR("%s: Failed to send bt %s cmd, errno %d",
1212 __func__, onoff != 0 ? "on" : "off", ret_val);
1216 ret_val = rcv_hci_evt(fw_info);
1218 RTKBT_ERR("%s: Failed to receive bt %s event, errno %d",
1219 __func__, onoff != 0 ? "on" : "off", ret_val);
1226 static patch_info *get_fw_table_entry(struct usb_device* udev)
1228 patch_info *patch_entry = fw_patch_table;
1229 uint16_t pid = le16_to_cpu(udev->descriptor.idProduct);
1230 uint32_t entry_size = sizeof(fw_patch_table) / sizeof(fw_patch_table[0]);
1233 RTKBT_INFO("%s: Product id = 0x%04x, fw table entry size %d", __func__, pid, entry_size);
1235 for (i = 0; i < entry_size; i++, patch_entry++) {
1236 if (pid == patch_entry->prod_id)
1240 if (i == entry_size) {
1241 RTKBT_ERR("%s: No fw table entry found", __func__);
1248 static struct rtk_epatch_entry *get_fw_patch_entry(struct rtk_epatch *epatch_info, uint16_t eco_ver)
1250 int patch_num = epatch_info->number_of_total_patch;
1251 uint8_t *epatch_buf = (uint8_t *)epatch_info;
1252 struct rtk_epatch_entry *p_entry = NULL;
1257 for (i = 0; i < patch_num; i++) {
1258 if (*(uint16_t *)(epatch_buf + 14 + 2*i) == eco_ver + 1) {
1259 p_entry = kzalloc(sizeof(*p_entry), GFP_KERNEL);
1261 RTKBT_ERR("%s: Failed to allocate mem for patch entry", __func__);
1264 p_entry->chip_id = eco_ver + 1;
1265 p_entry->patch_length = *(uint16_t*)(epatch_buf + 14 + 2*patch_num + 2*i);
1266 p_entry->start_offset = *(uint32_t*)(epatch_buf + 14 + 4*patch_num + 4*i);
1267 p_entry->coex_version = *(uint32_t*)(epatch_buf + p_entry->start_offset + p_entry->patch_length - 12);
1268 p_entry->svn_version = *(uint32_t*)(epatch_buf + p_entry->start_offset + p_entry->patch_length - 8);
1269 p_entry->fw_version = *(uint32_t*)(epatch_buf + p_entry->start_offset + p_entry->patch_length - 4);
1271 coex_date = ((p_entry->coex_version >> 16) & 0x7ff) + ((p_entry->coex_version >> 27) * 10000);
1272 coex_ver = p_entry->coex_version & 0xffff;
1274 RTKBT_INFO("%s: chip id %d, patch length 0x%04x, patch offset 0x%08x, "
1275 "coex version 20%06d-0x%04x, svn version 0x%08x, fw version 0x%08x",
1276 __func__, p_entry->chip_id, p_entry->patch_length, p_entry->start_offset,
1277 coex_date, coex_ver, p_entry->svn_version, p_entry->fw_version);
1286 * check the return value
1287 * 1: need to download fw patch
1288 * 0: no need to download fw patch
1289 * <0: failed to check lmp version
1291 int check_fw_version(firmware_info* fw_info)
1293 struct hci_rp_read_local_version *read_ver_rsp;
1294 patch_info *patch_entry = NULL;
1297 fw_info->cmd_hdr->opcode = cpu_to_le16(HCI_OP_READ_LOCAL_VERSION);
1298 fw_info->cmd_hdr->plen = 0;
1299 fw_info->pkt_len = CMD_HDR_LEN;
1301 ret_val = send_hci_cmd(fw_info);
1303 RTKBT_ERR("%s: Failed to send hci cmd 0x%04x, errno %d",
1304 __func__, fw_info->cmd_hdr->opcode, ret_val);
1308 ret_val = rcv_hci_evt(fw_info);
1310 RTKBT_ERR("%s: Failed to receive hci event, errno %d",
1315 patch_entry = fw_info->patch_entry;
1316 read_ver_rsp = (struct hci_rp_read_local_version *)(fw_info->rsp_para);
1318 RTKBT_INFO("%s: Controller lmp = 0x%04x, patch lmp = 0x%04x, default patch lmp = 0x%04x",
1319 __func__, read_ver_rsp->lmp_subver, patch_entry->lmp_sub, patch_entry->lmp_sub_default);
1321 if (read_ver_rsp->lmp_subver == patch_entry->lmp_sub_default) {
1322 RTKBT_INFO("%s: Cold BT controller startup", __func__);
1324 } else if (read_ver_rsp->lmp_subver != patch_entry->lmp_sub) {
1325 RTKBT_INFO("%s: Warm BT controller startup with updated lmp", __func__);
1328 RTKBT_INFO("%s: Warm BT controller startup with same lmp", __func__);
1333 int get_eversion(firmware_info* fw_info)
1335 struct rtk_eversion_evt *ever_evt;
1341 fw_info->cmd_hdr->opcode = cpu_to_le16(HCI_VENDOR_READ_RTK_ROM_VERISION);
1342 fw_info->cmd_hdr->plen = 0;
1343 fw_info->pkt_len = CMD_HDR_LEN;
1345 ret_val = send_hci_cmd(fw_info);
1347 RTKBT_ERR("%s: Failed to send hci cmd 0x%04x, errno %d",
1348 __func__, fw_info->cmd_hdr->opcode, ret_val);
1352 ret_val = rcv_hci_evt(fw_info);
1354 RTKBT_ERR("%s: Failed to receive hci event, errno %d",
1359 ever_evt = (struct rtk_eversion_evt *)(fw_info->rsp_para);
1361 RTKBT_INFO("%s: status %d, eversion %d", __func__, ever_evt->status, ever_evt->version);
1363 if (ever_evt->status)
1364 fw_info->patch_entry->eversion = 0;
1366 fw_info->patch_entry->eversion = ever_evt->version;
1371 int load_firmware(firmware_info *fw_info, uint8_t **buff)
1373 const struct firmware *fw, *cfg;
1374 struct usb_device *udev;
1375 patch_info *patch_entry;
1376 char *config_name, *fw_name;
1380 int config_len = 0, buf_len = -1;
1381 uint8_t *buf = *buff, *config_file_buf = NULL;
1382 uint8_t *epatch_buf = NULL;
1384 struct rtk_epatch *epatch_info = NULL;
1385 uint8_t need_download_fw = 1;
1386 struct rtk_extension_entry patch_lmp = {0};
1387 struct rtk_epatch_entry *p_epatch_entry = NULL;
1388 uint16_t lmp_version;
1389 //uint8_t use_mp_fw = 0;
1390 RTKBT_DBG("%s: start", __func__);
1392 udev = fw_info->udev;
1393 patch_entry = fw_info->patch_entry;
1394 lmp_version = patch_entry->lmp_sub_default;
1395 config_name = patch_entry->config_name;
1396 fw_name = patch_entry->patch_name;
1398 RTKBT_INFO("%s: Default lmp version = 0x%04x, config file name[%s], "
1399 "fw file name[%s]", __func__, lmp_version,config_name, fw_name);
