3 * Realtek Bluetooth USB driver
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/kernel.h>
23 #include <linux/module.h>
24 #include <linux/init.h>
25 #include <linux/slab.h>
26 #include <linux/types.h>
27 #include <linux/sched.h>
28 #include <linux/errno.h>
29 #include <linux/skbuff.h>
30 #include <linux/usb.h>
32 /*******************************/
33 #include "rtk_btusb.h"
34 #define VERSION "2.19"
38 #define RTKBT_DBG(fmt, arg...) printk(KERN_INFO "rtk_btusb: " fmt "\n" , ## arg)
40 #define RTKBT_DBG(fmt, arg...)
42 #define RTKBT_INFO(fmt, arg...) printk(KERN_INFO "rtk_btusb: " fmt "\n" , ## arg)
43 #define RTKBT_WARN(fmt, arg...) printk(KERN_WARNING "rtk_btusb: " fmt "\n" , ## arg)
44 #define RTKBT_ERR(fmt, arg...) printk(KERN_ERR "rtk_btusb: " fmt "\n" , ## arg)
46 /*******************************
48 ********************************/
49 #define CMD_CMP_EVT 0x0e
52 #define PATCH_SEG_MAX 252
54 #define DOWNLOAD_OPCODE 0xfc20
55 #define BTOFF_OPCODE 0xfc28
58 #define CMD_HDR_LEN sizeof(struct hci_command_hdr)
59 #define EVT_HDR_LEN sizeof(struct hci_event_hdr)
60 #define CMD_CMP_LEN sizeof(struct hci_ev_cmd_complete)
71 uint16_t lmp_sub_default;
82 struct usb_interface *intf;
83 struct usb_device *udev;
84 patch_info *patch_entry;
85 int pipe_in, pipe_out;
88 struct hci_command_hdr *cmd_hdr;
89 struct hci_event_hdr *evt_hdr;
90 struct hci_ev_cmd_complete *cmd_cmp;
91 uint8_t *req_para, *rsp_para;
99 uint8_t data[PATCH_SEG_MAX];
100 } __attribute__((packed)) download_cp;
105 } __attribute__((packed)) download_rp;
107 static patch_info fw_patch_table[] = {
108 /* { pid, lmp_sub_default, lmp_sub, everion, mp_fw_name, fw_name, config_name, fw_cache, fw_len } */
109 { 0x1724, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* RTL8723A */
110 { 0x8723, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* 8723AE */
111 { 0xA723, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* 8723AE for LI */
112 { 0x0723, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* 8723AE */
113 { 0x3394, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* 8723AE for Azurewave*/
115 { 0x0724, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* 8723AU */
116 { 0x8725, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* 8723AU */
117 { 0x872A, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* 8723AU */
118 { 0x872B, 0x1200, 0, 0, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", NULL, 0 }, /* 8723AU */
120 { 0xb720, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723bu_config", NULL, 0 }, /* RTL8723BU */
121 { 0xb72A, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723bu_config", NULL, 0 }, /* RTL8723BU */
122 { 0xb728, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE for LC */
123 { 0xb723, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE */
124 { 0xb72B, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE */
125 { 0xb001, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE for HP */
126 { 0xb002, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE */
127 { 0xb003, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE */
128 { 0xb004, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE */
129 { 0xb005, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE */
131 { 0x3410, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE for Azurewave */
132 { 0x3416, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE for Azurewave */
133 { 0x3459, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE for Azurewave */
134 { 0xE085, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE for Foxconn */
135 { 0xE08B, 0x8723, 0, 0, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", NULL, 0 }, /* RTL8723BE for Foxconn */