1401 /* ret_val = request_firmware(&cfg, "mp_test", &udev->dev);
1403 config_file_buf = kzalloc(cfg->size, GFP_KERNEL);
1404 if (config_file_buf) {
1405 memcpy(config_file_buf, cfg->data, cfg->size);
1406 use_mp_fw = *config_file_buf;
1407 if (1 == use_mp_fw){
1408 fw_name = patch_entry->mp_patch_name;
1409 RTKBT_WARN("%s: use_mp_fw = %04d, fw file name[%s]", __func__, use_mp_fw, fw_name);
1411 kfree(config_file_buf);
1412 release_firmware(cfg);
1415 ret_val = request_firmware(&cfg, config_name, &udev->dev);
1419 config_file_buf = kzalloc(cfg->size, GFP_KERNEL);
1420 if (!config_file_buf)
1422 memcpy(config_file_buf, cfg->data, cfg->size);
1423 config_len = cfg->size;
1424 release_firmware(cfg);
1427 ret_val = request_firmware(&fw, fw_name, &udev->dev);
1431 epatch_buf = kzalloc(fw->size, GFP_KERNEL);
1433 release_firmware(fw);
1436 memcpy(epatch_buf, fw->data, fw->size);
1438 buf_len = fw_len + config_len;
1439 release_firmware(fw);
1442 if (lmp_version == ROM_LMP_8723a) {
1443 RTKBT_DBG("%s: 8723a -> use old style patch", __func__);
1444 if (!memcmp(epatch_buf, RTK_EPATCH_SIGNATURE, 8)) {
1445 RTKBT_ERR("%s: 8723a check signature error", __func__);
1446 need_download_fw = 0;
1448 if (!(buf = kzalloc(buf_len, GFP_KERNEL))) {
1449 RTKBT_ERR("%s: Failed to allocate mem for fw&config", __func__);
1452 RTKBT_DBG("%s: 8723a -> fw copy directly", __func__);
1453 memcpy(buf, epatch_buf, buf_len);
1454 patch_entry->lmp_sub = *(uint16_t *)(buf + buf_len - config_len - 4);
1455 RTKBT_DBG("%s: Config lmp version = 0x%04x", __func__,
1456 patch_entry->lmp_sub);
1460 memcpy(buf + buf_len - config_len, config_file_buf, config_len);
1464 RTKBT_DBG("%s: Not 8723a -> use new style patch", __func__);
1465 ret_val = get_eversion(fw_info);
1467 RTKBT_ERR("%s: Failed to get eversion, errno %d", __func__, ret_val);
1470 RTKBT_DBG("%s: Get eversion =%d", __func__, patch_entry->eversion);
1471 if (memcmp(epatch_buf + buf_len - config_len - 4 , EXTENSION_SECTION_SIGNATURE, 4)) {
1472 RTKBT_ERR("%s: Failed to check extension section signature", __func__);
1473 need_download_fw = 0;
1476 temp = epatch_buf+buf_len-config_len - 5;
1478 if (*temp == 0x00) {
1479 patch_lmp.opcode = *temp;
1480 patch_lmp.length = *(temp-1);
1481 if ((patch_lmp.data = kzalloc(patch_lmp.length, GFP_KERNEL))) {
1483 for (k = 0; k < patch_lmp.length; k++) {
1484 *(patch_lmp.data+k) = *(temp-2-k);
1485 RTKBT_DBG("data = 0x%x", *(patch_lmp.data+k));
1488 RTKBT_DBG("%s: opcode = 0x%x, length = 0x%x, data = 0x%x", __func__,
1489 patch_lmp.opcode, patch_lmp.length, *(patch_lmp.data));
1492 temp -= *(temp-1) + 2;
1493 } while (*temp != 0xFF);
1495 if (lmp_version != project_id[*(patch_lmp.data)]) {
1496 RTKBT_ERR("%s: Default lmp_version 0x%04x, project_id 0x%04x "
1497 "-> not match", __func__, lmp_version, project_id[*(patch_lmp.data)]);
1499 kfree(patch_lmp.data);
1500 need_download_fw = 0;
1502 RTKBT_INFO("%s: Default lmp_version 0x%04x, project_id 0x%04x "
1503 "-> match", __func__, lmp_version, project_id[*(patch_lmp.data)]);
1505 kfree(patch_lmp.data);
1506 if (memcmp(epatch_buf, RTK_EPATCH_SIGNATURE, 8)) {
1507 RTKBT_ERR("%s: Check signature error", __func__);
1508 need_download_fw = 0;
1510 epatch_info = (struct rtk_epatch*)epatch_buf;
1511 patch_entry->lmp_sub = (uint16_t)epatch_info->fw_version;
1513 RTKBT_DBG("%s: lmp version 0x%04x, fw_version 0x%x, "
1514 "number_of_total_patch %d", __func__,
1515 patch_entry->lmp_sub, epatch_info->fw_version,
1516 epatch_info->number_of_total_patch);
1518 /* Get right epatch entry */
1519 p_epatch_entry = get_fw_patch_entry(epatch_info, patch_entry->eversion);
1520 if (p_epatch_entry == NULL) {
1521 RTKBT_WARN("%s: Failed to get fw patch entry", __func__);
1526 buf_len = p_epatch_entry->patch_length + config_len;
1527 RTKBT_DBG("buf_len = 0x%x", buf_len);
1529 if (!(buf = kzalloc(buf_len, GFP_KERNEL))) {
1530 RTKBT_ERR("%s: Can't alloc memory for fw&config", __func__);
1533 memcpy(buf, &epatch_buf[p_epatch_entry->start_offset], p_epatch_entry->patch_length);
1534 memcpy(&buf[p_epatch_entry->patch_length-4], &epatch_info->fw_version, 4);
1535 kfree(p_epatch_entry);
1541 memcpy(&buf[buf_len - config_len], config_file_buf, config_len);
1547 if (config_file_buf)
1548 kfree(config_file_buf);
1550 RTKBT_INFO("%s: fw%s exists, config file%s exists", __func__,
1551 (buf_len > 0) ? "" : " not", (config_len > 0) ? "":" not");
1553 if (buf && buf_len > 0 && need_download_fw)
1556 RTKBT_DBG("%s: done", __func__);
1561 if (config_file_buf)
1562 kfree(config_file_buf);
1566 int get_firmware(firmware_info *fw_info, int cached)
1568 patch_info *patch_entry = fw_info->patch_entry;
1570 RTKBT_INFO("%s: start, cached %d,patch_entry->fw_len= %d", __func__, cached,patch_entry->fw_len);
1573 if (patch_entry->fw_len > 0) {
1574 fw_info->fw_data = kzalloc(patch_entry->fw_len, GFP_KERNEL);
1575 if (!fw_info->fw_data)
1577 memcpy(fw_info->fw_data, patch_entry->fw_cache, patch_entry->fw_len);
1578 fw_info->fw_len = patch_entry->fw_len;
1580 fw_info->fw_len = load_firmware(fw_info, &fw_info->fw_data);
1581 if (fw_info->fw_len <= 0)
1585 fw_info->fw_len = load_firmware(fw_info, &fw_info->fw_data);
1586 if (fw_info->fw_len <= 0)
1594 * Open the log message only if in debugging,
1595 * or it will decelerate download procedure.
1597 int download_data(firmware_info *fw_info)
1599 download_cp *cmd_para;
1600 download_rp *evt_para;
1602 int pkt_len, frag_num, frag_len;
1604 int ncmd = 1, step = 1;
1606 RTKBT_DBG("%s: start", __func__);
1608 cmd_para = (download_cp *)fw_info->req_para;
1609 evt_para = (download_rp *)fw_info->rsp_para;
1610 pcur = fw_info->fw_data;
1611 pkt_len = CMD_HDR_LEN + sizeof(download_cp);
1612 frag_num = fw_info->fw_len / PATCH_SEG_MAX + 1;
1613 frag_len = PATCH_SEG_MAX;
1615 for (i = 0; i < frag_num; i++) {
1616 cmd_para->index = i;
1617 if (i == (frag_num - 1)) {
1618 cmd_para->index |= DATA_END;
1619 frag_len = fw_info->fw_len % PATCH_SEG_MAX;
1620 pkt_len -= (PATCH_SEG_MAX - frag_len);
1622 fw_info->cmd_hdr->opcode = cpu_to_le16(DOWNLOAD_OPCODE);
1623 fw_info->cmd_hdr->plen = sizeof(uint8_t) + frag_len;
1624 fw_info->pkt_len = pkt_len;
1625 memcpy(cmd_para->data, pcur, frag_len);
1628 ret_val = send_hci_cmd(fw_info);
1630 RTKBT_DBG("%s: Failed to send frag num %d", __func__, cmd_para->index);
1633 RTKBT_DBG("%s: Send frag num %d", __func__, cmd_para->index);
1635 if (--step > 0 && i < frag_num - 1) {
1636 RTKBT_DBG("%s: Continue to send frag num %d", __func__, cmd_para->index + 1);
1637 pcur += PATCH_SEG_MAX;
1643 ret_val = rcv_hci_evt(fw_info);
1645 RTKBT_ERR("%s: rcv_hci_evt err %d", __func__, ret_val);
1648 RTKBT_DBG("%s: Receive acked frag num %d", __func__, evt_para->index);
1652 if (0 != evt_para->status) {
1653 RTKBT_ERR("%s: Receive acked frag num %d, err status %d",
1654 __func__, ret_val, evt_para->status);
1658 if ((evt_para->index & DATA_END) || (evt_para->index == frag_num - 1)) {
1659 RTKBT_DBG("%s: Receive last acked index %d", __func__, evt_para->index);
1664 ncmd = step = fw_info->cmd_cmp->ncmd;
1665 pcur += PATCH_SEG_MAX;
1666 RTKBT_DBG("%s: HCI command packet num %d", __func__, ncmd);
1670 * It is tricky that Host cannot receive DATA_END index from BT
1671 * controller, at least for 8723au. We are doomed if failed.
1674 /* Continue to receive the responsed events until last index occurs */
1675 if (i == frag_num) {
1676 RTKBT_DBG("%s: total frag count %d", __func__, frag_num);
1677 while (!(evt_para->index & DATA_END)) {
1678 ret_val = rcv_hci_evt(fw_info);
1680 RTKBT_ERR("%s: rcv_hci_evt err %d", __func__, ret_val);
1683 if (0 != evt_para->status)
1685 RTKBT_DBG("%s: continue to receive acked frag num %d", __func__, evt_para->index);
1690 RTKBT_INFO("%s: done, sent %d frag pkts, received %d frag events",
1691 __func__, cmd_para->index, evt_para->index);
1692 return fw_info->fw_len;
1695 int download_patch(firmware_info *fw_info, int cached)
1699 RTKBT_DBG("%s: Download fw patch start, cached %d", __func__, cached);
1701 if (!fw_info || !fw_info->patch_entry) {
1702 RTKBT_ERR("%s: No patch entry exists(fw_info %p)", __func__, fw_info);
1708 * step1: get local firmware if existed
1709 * step2: check firmware version
1710 * step3: download firmware if updated
1712 ret_val = get_firmware(fw_info, cached);
1714 RTKBT_ERR("%s: Failed to get firmware", __func__);
1718 ret_val = check_fw_version(fw_info);
1720 ret_val = download_data(fw_info);
1722 RTKBT_DBG("%s: Download fw patch done, fw len %d", __func__, ret_val);
1724 /* Free fw data after download finished */
1725 kfree(fw_info->fw_data);
1726 fw_info->fw_data = NULL;
1732 firmware_info *firmware_info_init(struct usb_interface *intf)
1734 struct usb_device *udev = interface_to_usbdev(intf);
1735 firmware_info *fw_info;
1737 RTKBT_DBG("%s: start", __func__);
1739 fw_info = kzalloc(sizeof(*fw_info), GFP_KERNEL);
1743 fw_info->send_pkt = kzalloc(PKT_LEN, GFP_KERNEL);
1744 if (!fw_info->send_pkt) {
1749 fw_info->rcv_pkt = kzalloc(PKT_LEN, GFP_KERNEL);
1750 if (!fw_info->rcv_pkt) {
1751 kfree(fw_info->send_pkt);
1756 fw_info->patch_entry = get_fw_table_entry(udev);
1757 if (!fw_info->patch_entry) {
1758 kfree(fw_info->rcv_pkt);
1759 kfree(fw_info->send_pkt);
1764 fw_info->intf = intf;
1765 fw_info->udev = udev;
1766 fw_info->pipe_in = usb_rcvintpipe(fw_info->udev, INTR_EP);
1767 fw_info->pipe_out = usb_sndctrlpipe(fw_info->udev, CTRL_EP);
1768 fw_info->cmd_hdr = (struct hci_command_hdr *)(fw_info->send_pkt);
1769 fw_info->evt_hdr = (struct hci_event_hdr *)(fw_info->rcv_pkt);
1770 fw_info->cmd_cmp = (struct hci_ev_cmd_complete *)(fw_info->rcv_pkt + EVT_HDR_LEN);
1771 fw_info->req_para = fw_info->send_pkt + CMD_HDR_LEN;
1772 fw_info->rsp_para = fw_info->rcv_pkt + EVT_HDR_LEN + CMD_CMP_LEN;
1775 RTKBT_INFO("%s: Auto suspend is enabled", __func__);
1776 usb_enable_autosuspend(udev);
1777 pm_runtime_set_autosuspend_delay(&(udev->dev), 2000);
1779 RTKBT_INFO("%s: Auto suspend is disabled", __func__);
1780 usb_disable_autosuspend(udev);
1783 #if BTUSB_WAKEUP_HOST
1784 device_wakeup_enable(&udev->dev);
1790 void firmware_info_destroy(struct usb_interface *intf)
1792 firmware_info *fw_info;
1793 struct usb_device *udev;
1794 struct btusb_data *data;
1796 udev = interface_to_usbdev(intf);
1797 data = usb_get_intfdata(intf);
1799 fw_info = data->fw_info;
1804 usb_disable_autosuspend(udev);
1808 * In order to reclaim fw data mem, we free fw_data immediately
1809 * after download patch finished instead of here.