137 { 0x2850, 0x8761, 0, 0, "mp_rtl8761a_fw", "rtl8761au_fw", "rtl8761a_config", NULL, 0 }, /* RTL8761AU */
138 { 0xA761, 0x8761, 0, 0, "mp_rtl8761a_fw", "rtl8761au_fw", "rtl8761a_config", NULL, 0 }, /* RTL8761AU only */
139 { 0x818B, 0x8761, 0, 0, "mp_rtl8761a_fw", "rtl8761au_fw", "rtl8761a_config", NULL, 0 }, /* RTL8761AW + 8192EU */
140 { 0x818C, 0x8761, 0, 0, "mp_rtl8761a_fw", "rtl8761au_fw", "rtl8761a_config", NULL, 0 }, /* RTL8761AW + 8192EU */
141 { 0x8760, 0x8761, 0, 0, "mp_rtl8761a_fw", "rtl8761au_fw", "rtl8761a_config", NULL, 0 }, /* RTL8761AU + 8192EE */
142 { 0xB761, 0x8761, 0, 0, "mp_rtl8761a_fw", "rtl8761au_fw", "rtl8761a_config", NULL, 0 }, /* RTL8761AU + 8192EE */
143 { 0x8761, 0x8761, 0, 0, "mp_rtl8761a_fw", "rtl8761au_fw", "rtl8761a_config", NULL, 0 }, /* RTL8761AU + 8192EE for LI */
144 { 0x8A60, 0x8761, 0, 0, "mp_rtl8761a_fw", "rtl8761au_fw", "rtl8761a_config", NULL, 0 }, /* RTL8761AU + 8812AE */
146 { 0x8821, 0x8821, 0, 0, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", NULL, 0 }, /* RTL8821AE */
147 { 0x0821, 0x8821, 0, 0, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", NULL, 0 }, /* RTL8821AE */
148 { 0x0823, 0x8821, 0, 0, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", NULL, 0 }, /* RTL8821AU */
149 { 0x3414, 0x8821, 0, 0, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", NULL, 0 }, /* RTL8821AE */
150 { 0x3458, 0x8821, 0, 0, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", NULL, 0 }, /* RTL8821AE */
151 { 0x3461, 0x8821, 0, 0, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", NULL, 0 }, /* RTL8821AE */
152 { 0x3462, 0x8821, 0, 0, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", NULL, 0 }, /* RTL8821AE */
154 /* NOTE: must append patch entries above the null entry */
155 { 0, 0, 0, 0, NULL, NULL, NULL, NULL, 0 }
159 struct hci_dev *hdev;
160 struct usb_device *udev;
161 struct usb_interface *intf;
162 struct usb_interface *isoc;
168 struct work_struct work;
169 struct work_struct waker;
171 struct usb_anchor tx_anchor;
172 struct usb_anchor intr_anchor;
173 struct usb_anchor bulk_anchor;
174 struct usb_anchor isoc_anchor;
175 struct usb_anchor deferred;
179 struct usb_endpoint_descriptor *intr_ep;
180 struct usb_endpoint_descriptor *bulk_tx_ep;
181 struct usb_endpoint_descriptor *bulk_rx_ep;
182 struct usb_endpoint_descriptor *isoc_tx_ep;
183 struct usb_endpoint_descriptor *isoc_rx_ep;
187 unsigned int sco_num;
190 //#ifdef CONFIG_HAS_EARLYSUSPEND
192 struct early_suspend early_suspend;
194 struct notifier_block pm_notifier;
196 firmware_info *fw_info;
198 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 7, 1)
199 static bool reset_on_close = 0;
202 static void rtk_free( struct btusb_data *data)
204 #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 7, 1)
210 static struct btusb_data *rtk_alloc(struct usb_interface *intf)
212 struct btusb_data *data;
213 #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 7, 1)
214 data = kzalloc(sizeof(*data), GFP_KERNEL);
216 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
221 static void print_acl(struct sk_buff *skb, int direction)
224 uint wlength = skb->len;
225 u16 *handle = (u16 *)(skb->data);
226 u16 len = *(handle+1);
227 u8 *acl_data = (u8 *)(skb->data);
229 RTK_INFO("%s: direction %d, handle %04x, len %d",
230 __func__, direction, *handle, len);
234 static void print_sco(struct sk_buff *skb, int direction)
237 uint wlength = skb->len;
238 u16 *handle = (u16 *)(skb->data);
239 u8 len = *(u8 *)(handle+1);
240 u8 *sco_data =(u8 *)(skb->data);
242 RTKBT_INFO("%s: direction %d, handle %04x, len %d",
243 __func__, direction, *handle, len);
247 static void print_error_command(struct sk_buff *skb)
249 uint wlength = skb->len;
251 u16 *opcode = (u16*)(skb->data);
252 u8 *cmd_data = (u8*)(skb->data);