1811 kfree(fw_info->rcv_pkt);
1812 kfree(fw_info->send_pkt);
1816 static struct usb_driver btusb_driver;
1818 static struct usb_device_id btusb_table[] = {
1819 { .match_flags = USB_DEVICE_ID_MATCH_VENDOR |
1820 USB_DEVICE_ID_MATCH_INT_INFO,
1822 .bInterfaceClass = 0xe0,
1823 .bInterfaceSubClass = 0x01,
1824 .bInterfaceProtocol = 0x01 },
1826 { .match_flags = USB_DEVICE_ID_MATCH_VENDOR |
1827 USB_DEVICE_ID_MATCH_INT_INFO,
1829 .bInterfaceClass = 0xe0,
1830 .bInterfaceSubClass = 0x01,
1831 .bInterfaceProtocol = 0x01 },
1836 MODULE_DEVICE_TABLE(usb, btusb_table);
1838 static int inc_tx(struct btusb_data *data)
1840 unsigned long flags;
1843 spin_lock_irqsave(&data->txlock, flags);
1844 rv = test_bit(BTUSB_SUSPENDING, &data->flags);
1846 data->tx_in_flight++;
1847 spin_unlock_irqrestore(&data->txlock, flags);
1852 void check_sco_event(struct urb *urb)
1854 u8* opcode = (u8*)(urb->transfer_buffer);
1856 static uint16_t sco_handle = 0;
1858 struct hci_dev *hdev = urb->context;
1859 struct btusb_data *data = GET_DRV_DATA(hdev);
1862 case HCI_EV_SYNC_CONN_COMPLETE:
1863 RTKBT_INFO("%s: HCI_EV_SYNC_CONN_COMPLETE(0x%02x)", __func__, *opcode);
1864 status = *(opcode + 2);
1865 sco_handle = *(opcode + 3) | *(opcode + 4) << 8;
1867 hdev->conn_hash.sco_num++;
1868 schedule_work(&data->work);
1871 case HCI_EV_DISCONN_COMPLETE:
1872 RTKBT_INFO("%s: HCI_EV_DISCONN_COMPLETE(0x%02x)", __func__, *opcode);
1873 status = *(opcode + 2);
1874 handle = *(opcode + 3) | *(opcode + 4) << 8;
1875 if (status == 0 && sco_handle == handle) {
1876 hdev->conn_hash.sco_num--;
1877 schedule_work(&data->work);
1881 RTKBT_DBG("%s: event 0x%02x", __func__, *opcode);
1886 static void btusb_intr_complete(struct urb *urb)
1888 struct hci_dev *hdev = urb->context;
1889 struct btusb_data *data = GET_DRV_DATA(hdev);
1892 RTKBT_DBG("%s: urb %p status %d count %d ", __func__,
1893 urb, urb->status, urb->actual_length);
1895 check_sco_event(urb);
1897 if (!test_bit(HCI_RUNNING, &hdev->flags))
1901 if (urb->status == 0) {
1902 hdev->stat.byte_rx += urb->actual_length;
1904 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
1905 urb->transfer_buffer,
1906 urb->actual_length) < 0) {
1907 RTKBT_ERR("%s: Corrupted event packet", __func__);
1908 hdev->stat.err_rx++;
1911 /* Avoid suspend failed when usb_kill_urb */
1912 else if(urb->status == -ENOENT) {
1917 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
1920 usb_mark_last_busy(data->udev);
1921 usb_anchor_urb(urb, &data->intr_anchor);
1923 err = usb_submit_urb(urb, GFP_ATOMIC);
1925 /* EPERM: urb is being killed;
1926 * ENODEV: device got disconnected */
1927 if (err != -EPERM && err != -ENODEV)
1928 RTKBT_ERR("%s: Failed to re-submit urb %p, err %d",
1929 __func__, urb, err);
1930 usb_unanchor_urb(urb);
1934 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
1936 struct btusb_data *data = GET_DRV_DATA(hdev);
1945 urb = usb_alloc_urb(0, mem_flags);
1949 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
1951 buf = kmalloc(size, mem_flags);
1957 RTKBT_DBG("%s: mMaxPacketSize %d, bEndpointAddress 0x%02x",
1958 __func__, size, data->intr_ep->bEndpointAddress);
1960 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
1962 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
1963 btusb_intr_complete, hdev,
1964 data->intr_ep->bInterval);
1966 urb->transfer_flags |= URB_FREE_BUFFER;
1968 usb_anchor_urb(urb, &data->intr_anchor);
1970 err = usb_submit_urb(urb, mem_flags);
1972 RTKBT_ERR("%s: Failed to submit urb %p, err %d",
1973 __func__, urb, err);
1974 usb_unanchor_urb(urb);
1982 static void btusb_bulk_complete(struct urb *urb)
1984 struct hci_dev *hdev = urb->context;
1985 struct btusb_data *data = GET_DRV_DATA(hdev);
1988 RTKBT_DBG("%s: urb %p status %d count %d",
1989 __func__, urb, urb->status, urb->actual_length);
1991 if (!test_bit(HCI_RUNNING, &hdev->flags))
1994 if (urb->status == 0) {
1995 hdev->stat.byte_rx += urb->actual_length;
1997 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
1998 urb->transfer_buffer,
1999 urb->actual_length) < 0) {
2000 RTKBT_ERR("%s: Corrupted ACL packet", __func__);
2001 hdev->stat.err_rx++;
2004 /* Avoid suspend failed when usb_kill_urb */
2005 else if(urb->status == -ENOENT) {
2010 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
2013 usb_anchor_urb(urb, &data->bulk_anchor);
2014 usb_mark_last_busy(data->udev);
2016 err = usb_submit_urb(urb, GFP_ATOMIC);
2018 /* -EPERM: urb is being killed;
2019 * -ENODEV: device got disconnected */
2020 if (err != -EPERM && err != -ENODEV)
2021 RTKBT_ERR("btusb_bulk_complete %s urb %p failed to resubmit (%d)",
2022 hdev->name, urb, -err);
2023 usb_unanchor_urb(urb);
2027 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
2029 struct btusb_data *data = GET_DRV_DATA(hdev);
2033 int err, size = HCI_MAX_FRAME_SIZE;
2035 RTKBT_DBG("%s: hdev name %s", __func__, hdev->name);
2037 if (!data->bulk_rx_ep)
2040 urb = usb_alloc_urb(0, mem_flags);
2044 buf = kmalloc(size, mem_flags);
2050 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
2052 usb_fill_bulk_urb(urb, data->udev, pipe,
2053 buf, size, btusb_bulk_complete, hdev);
2055 urb->transfer_flags |= URB_FREE_BUFFER;
2057 usb_mark_last_busy(data->udev);
2058 usb_anchor_urb(urb, &data->bulk_anchor);
2060 err = usb_submit_urb(urb, mem_flags);
2062 RTKBT_ERR("%s: Failed to submit urb %p, err %d", __func__, urb, err);
2063 usb_unanchor_urb(urb);
2071 static void btusb_isoc_complete(struct urb *urb)
2073 struct hci_dev *hdev = urb->context;
2074 struct btusb_data *data = GET_DRV_DATA(hdev);
2078 RTKBT_DBG("%s: urb %p status %d count %d",
2079 __func__, urb, urb->status, urb->actual_length);
2081 if (!test_bit(HCI_RUNNING, &hdev->flags))
2084 if (urb->status == 0) {
2085 for (i = 0; i < urb->number_of_packets; i++) {
2086 unsigned int offset = urb->iso_frame_desc[i].offset;
2087 unsigned int length = urb->iso_frame_desc[i].actual_length;
2089 if (urb->iso_frame_desc[i].status)
2092 hdev->stat.byte_rx += length;
2094 if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
2095 urb->transfer_buffer + offset,
2097 RTKBT_ERR("%s: Corrupted SCO packet", __func__);
2098 hdev->stat.err_rx++;
2102 /* Avoid suspend failed when usb_kill_urb */
2103 else if(urb->status == -ENOENT) {
2108 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
2111 usb_anchor_urb(urb, &data->isoc_anchor);
2114 err = usb_submit_urb(urb, GFP_ATOMIC);
2116 /* -EPERM: urb is being killed;
2117 * -ENODEV: device got disconnected */
2118 if (err != -EPERM && err != -ENODEV)
2119 RTKBT_ERR("%s: Failed to re-sumbit urb %p, retry %d, err %d",
2120 __func__, urb, i, err);
2127 usb_unanchor_urb(urb);
2131 static inline void fill_isoc_descriptor(struct urb *urb, int len, int mtu)
2135 RTKBT_DBG("%s: len %d mtu %d", __func__, len, mtu);
2137 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
2138 i++, offset += mtu, len -= mtu) {
2139 urb->iso_frame_desc[i].offset = offset;
2140 urb->iso_frame_desc[i].length = mtu;
2143 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
2144 urb->iso_frame_desc[i].offset = offset;
2145 urb->iso_frame_desc[i].length = len;
2149 urb->number_of_packets = i;
2152 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
2154 struct btusb_data *data = GET_DRV_DATA(hdev);
2160 if (!data->isoc_rx_ep)
2163 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
2167 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
2168 BTUSB_MAX_ISOC_FRAMES;
2170 buf = kmalloc(size, mem_flags);
2176 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
2178 urb->dev = data->udev;
2180 urb->context = hdev;
2181 urb->complete = btusb_isoc_complete;
2182 urb->interval = data->isoc_rx_ep->bInterval;
2184 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
2185 urb->transfer_buffer = buf;
2186 urb->transfer_buffer_length = size;
2188 fill_isoc_descriptor(urb, size,
2189 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
2191 usb_anchor_urb(urb, &data->isoc_anchor);
2193 err = usb_submit_urb(urb, mem_flags);
2195 RTKBT_ERR("%s: Failed to submit urb %p, err %d", __func__, urb, err);
2196 usb_unanchor_urb(urb);
2204 static void btusb_tx_complete(struct urb *urb)
2206 struct sk_buff *skb = urb->context;
2207 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2208 struct btusb_data *data = GET_DRV_DATA(hdev);
2210 if (!test_bit(HCI_RUNNING, &hdev->flags))
2214 hdev->stat.byte_tx += urb->transfer_buffer_length;
2216 hdev->stat.err_tx++;
2219 spin_lock(&data->txlock);
2220 data->tx_in_flight--;
2221 spin_unlock(&data->txlock);
2223 kfree(urb->setup_packet);
2228 static void btusb_isoc_tx_complete(struct urb *urb)
2230 struct sk_buff *skb = urb->context;
2231 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2233 RTKBT_DBG("%s: urb %p status %d count %d",
2234 __func__, urb, urb->status, urb->actual_length);
2237 if (!test_bit(HCI_RUNNING, &hdev->flags))
2241 hdev->stat.byte_tx += urb->transfer_buffer_length;
2243 hdev->stat.err_tx++;
2245 RTKBT_ERR("%s: skb 0x%p hdev 0x%p", __func__, skb, hdev);
2248 kfree(urb->setup_packet);
2253 static int btusb_open(struct hci_dev *hdev)
2255 struct btusb_data *data = GET_DRV_DATA(hdev);
2258 RTKBT_INFO("%s: Start, PM usage count %d", __func__,
2259 atomic_read(&(data->intf->pm_usage_cnt)));
2261 err = usb_autopm_get_interface(data->intf);
2265 data->intf->needs_remote_wakeup = 1;
2267 err = download_patch(data->fw_info, 1);
2268 if (err < 0) goto failed;
2270 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
2273 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
2276 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
2280 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
2282 mdelay(URB_CANCELING_DELAY_MS);
2283 usb_kill_anchored_urbs(&data->intr_anchor);
2287 set_bit(BTUSB_BULK_RUNNING, &data->flags);
2288 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
2291 usb_autopm_put_interface(data->intf);
2292 RTKBT_INFO("%s: End, PM usage count %d", __func__,
2293 atomic_read(&(data->intf->pm_usage_cnt)));
2297 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
2298 clear_bit(HCI_RUNNING, &hdev->flags);
2299 usb_autopm_put_interface(data->intf);
2300 RTKBT_ERR("%s: Failed, PM usage count %d", __func__,
2301 atomic_read(&(data->intf->pm_usage_cnt)));
2305 static void btusb_stop_traffic(struct btusb_data *data)
2307 mdelay(URB_CANCELING_DELAY_MS);
2308 usb_kill_anchored_urbs(&data->intr_anchor);
2309 usb_kill_anchored_urbs(&data->bulk_anchor);
2310 usb_kill_anchored_urbs(&data->isoc_anchor);
2313 static int btusb_close(struct hci_dev *hdev)
2315 struct btusb_data *data = GET_DRV_DATA(hdev);
2318 RTKBT_INFO("%s: hci running %lu", __func__, hdev->flags & HCI_RUNNING);
2320 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
2323 for (i = 0; i < NUM_REASSEMBLY; i++) {
2324 if (hdev->reassembly[i]) {
2325 RTKBT_DBG("%s: free ressembly[%d]", __func__, i);
2326 kfree_skb(hdev->reassembly[i]);
2327 hdev->reassembly[i] = NULL;
2331 cancel_work_sync(&data->work);
2332 cancel_work_sync(&data->waker);
2334 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
2335 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
2336 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
2338 btusb_stop_traffic(data);
2339 err = usb_autopm_get_interface(data->intf);
2343 data->intf->needs_remote_wakeup = 0;
2344 usb_autopm_put_interface(data->intf);
2347 mdelay(URB_CANCELING_DELAY_MS);
2348 usb_scuttle_anchored_urbs(&data->deferred);
2352 static int btusb_flush(struct hci_dev *hdev)
2354 struct btusb_data *data = GET_DRV_DATA(hdev);
2356 RTKBT_DBG("%s", __func__);
2358 mdelay(URB_CANCELING_DELAY_MS);
2359 usb_kill_anchored_urbs(&data->tx_anchor);
2364 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)
2365 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
2368 static int btusb_send_frame(struct sk_buff *skb)