253 u8 len = *(cmd_data+2);
257 printk("HCI_OP_INQUIRY");
259 case HCI_OP_INQUIRY_CANCEL:
260 printk("HCI_OP_INQUIRY_CANCEL");
262 case HCI_OP_EXIT_PERIODIC_INQ:
263 printk("HCI_OP_EXIT_PERIODIC_INQ");
265 case HCI_OP_CREATE_CONN:
266 printk("HCI_OP_CREATE_CONN");
268 case HCI_OP_DISCONNECT:
269 printk("HCI_OP_DISCONNECT");
271 case HCI_OP_CREATE_CONN_CANCEL:
272 printk("HCI_OP_CREATE_CONN_CANCEL");
274 case HCI_OP_ACCEPT_CONN_REQ:
275 printk("HCI_OP_ACCEPT_CONN_REQ");
277 case HCI_OP_REJECT_CONN_REQ:
278 printk("HCI_OP_REJECT_CONN_REQ");
280 case HCI_OP_AUTH_REQUESTED:
281 printk("HCI_OP_AUTH_REQUESTED");
283 case HCI_OP_SET_CONN_ENCRYPT:
284 printk("HCI_OP_SET_CONN_ENCRYPT");
286 case HCI_OP_REMOTE_NAME_REQ:
287 printk("HCI_OP_REMOTE_NAME_REQ");
289 case HCI_OP_READ_REMOTE_FEATURES:
290 printk("HCI_OP_READ_REMOTE_FEATURES");
292 case HCI_OP_SNIFF_MODE:
293 printk("HCI_OP_SNIFF_MODE");
295 case HCI_OP_EXIT_SNIFF_MODE:
296 printk("HCI_OP_EXIT_SNIFF_MODE");
298 case HCI_OP_SWITCH_ROLE:
299 printk("HCI_OP_SWITCH_ROLE");
301 case HCI_OP_SNIFF_SUBRATE:
302 printk("HCI_OP_SNIFF_SUBRATE");
305 printk("HCI_OP_RESET");
311 printk(":%04x,len:%d,", *opcode,len);
312 for (icount = 3; (icount < wlength) && (icount < 24); icount++)
313 printk("%02x ", *(cmd_data+icount));
317 static void print_command(struct sk_buff *skb)
320 print_error_command(skb);
325 /* Global parameters for bt usb char driver */
326 #define BT_CHAR_DEVICE_NAME "rtk_btusb"
327 struct mutex btchr_mutex;
328 static struct sk_buff_head btchr_readq;
329 static wait_queue_head_t btchr_read_wait;
330 static int bt_char_dev_registered;
331 static dev_t bt_devid; /* bt char device number */
332 static struct cdev bt_char_dev; /* bt character device structure */
333 static struct class *bt_char_class; /* device class for usb char driver */
334 static int bt_reset = 0;
335 /* HCI device & lock */
336 DEFINE_RWLOCK(hci_dev_lock);
337 struct hci_dev *ghdev = NULL;
339 static void print_event(struct sk_buff *skb)
342 uint wlength = skb->len;
344 u8 *opcode = (u8*)(skb->data);
345 u8 len = *(opcode+1);
348 case HCI_EV_INQUIRY_COMPLETE:
349 printk("HCI_EV_INQUIRY_COMPLETE");
351 case HCI_EV_INQUIRY_RESULT:
352 printk("HCI_EV_INQUIRY_RESULT");
354 case HCI_EV_CONN_COMPLETE:
355 printk("HCI_EV_CONN_COMPLETE");
357 case HCI_EV_CONN_REQUEST:
358 printk("HCI_EV_CONN_REQUEST");
360 case HCI_EV_DISCONN_COMPLETE:
361 printk("HCI_EV_DISCONN_COMPLETE");
363 case HCI_EV_AUTH_COMPLETE:
364 printk("HCI_EV_AUTH_COMPLETE");
366 case HCI_EV_REMOTE_NAME:
367 printk("HCI_EV_REMOTE_NAME");
369 case HCI_EV_ENCRYPT_CHANGE:
370 printk("HCI_EV_ENCRYPT_CHANGE");
372 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
373 printk("HCI_EV_CHANGE_LINK_KEY_COMPLETE");
375 case HCI_EV_REMOTE_FEATURES:
376 printk("HCI_EV_REMOTE_FEATURES");
378 case HCI_EV_REMOTE_VERSION:
379 printk("HCI_EV_REMOTE_VERSION");
381 case HCI_EV_QOS_SETUP_COMPLETE:
382 printk("HCI_EV_QOS_SETUP_COMPLETE");
384 case HCI_EV_CMD_COMPLETE:
385 printk("HCI_EV_CMD_COMPLETE");
387 case HCI_EV_CMD_STATUS:
388 printk("HCI_EV_CMD_STATUS");
390 case HCI_EV_ROLE_CHANGE:
391 printk("HCI_EV_ROLE_CHANGE");
393 case HCI_EV_NUM_COMP_PKTS:
394 printk("HCI_EV_NUM_COMP_PKTS");
396 case HCI_EV_MODE_CHANGE:
397 printk("HCI_EV_MODE_CHANGE");
399 case HCI_EV_PIN_CODE_REQ:
400 printk("HCI_EV_PIN_CODE_REQ");
402 case HCI_EV_LINK_KEY_REQ:
403 printk("HCI_EV_LINK_KEY_REQ");
405 case HCI_EV_LINK_KEY_NOTIFY:
406 printk("HCI_EV_LINK_KEY_NOTIFY");
408 case HCI_EV_CLOCK_OFFSET:
409 printk("HCI_EV_CLOCK_OFFSET");
411 case HCI_EV_PKT_TYPE_CHANGE:
412 printk("HCI_EV_PKT_TYPE_CHANGE");
414 case HCI_EV_PSCAN_REP_MODE:
415 printk("HCI_EV_PSCAN_REP_MODE");
417 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
418 printk("HCI_EV_INQUIRY_RESULT_WITH_RSSI");
420 case HCI_EV_REMOTE_EXT_FEATURES:
421 printk("HCI_EV_REMOTE_EXT_FEATURES");
423 case HCI_EV_SYNC_CONN_COMPLETE:
424 printk("HCI_EV_SYNC_CONN_COMPLETE");
426 case HCI_EV_SYNC_CONN_CHANGED:
427 printk("HCI_EV_SYNC_CONN_CHANGED");
429 case HCI_EV_SNIFF_SUBRATE:
430 printk("HCI_EV_SNIFF_SUBRATE");
432 case HCI_EV_EXTENDED_INQUIRY_RESULT:
433 printk("HCI_EV_EXTENDED_INQUIRY_RESULT");
435 case HCI_EV_IO_CAPA_REQUEST:
436 printk("HCI_EV_IO_CAPA_REQUEST");
438 case HCI_EV_SIMPLE_PAIR_COMPLETE:
439 printk("HCI_EV_SIMPLE_PAIR_COMPLETE");
441 case HCI_EV_REMOTE_HOST_FEATURES:
442 printk("HCI_EV_REMOTE_HOST_FEATURES");
448 printk(":%02x,len:%d,", *opcode,len);
449 for (icount = 2; (icount < wlength) && (icount < 24); icount++)
450 printk("%02x ", *(opcode+icount));
455 static inline ssize_t usb_put_user(struct sk_buff *skb,
456 char __user *buf, int count)
458 char __user *ptr = buf;
459 int len = min_t(unsigned int, skb->len, count);
461 if (copy_to_user(ptr, skb->data, len))
467 static struct sk_buff *rtk_skb_queue[QUEUE_SIZE];
468 static int rtk_skb_queue_front = -1;
469 static int rtk_skb_queue_rear = -1;
471 static void rtk_enqueue(struct sk_buff *skb)
473 if (rtk_skb_queue_front == (rtk_skb_queue_rear + 1) % QUEUE_SIZE) {
475 * If queue is full, current solution is to drop
476 * the following entries.
478 RTKBT_WARN("%s: Queue is full, entry will be dropped", __func__);
480 if (rtk_skb_queue_front == -1) {
481 rtk_skb_queue_front = 0;
482 rtk_skb_queue_rear = 0;
484 rtk_skb_queue_rear++;
485 rtk_skb_queue_rear %= QUEUE_SIZE;
488 rtk_skb_queue[rtk_skb_queue_rear] = skb;
492 static struct sk_buff *rtk_dequeue_try(unsigned int deq_len)
495 struct sk_buff *skb_copy;
497 if (rtk_skb_queue_front == -1) {
498 RTKBT_WARN("%s: Queue is empty", __func__);
502 skb = rtk_skb_queue[rtk_skb_queue_front];
503 if (deq_len >= skb->len) {
504 if (rtk_skb_queue_front == rtk_skb_queue_rear) {
505 rtk_skb_queue_front = -1;
506 rtk_skb_queue_rear = -1;
508 rtk_skb_queue_front++;
509 rtk_skb_queue_front %= QUEUE_SIZE;
512 * Return skb addr to be dequeued, and the caller
513 * should free the skb eventually.
517 skb_copy = pskb_copy(skb, GFP_ATOMIC);
518 skb_pull(skb, deq_len);
519 /* Return its copy to be freed */
524 static inline int is_queue_empty(void)
526 return (rtk_skb_queue_front == -1) ? 1 : 0;
530 * Realtek - Integrate from hci_core.c
533 /* Get HCI device by index.
534 * Device is held on return. */
535 static struct hci_dev *hci_dev_get(int index)
543 /* ---- HCI ioctl helpers ---- */
544 static int hci_dev_open(__u16 dev)
546 struct hci_dev *hdev;
549 RTKBT_DBG("%s: dev %d", __func__, dev);
551 hdev = hci_dev_get(dev);
553 RTKBT_ERR("%s: Failed to get hci dev[Null]", __func__);
557 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
562 if (test_bit(HCI_UP, &hdev->flags)) {
567 if (hdev->open(hdev)) {
572 set_bit(HCI_UP, &hdev->flags);
577 static int hci_dev_do_close(struct hci_dev *hdev)
581 /* After this point our queues are empty
582 * and no tasks are scheduled. */
589 static int hci_dev_close(__u16 dev)
591 struct hci_dev *hdev;
593 hdev = hci_dev_get(dev);
595 RTKBT_ERR("%s: failed to get hci dev[Null]", __func__);
599 err = hci_dev_do_close(hdev);
604 static struct hci_dev *hci_alloc_dev(void)
606 struct hci_dev *hdev;
608 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
615 /* Free HCI device */
616 static void hci_free_dev(struct hci_dev *hdev)
621 /* Register HCI device */
622 static int hci_register_dev(struct hci_dev *hdev)
626 RTKBT_DBG("%s: %p name %s bus %d", __func__, hdev, hdev->name, hdev->bus);
627 /* Do not allow HCI_AMP devices to register at index 0,
628 * so the index can be used as the AMP controller ID.