2370 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2372 struct btusb_data *data = GET_DRV_DATA(hdev);
2373 struct usb_ctrlrequest *dr;
2379 RTKBT_DBG("%s: hdev %p, btusb data %p, pkt type %d",
2380 __func__, hdev, data, bt_cb(skb)->pkt_type);
2382 if (!test_bit(HCI_RUNNING, &hdev->flags))
2385 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)
2386 skb->dev = (void *)hdev;
2389 switch (bt_cb(skb)->pkt_type) {
2390 case HCI_COMMAND_PKT:
2392 urb = usb_alloc_urb(0, GFP_ATOMIC);
2396 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
2402 dr->bRequestType = data->cmdreq_type;
2406 dr->wLength = __cpu_to_le16(skb->len);
2408 pipe = usb_sndctrlpipe(data->udev, 0x00);
2410 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
2411 skb->data, skb->len, btusb_tx_complete, skb);
2413 hdev->stat.cmd_tx++;
2416 case HCI_ACLDATA_PKT:
2418 if (!data->bulk_tx_ep)
2421 urb = usb_alloc_urb(0, GFP_ATOMIC);
2425 pipe = usb_sndbulkpipe(data->udev,
2426 data->bulk_tx_ep->bEndpointAddress);
2428 usb_fill_bulk_urb(urb, data->udev, pipe,
2429 skb->data, skb->len, btusb_tx_complete, skb);
2431 hdev->stat.acl_tx++;
2434 case HCI_SCODATA_PKT:
2436 if (!data->isoc_tx_ep || hdev->conn_hash.sco_num < 1) {
2441 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
2443 RTKBT_ERR("%s: Failed to allocate mem for sco pkts", __func__);
2448 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress);
2450 usb_fill_int_urb(urb, data->udev, pipe,
2451 skb->data, skb->len, btusb_isoc_tx_complete,
2452 skb, data->isoc_tx_ep->bInterval);
2454 urb->transfer_flags = URB_ISO_ASAP;
2456 fill_isoc_descriptor(urb, skb->len,
2457 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
2459 hdev->stat.sco_tx++;
2468 usb_anchor_urb(urb, &data->deferred);
2469 schedule_work(&data->waker);
2475 usb_anchor_urb(urb, &data->tx_anchor);
2477 err = usb_submit_urb(urb, GFP_ATOMIC);
2479 RTKBT_ERR("%s: Failed to submit urb %p, pkt type %d, err %d, retries %d",
2480 __func__, urb, bt_cb(skb)->pkt_type, err, retries);
2481 if ((bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) && (retries < 10)) {
2484 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT)
2485 print_error_command(skb);
2489 kfree(urb->setup_packet);
2490 usb_unanchor_urb(urb);
2492 usb_mark_last_busy(data->udev);
2499 #if LINUX_VERSION_CODE <= KERNEL_VERSION(3, 4, 0)
2500 static void btusb_destruct(struct hci_dev *hdev)
2502 struct btusb_data *data = GET_DRV_DATA(hdev);
2504 RTKBT_DBG("%s: name %s", __func__, hdev->name);
2510 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
2512 struct btusb_data *data = GET_DRV_DATA(hdev);
2514 RTKBT_DBG("%s: name %s, evt %d", __func__, hdev->name, evt);
2516 if (hdev->conn_hash.sco_num != data->sco_num) {
2517 data->sco_num = hdev->conn_hash.sco_num;
2518 schedule_work(&data->work);
2522 static inline int set_isoc_interface(struct hci_dev *hdev, int altsetting)
2524 struct btusb_data *data = GET_DRV_DATA(hdev);
2525 struct usb_interface *intf = data->isoc;
2526 struct usb_endpoint_descriptor *ep_desc;
2532 err = usb_set_interface(data->udev, 1, altsetting);
2534 RTKBT_ERR("%s: Failed to set interface, altsetting %d, err %d",
2535 __func__, altsetting, err);
2539 data->isoc_altsetting = altsetting;
2541 data->isoc_tx_ep = NULL;
2542 data->isoc_rx_ep = NULL;
2544 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
2545 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
2547 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
2548 data->isoc_tx_ep = ep_desc;
2552 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
2553 data->isoc_rx_ep = ep_desc;
2558 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
2559 RTKBT_ERR("%s: Invalid SCO descriptors", __func__);
2566 static void btusb_work(struct work_struct *work)
2568 struct btusb_data *data = container_of(work, struct btusb_data, work);
2569 struct hci_dev *hdev = data->hdev;
2573 if (hdev->conn_hash.sco_num > 0) {
2574 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
2575 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
2577 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
2578 mdelay(URB_CANCELING_DELAY_MS);
2579 usb_kill_anchored_urbs(&data->isoc_anchor);
2583 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
2585 #if LINUX_VERSION_CODE > KERNEL_VERSION(3, 7, 1)
2586 if (hdev->voice_setting & 0x0020) {
2587 static const int alts[3] = { 2, 4, 5 };
2588 new_alts = alts[hdev->conn_hash.sco_num - 1];
2590 new_alts = hdev->conn_hash.sco_num;
2592 if (data->isoc_altsetting != new_alts) {
2594 if (data->isoc_altsetting != 2) {
2598 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
2599 mdelay(URB_CANCELING_DELAY_MS);
2600 usb_kill_anchored_urbs(&data->isoc_anchor);
2602 if (set_isoc_interface(hdev, new_alts) < 0)
2606 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
2607 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
2608 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
2610 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
2613 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
2614 mdelay(URB_CANCELING_DELAY_MS);
2615 usb_kill_anchored_urbs(&data->isoc_anchor);
2617 set_isoc_interface(hdev, 0);
2618 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
2619 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
2623 static void btusb_waker(struct work_struct *work)
2625 struct btusb_data *data = container_of(work, struct btusb_data, waker);
2628 RTKBT_DBG("%s: PM usage count %d", __func__,
2629 atomic_read(&data->intf->pm_usage_cnt));
2631 err = usb_autopm_get_interface(data->intf);
2635 usb_autopm_put_interface(data->intf);
2639 //#ifdef CONFIG_HAS_EARLYSUSPEND
2641 static void btusb_early_suspend(struct early_suspend *h)
2643 struct btusb_data *data;
2644 firmware_info *fw_info;
2645 patch_info *patch_entry;
2647 RTKBT_INFO("%s", __func__);
2649 data = container_of(h, struct btusb_data, early_suspend);
2650 fw_info = data->fw_info;