630 id = (hdev->dev_type == HCI_BREDR) ? 0 : 1;
632 write_lock(&hci_dev_lock);
634 sprintf(hdev->name, "hci%d", id);
638 mutex_init(&hdev->lock);
640 RTKBT_DBG("%s: id %d, name %s", __func__, hdev->id, hdev->name);
643 for (i = 0; i < NUM_REASSEMBLY; i++)
644 hdev->reassembly[i] = NULL;
646 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
647 atomic_set(&hdev->promisc, 0);
650 RTKBT_ERR("%s: Hci device has been registered already", __func__);
655 write_unlock(&hci_dev_lock);
660 /* Unregister HCI device */
661 static void hci_unregister_dev(struct hci_dev *hdev)
665 RTKBT_DBG("%s: hdev %p name %s bus %d", __func__, hdev, hdev->name, hdev->bus);
666 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
668 write_lock(&hci_dev_lock);
670 write_unlock(&hci_dev_lock);
672 hci_dev_do_close(hdev);
673 for (i = 0; i < NUM_REASSEMBLY; i++)
674 kfree_skb(hdev->reassembly[i]);
677 static void hci_send_to_stack(struct hci_dev *hdev, struct sk_buff *skb)
679 struct sk_buff *rtk_skb_copy = NULL;
681 RTKBT_DBG("%s", __func__);
684 RTKBT_ERR("%s: Frame for unknown HCI device", __func__);
688 if (!test_bit(HCI_RUNNING, &hdev->flags)) {
689 RTKBT_ERR("%s: HCI not running", __func__);
693 rtk_skb_copy = pskb_copy(skb, GFP_ATOMIC);
695 RTKBT_ERR("%s: Copy skb error", __func__);
699 memcpy(skb_push(rtk_skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
700 rtk_enqueue(rtk_skb_copy);
702 /* Make sure bt char device existing before wakeup read queue */
703 hdev = hci_dev_get(0);
705 RTKBT_DBG("%s: Try to wakeup read queue", __func__);
706 wake_up_interruptible(&btchr_read_wait);
712 /* Receive frame from HCI drivers */
713 static int hci_recv_frame(struct sk_buff *skb)
715 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
718 (!test_bit(HCI_UP, &hdev->flags) && !test_bit(HCI_INIT, &hdev->flags))) {
724 bt_cb(skb)->incoming = 1;
727 __net_timestamp(skb);
729 if (atomic_read(&hdev->promisc)) {
730 /* Send copy to the sockets */
731 hci_send_to_stack(hdev, skb);
737 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
738 int count, __u8 index)
744 struct bt_skb_cb *scb;
746 RTKBT_DBG("%s", __func__);
748 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
749 index >= NUM_REASSEMBLY)
752 skb = hdev->reassembly[index];
756 case HCI_ACLDATA_PKT:
757 len = HCI_MAX_FRAME_SIZE;
758 hlen = HCI_ACL_HDR_SIZE;
761 len = HCI_MAX_EVENT_SIZE;
762 hlen = HCI_EVENT_HDR_SIZE;
764 case HCI_SCODATA_PKT:
765 len = HCI_MAX_SCO_SIZE;
766 hlen = HCI_SCO_HDR_SIZE;
770 skb = bt_skb_alloc(len, GFP_ATOMIC);
774 scb = (void *) skb->cb;
776 scb->pkt_type = type;
778 skb->dev = (void *) hdev;
779 hdev->reassembly[index] = skb;
783 scb = (void *) skb->cb;
784 len = min_t(uint, scb->expect, count);
786 memcpy(skb_put(skb, len), data, len);
795 if (skb->len == HCI_EVENT_HDR_SIZE) {
796 struct hci_event_hdr *h = hci_event_hdr(skb);
797 scb->expect = h->plen;
799 if (skb_tailroom(skb) < scb->expect) {
801 hdev->reassembly[index] = NULL;
807 case HCI_ACLDATA_PKT:
808 if (skb->len == HCI_ACL_HDR_SIZE) {
809 struct hci_acl_hdr *h = hci_acl_hdr(skb);
810 scb->expect = __le16_to_cpu(h->dlen);
812 if (skb_tailroom(skb) < scb->expect) {
814 hdev->reassembly[index] = NULL;
820 case HCI_SCODATA_PKT:
821 if (skb->len == HCI_SCO_HDR_SIZE) {
822 struct hci_sco_hdr *h = hci_sco_hdr(skb);
823 scb->expect = h->dlen;
825 if (skb_tailroom(skb) < scb->expect) {
827 hdev->reassembly[index] = NULL;