2651 patch_entry = fw_info->patch_entry;
2653 patch_entry->fw_len = load_firmware(fw_info, &patch_entry->fw_cache);
2654 if (patch_entry->fw_len <= 0) {
2655 /* We may encount failure in loading firmware, just give a warning */
2656 RTKBT_WARN("%s: Failed to load firmware", __func__);
2660 static void btusb_late_resume(struct early_suspend *h)
2662 struct btusb_data *data;
2663 firmware_info *fw_info;
2664 patch_info *patch_entry;
2666 RTKBT_INFO("%s", __func__);
2668 data = container_of(h, struct btusb_data, early_suspend);
2669 fw_info = data->fw_info;
2670 patch_entry = fw_info->patch_entry;
2672 /* Reclaim fw buffer when bt usb resumed */
2673 if (patch_entry->fw_len > 0) {
2674 kfree(patch_entry->fw_cache);
2675 patch_entry->fw_cache = NULL;
2676 patch_entry->fw_len = 0;
2680 int bt_pm_notify(struct notifier_block *notifier, ulong pm_event, void *unused)
2682 struct btusb_data *data;
2683 firmware_info *fw_info;
2684 patch_info *patch_entry;
2685 struct usb_device *udev;
2687 RTKBT_INFO("%s: pm event %ld", __func__, pm_event);
2689 data = container_of(notifier, struct btusb_data, pm_notifier);
2690 fw_info = data->fw_info;
2691 patch_entry = fw_info->patch_entry;
2692 udev = fw_info->udev;
2695 case PM_SUSPEND_PREPARE:
2696 case PM_HIBERNATION_PREPARE:
2697 patch_entry->fw_len = load_firmware(fw_info, &patch_entry->fw_cache);
2698 if (patch_entry->fw_len <= 0) {
2699 /* We may encount failure in loading firmware, just give a warning */
2700 RTKBT_WARN("%s: Failed to load firmware", __func__);
2703 if (!device_may_wakeup(&udev->dev)) {
2704 #if (CONFIG_RESET_RESUME || CONFIG_BLUEDROID)
2705 RTKBT_INFO("%s:remote wakeup not supported, reset resume supported", __func__);
2707 fw_info->intf->needs_binding = 1;
2708 RTKBT_INFO("%s:remote wakeup not supported, binding needed", __func__);
2713 case PM_POST_SUSPEND:
2714 case PM_POST_HIBERNATION:
2715 case PM_POST_RESTORE:
2716 /* Reclaim fw buffer when bt usb resumed */
2717 if (patch_entry->fw_len > 0) {
2718 kfree(patch_entry->fw_cache);
2719 patch_entry->fw_cache = NULL;
2720 patch_entry->fw_len = 0;
2723 usb_disable_autosuspend(udev);
2724 usb_enable_autosuspend(udev);
2725 pm_runtime_set_autosuspend_delay(&(udev->dev), 2000);
2737 static int btusb_probe(struct usb_interface *intf, const struct usb_device_id *id)
2739 struct usb_device *udev = interface_to_usbdev(intf);
2740 struct usb_endpoint_descriptor *ep_desc;
2741 struct btusb_data *data;
2742 struct hci_dev *hdev;
2743 firmware_info *fw_info;
2746 RTKBT_INFO("%s: usb_interface %p, bInterfaceNumber %d, idVendor 0x%04x, "
2747 "idProduct 0x%04x", __func__, intf,
2748 intf->cur_altsetting->desc.bInterfaceNumber,
2749 id->idVendor, id->idProduct);
2751 /* interface numbers are hardcoded in the spec */
2752 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
2755 RTKBT_DBG("%s: can wakeup = %x, may wakeup = %x", __func__,
2756 device_can_wakeup(&udev->dev), device_may_wakeup(&udev->dev));
2758 data = rtk_alloc(intf);
2762 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
2763 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
2765 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
2766 data->intr_ep = ep_desc;
2770 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
2771 data->bulk_tx_ep = ep_desc;
2775 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
2776 data->bulk_rx_ep = ep_desc;
2781 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) {
2786 data->cmdreq_type = USB_TYPE_CLASS;
2791 spin_lock_init(&data->lock);
2793 INIT_WORK(&data->work, btusb_work);
2794 INIT_WORK(&data->waker, btusb_waker);
2795 spin_lock_init(&data->txlock);
2797 init_usb_anchor(&data->tx_anchor);
2798 init_usb_anchor(&data->intr_anchor);
2799 init_usb_anchor(&data->bulk_anchor);
2800 init_usb_anchor(&data->isoc_anchor);
2801 init_usb_anchor(&data->deferred);
2803 fw_info = firmware_info_init(intf);
2805 data->fw_info = fw_info;
2807 RTKBT_WARN("%s: Failed to initialize fw info", __func__);
2808 /* Skip download patch */
2812 RTKBT_INFO("%s: download begining...", __func__);
2814 #if CONFIG_BLUEDROID
2815 mutex_lock(&btchr_mutex);
2817 // err = download_patch(fw_info, 0);
2818 // /* If download failed, we just throw out a warning */
2820 // RTKBT_WARN("%s: Failed to download fw patch", __func__);
2821 #if CONFIG_BLUEDROID
2822 mutex_unlock(&btchr_mutex);
2825 RTKBT_INFO("%s: download ending...", __func__);
2827 hdev = hci_alloc_dev();
2838 SET_HCIDEV_DEV(hdev, &intf->dev);
2840 hdev->open = btusb_open;
2841 hdev->close = btusb_close;
2842 hdev->flush = btusb_flush;
2843 hdev->send = btusb_send_frame;
2844 hdev->notify = btusb_notify;
2846 #if LINUX_VERSION_CODE > KERNEL_VERSION(3, 4, 0)
2847 hci_set_drvdata(hdev, data);
2849 hdev->driver_data = data;
2850 hdev->destruct = btusb_destruct;
2851 hdev->owner = THIS_MODULE;
2854 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 7, 1)
2855 if (!reset_on_close){
2856 /* set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); */
2857 RTKBT_DBG("%s: Set HCI_QUIRK_RESET_ON_CLOSE", __func__);
2861 /* Interface numbers are hardcoded in the specification */
2862 data->isoc = usb_ifnum_to_if(data->udev, 1);
2864 err = usb_driver_claim_interface(&btusb_driver,
2875 err = hci_register_dev(hdev);
2884 usb_set_intfdata(intf, data);
2886 //#ifdef CONFIG_HAS_EARLYSUSPEND
2888 data->early_suspend.level = EARLY_SUSPEND_LEVEL_BLANK_SCREEN;
2889 data->early_suspend.suspend = btusb_early_suspend;
2890 data->early_suspend.resume = btusb_late_resume;
2891 register_early_suspend(&data->early_suspend);
2893 data->pm_notifier.notifier_call = bt_pm_notify;
2894 register_pm_notifier(&data->pm_notifier);
2897 #if CONFIG_BLUEDROID
2898 RTKBT_INFO("%s: Check bt reset flag %d", __func__, bt_reset);
2899 /* Report hci hardware error after everthing is ready,
2900 * especially hci register is completed. Or, btchr_poll
2901 * will get null hci dev when hotplug in.