834 if (scb->expect == 0) {
836 if(HCI_ACLDATA_PKT == type)
838 if(HCI_SCODATA_PKT == type)
840 if(HCI_EVENT_PKT == type)
843 bt_cb(skb)->pkt_type = type;
846 hdev->reassembly[index] = NULL;
854 static int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
858 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
862 rem = hci_reassembly(hdev, type, data, count, type - 1);
866 data += (count - rem);
873 void hci_hardware_error(void)
875 struct sk_buff *rtk_skb_copy = NULL;
877 uint8_t hardware_err_pkt[3] = {HCI_EVENT_PKT, 0x10, 0x00};
879 rtk_skb_copy = alloc_skb(len, GFP_ATOMIC);
881 RTKBT_ERR("%s: Failed to allocate mem", __func__);
885 memcpy(skb_put(rtk_skb_copy, len), hardware_err_pkt, len);
886 rtk_enqueue(rtk_skb_copy);
888 wake_up_interruptible(&btchr_read_wait);
891 static int btchr_open(struct inode *inode_p, struct file *file_p)
893 struct btusb_data *data;
894 struct hci_dev *hdev;
896 RTKBT_INFO("%s: BT usb char device is opening", __func__);
897 /* Not open unless wanna tracing log */
898 /* trace_printk("%s: open....\n", __func__); */
900 hdev = hci_dev_get(0);
902 RTKBT_ERR("%s: Failed to get hci dev[NULL]", __func__);
905 data = GET_DRV_DATA(hdev);
907 atomic_inc(&hdev->promisc);
909 * As bt device is not re-opened when hotplugged out, we cannot
910 * trust on file's private data(may be null) when other file ops
913 file_p->private_data = data;
915 mutex_lock(&btchr_mutex);
917 mutex_unlock(&btchr_mutex);
919 return nonseekable_open(inode_p, file_p);
922 static int btchr_close(struct inode *inode_p, struct file *file_p)
924 struct btusb_data *data;
925 struct hci_dev *hdev;
927 RTKBT_INFO("%s: BT usb char device is closing", __func__);
928 /* Not open unless wanna tracing log */
929 /* trace_printk("%s: close....\n", __func__); */
931 data = file_p->private_data;
932 file_p->private_data = NULL;
936 * If the upper layer closes bt char interfaces, no reset
937 * action required even bt device hotplugged out.
942 hdev = hci_dev_get(0);
944 atomic_set(&hdev->promisc, 0);
945 mutex_lock(&btchr_mutex);
947 mutex_unlock(&btchr_mutex);
953 static ssize_t btchr_read(struct file *file_p,
958 struct hci_dev *hdev;
962 RTKBT_DBG("%s: BT usb char device is reading", __func__);
965 hdev = hci_dev_get(0);
968 * Note: Only when BT device hotplugged out, we wil get
969 * into such situation. In order to keep the upper layer
970 * stack alive (blocking the read), we should never return
971 * EFAULT or break the loop.
973 RTKBT_ERR("%s: Failed to get hci dev[Null]", __func__);
976 ret = wait_event_interruptible(btchr_read_wait, !is_queue_empty());
978 RTKBT_ERR("%s: wait event is signaled %d", __func__, ret);
982 skb = rtk_dequeue_try(count);
984 ret = usb_put_user(skb, buf_p, count);
986 RTKBT_ERR("%s: Failed to put data to user space", __func__);
995 static ssize_t btchr_write(struct file *file_p,
996 const char __user *buf_p,
1000 struct btusb_data *data = file_p->private_data;
1001 struct hci_dev *hdev;
1002 struct sk_buff *skb;
1004 RTKBT_DBG("%s: BT usb char device is writing", __func__);
1006 hdev = hci_dev_get(0);
1008 RTKBT_WARN("%s: Failed to get hci dev[Null]", __func__);
1010 * Note: we bypass the data from the upper layer if bt device
1011 * is hotplugged out. Fortunatelly, H4 or H5 HCI stack does
1012 * NOT check btchr_write's return value. However, returning
1013 * count instead of EFAULT is preferable.
1015 /* return -EFAULT; */
1019 /* Never trust on btusb_data, as bt device may be hotplugged out */
1020 data = GET_DRV_DATA(hdev);
1022 RTKBT_WARN("%s: Failed to get bt usb driver data[Null]", __func__);
1026 if (count > HCI_MAX_FRAME_SIZE)
1029 skb = bt_skb_alloc(count, GFP_ATOMIC);
1032 skb_reserve(skb, -1); // Add this line
1034 if (copy_from_user(skb_put(skb, count), buf_p, count)) {
1035 RTKBT_ERR("%s: Failed to get data from user space", __func__);
1040 skb->dev = (void *)hdev;
1041 bt_cb(skb)->pkt_type = *((__u8 *)skb->data);
1043 data->hdev->send(skb);
1048 static unsigned int btchr_poll(struct file *file_p, poll_table *wait)
1050 struct btusb_data *data = file_p->private_data;
1051 struct hci_dev *hdev;
1053 RTKBT_DBG("%s: BT usb char device is polling", __func__);
1055 hdev = hci_dev_get(0);
1057 RTKBT_ERR("%s: Failed to get hci dev[Null]", __func__);
1058 mdelay(URB_CANCELING_DELAY_MS);
1059 return POLLOUT | POLLWRNORM;
1062 /* Never trust on btusb_data, as bt device may be hotplugged out */
1063 data = GET_DRV_DATA(hdev);
1066 * When bt device is hotplugged out, btusb_data will
1067 * be freed in disconnect.
1069 RTKBT_ERR("%s: Failed to get bt usb driver data[Null]", __func__);
1070 mdelay(URB_CANCELING_DELAY_MS);
1071 return POLLOUT | POLLWRNORM;
1074 if (!is_queue_empty())
1075 return POLLIN | POLLRDNORM;
1077 poll_wait(file_p, &btchr_read_wait, wait);
1079 return POLLOUT | POLLWRNORM;
1082 static struct file_operations bt_chrdev_ops = {
1084 release : btchr_close,
1086 write : btchr_write,
1090 static int btchr_init(void)
1095 RTKBT_INFO("Register usb char device interface for BT driver");
1097 * btchr mutex is used to sync between
1098 * 1) downloading patch and opening bt char driver
1099 * 2) the file operations of bt char driver
1101 mutex_init(&btchr_mutex);
1103 skb_queue_head_init(&btchr_readq);
1104 init_waitqueue_head(&btchr_read_wait);
1106 bt_char_class = class_create(THIS_MODULE, BT_CHAR_DEVICE_NAME);
1107 if (IS_ERR(bt_char_class)) {
1108 RTKBT_ERR("Failed to create bt char class");
1109 return PTR_ERR(bt_char_class);
1112 res = alloc_chrdev_region(&bt_devid, 0, 1, BT_CHAR_DEVICE_NAME);
1114 RTKBT_ERR("Failed to allocate bt char device");
1118 dev = device_create(bt_char_class, NULL, bt_devid, NULL, BT_CHAR_DEVICE_NAME);
1120 RTKBT_ERR("Failed to create bt char device");
1125 cdev_init(&bt_char_dev, &bt_chrdev_ops);
1126 res = cdev_add(&bt_char_dev, bt_devid, 1);
1128 RTKBT_ERR("Failed to add bt char device");
1135 device_destroy(bt_char_class, bt_devid);
1137 unregister_chrdev_region(bt_devid, 1);
1139 class_destroy(bt_char_class);
1143 static void btchr_exit(void)
1145 RTKBT_INFO("Unregister usb char device interface for BT driver");
1147 device_destroy(bt_char_class, bt_devid);
1148 cdev_del(&bt_char_dev);
1149 unregister_chrdev_region(bt_devid, 1);
1150 class_destroy(bt_char_class);
1156 int send_hci_cmd(firmware_info *fw_info)
1160 ret_val = usb_control_msg(
1161 fw_info->udev, fw_info->pipe_out,
1162 0, USB_TYPE_CLASS, 0, 0,
1163 (void *)(fw_info->send_pkt),
1164 fw_info->pkt_len, MSG_TO);
1169 int rcv_hci_evt(firmware_info *fw_info)
1171 int ret_len = 0, ret_val = 0;
1175 for(i = 0; i < 5; i++) {
1176 ret_val = usb_interrupt_msg(
1177 fw_info->udev, fw_info->pipe_in,
1178 (void *)(fw_info->rcv_pkt), PKT_LEN,
1187 if (CMD_CMP_EVT == fw_info->evt_hdr->evt) {
1188 if (fw_info->cmd_hdr->opcode == fw_info->cmd_cmp->opcode)
1194 int set_bt_onoff(firmware_info *fw_info, uint8_t onoff)
1196 patch_info *patch_entry;
1199 RTKBT_INFO("%s: %s", __func__, onoff != 0 ? "on" : "off");