2903 if (bt_reset == 1) {
2904 hci_hardware_error();
2907 bt_reset = 0; /* Clear and reset it anyway */
2914 static void btusb_disconnect(struct usb_interface *intf)
2916 struct btusb_data *data = usb_get_intfdata(intf);
2917 struct hci_dev *hdev = NULL;
2919 RTKBT_INFO("%s: usb_interface %p, bInterfaceNumber %d",
2920 __func__, intf, intf->cur_altsetting->desc.bInterfaceNumber);
2922 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
2928 RTKBT_WARN("%s: Failed to get bt usb data[Null]", __func__);
2932 //#ifdef CONFIG_HAS_EARLYSUSPEND
2934 unregister_early_suspend(&data->early_suspend);
2936 unregister_pm_notifier(&data->pm_notifier);
2939 firmware_info_destroy(intf);
2941 #if CONFIG_BLUEDROID
2942 if (test_bit(HCI_RUNNING, &hdev->flags)) {
2943 RTKBT_INFO("%s: Set BT reset flag", __func__);
2948 usb_set_intfdata(data->intf, NULL);
2951 usb_set_intfdata(data->isoc, NULL);
2953 hci_unregister_dev(hdev);
2955 if (intf == data->isoc)
2956 usb_driver_release_interface(&btusb_driver, data->intf);
2957 else if (data->isoc)
2958 usb_driver_release_interface(&btusb_driver, data->isoc);
2960 #if !CONFIG_BLUEDROID
2961 #if LINUX_VERSION_CODE <= KERNEL_VERSION(3, 4, 0)
2962 __hci_dev_put(hdev);
2972 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
2974 struct btusb_data *data = usb_get_intfdata(intf);
2975 firmware_info *fw_info = data->fw_info;
2977 RTKBT_INFO("%s: event 0x%x, suspend count %d", __func__,
2978 message.event, data->suspend_count);
2980 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
2983 if (!test_bit(HCI_RUNNING, &data->hdev->flags))
2984 set_bt_onoff(fw_info, 1);
2986 if (data->suspend_count++)
2989 spin_lock_irq(&data->txlock);
2990 if (!((message.event & PM_EVENT_AUTO) && data->tx_in_flight)) {
2991 set_bit(BTUSB_SUSPENDING, &data->flags);
2992 spin_unlock_irq(&data->txlock);
2994 spin_unlock_irq(&data->txlock);
2995 data->suspend_count--;
2996 RTKBT_ERR("%s: Failed to enter suspend", __func__);
3000 cancel_work_sync(&data->work);
3002 btusb_stop_traffic(data);
3003 mdelay(URB_CANCELING_DELAY_MS);
3004 usb_kill_anchored_urbs(&data->tx_anchor);
3009 static void play_deferred(struct btusb_data *data)
3014 while ((urb = usb_get_from_anchor(&data->deferred))) {
3015 usb_anchor_urb(urb, &data->tx_anchor);
3016 err = usb_submit_urb(urb, GFP_ATOMIC);
3018 RTKBT_ERR("%s: Failed to submit urb %p, err %d",
3019 __func__, urb, err);
3020 kfree(urb->setup_packet);
3021 usb_unanchor_urb(urb);
3023 usb_mark_last_busy(data->udev);
3027 data->tx_in_flight++;
3029 mdelay(URB_CANCELING_DELAY_MS);
3030 usb_scuttle_anchored_urbs(&data->deferred);
3033 static int btusb_resume(struct usb_interface *intf)
3035 struct btusb_data *data = usb_get_intfdata(intf);
3036 struct hci_dev *hdev = data->hdev;
3037 firmware_info *fw_info = data->fw_info;
3040 RTKBT_INFO("%s: Suspend count %d", __func__, data->suspend_count);
3042 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
3045 if (!test_bit(HCI_RUNNING, &hdev->flags)) {
3046 RTKBT_INFO("%s: Bt is off, download patch before bt is on", __func__);
3047 download_patch(fw_info, 1);
3050 if (--data->suspend_count)
3053 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
3054 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
3056 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
3061 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
3062 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
3064 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
3068 btusb_submit_bulk_urb(hdev, GFP_NOIO);
3071 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
3072 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
3073 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
3075 btusb_submit_isoc_urb(hdev, GFP_NOIO);
3078 spin_lock_irq(&data->txlock);
3079 play_deferred(data);
3080 clear_bit(BTUSB_SUSPENDING, &data->flags);
3081 spin_unlock_irq(&data->txlock);
3082 schedule_work(&data->work);
3087 mdelay(URB_CANCELING_DELAY_MS);
3088 usb_scuttle_anchored_urbs(&data->deferred);
3089 spin_lock_irq(&data->txlock);
3090 clear_bit(BTUSB_SUSPENDING, &data->flags);
3091 spin_unlock_irq(&data->txlock);
3097 static struct usb_driver btusb_driver = {
3098 .name = "rtk_btusb",
3099 .probe = btusb_probe,
3100 .disconnect = btusb_disconnect,
3102 .suspend = btusb_suspend,
3103 .resume = btusb_resume,
3105 #if CONFIG_RESET_RESUME
3106 .reset_resume = btusb_resume,
3108 .id_table = btusb_table,
3109 .supports_autosuspend = 1,
3110 #if LINUX_VERSION_CODE > KERNEL_VERSION(3, 7, 1)
3111 .disable_hub_initiated_lpm = 1,
3115 static int __init btusb_init(void)
3119 RTKBT_INFO("Realtek Bluetooth USB driver module init, version %s", VERSION);
3120 #if CONFIG_BLUEDROID
3123 /* usb register will go on, even bt char register failed */
3124 RTKBT_ERR("Failed to register usb char device interfaces");
3126 bt_char_dev_registered = 1;
3128 err = usb_register(&btusb_driver);
3130 RTKBT_ERR("Failed to register RTK bluetooth USB driver");
3134 static void __exit btusb_exit(void)
3136 RTKBT_INFO("Realtek Bluetooth USB driver module exit");
3137 #if CONFIG_BLUEDROID
3138 if (bt_char_dev_registered > 0)
3141 usb_deregister(&btusb_driver);
3144 module_init(btusb_init);
3145 module_exit(btusb_exit);
3147 MODULE_AUTHOR("Realtek Corporation");
3148 MODULE_DESCRIPTION("Realtek Bluetooth USB driver version");
3149 MODULE_VERSION(VERSION);
3150 MODULE_LICENSE("GPL");