1201 patch_entry = fw_info->patch_entry;
1205 fw_info->cmd_hdr->opcode = cpu_to_le16(BTOFF_OPCODE);
1206 fw_info->cmd_hdr->plen = 1;
1207 fw_info->pkt_len = CMD_HDR_LEN + 1;
1208 fw_info->send_pkt[CMD_HDR_LEN] = onoff;
1210 ret_val = send_hci_cmd(fw_info);
1212 RTKBT_ERR("%s: Failed to send bt %s cmd, errno %d",
1213 __func__, onoff != 0 ? "on" : "off", ret_val);
1217 ret_val = rcv_hci_evt(fw_info);
1219 RTKBT_ERR("%s: Failed to receive bt %s event, errno %d",
1220 __func__, onoff != 0 ? "on" : "off", ret_val);
1227 static patch_info *get_fw_table_entry(struct usb_device* udev)
1229 patch_info *patch_entry = fw_patch_table;
1230 uint16_t pid = le16_to_cpu(udev->descriptor.idProduct);
1231 uint32_t entry_size = sizeof(fw_patch_table) / sizeof(fw_patch_table[0]);
1234 RTKBT_INFO("%s: Product id = 0x%04x, fw table entry size %d", __func__, pid, entry_size);
1236 for (i = 0; i < entry_size; i++, patch_entry++) {
1237 if (pid == patch_entry->prod_id)
1241 if (i == entry_size) {
1242 RTKBT_ERR("%s: No fw table entry found", __func__);
1249 static struct rtk_epatch_entry *get_fw_patch_entry(struct rtk_epatch *epatch_info, uint16_t eco_ver)
1251 int patch_num = epatch_info->number_of_total_patch;
1252 uint8_t *epatch_buf = (uint8_t *)epatch_info;
1253 struct rtk_epatch_entry *p_entry = NULL;
1258 for (i = 0; i < patch_num; i++) {
1259 if (*(uint16_t *)(epatch_buf + 14 + 2*i) == eco_ver + 1) {
1260 p_entry = kzalloc(sizeof(*p_entry), GFP_KERNEL);
1262 RTKBT_ERR("%s: Failed to allocate mem for patch entry", __func__);
1265 p_entry->chip_id = eco_ver + 1;
1266 p_entry->patch_length = *(uint16_t*)(epatch_buf + 14 + 2*patch_num + 2*i);
1267 p_entry->start_offset = *(uint32_t*)(epatch_buf + 14 + 4*patch_num + 4*i);
1268 p_entry->coex_version = *(uint32_t*)(epatch_buf + p_entry->start_offset + p_entry->patch_length - 12);
1269 p_entry->svn_version = *(uint32_t*)(epatch_buf + p_entry->start_offset + p_entry->patch_length - 8);
1270 p_entry->fw_version = *(uint32_t*)(epatch_buf + p_entry->start_offset + p_entry->patch_length - 4);
1272 coex_date = ((p_entry->coex_version >> 16) & 0x7ff) + ((p_entry->coex_version >> 27) * 10000);
1273 coex_ver = p_entry->coex_version & 0xffff;
1275 RTKBT_INFO("%s: chip id %d, patch length 0x%04x, patch offset 0x%08x, "
1276 "coex version 20%06d-0x%04x, svn version 0x%08x, fw version 0x%08x",
1277 __func__, p_entry->chip_id, p_entry->patch_length, p_entry->start_offset,
1278 coex_date, coex_ver, p_entry->svn_version, p_entry->fw_version);
1287 * check the return value
1288 * 1: need to download fw patch
1289 * 0: no need to download fw patch
1290 * <0: failed to check lmp version
1292 int check_fw_version(firmware_info* fw_info)
1294 struct hci_rp_read_local_version *read_ver_rsp;
1295 patch_info *patch_entry = NULL;
1298 fw_info->cmd_hdr->opcode = cpu_to_le16(HCI_OP_READ_LOCAL_VERSION);
1299 fw_info->cmd_hdr->plen = 0;
1300 fw_info->pkt_len = CMD_HDR_LEN;
1302 ret_val = send_hci_cmd(fw_info);
1304 RTKBT_ERR("%s: Failed to send hci cmd 0x%04x, errno %d",
1305 __func__, fw_info->cmd_hdr->opcode, ret_val);
1309 ret_val = rcv_hci_evt(fw_info);
1311 RTKBT_ERR("%s: Failed to receive hci event, errno %d",
1316 patch_entry = fw_info->patch_entry;
1317 read_ver_rsp = (struct hci_rp_read_local_version *)(fw_info->rsp_para);
1319 RTKBT_INFO("%s: Controller lmp = 0x%04x, patch lmp = 0x%04x, default patch lmp = 0x%04x",
1320 __func__, read_ver_rsp->lmp_subver, patch_entry->lmp_sub, patch_entry->lmp_sub_default);
1322 if (read_ver_rsp->lmp_subver == patch_entry->lmp_sub_default) {
1323 RTKBT_INFO("%s: Cold BT controller startup", __func__);
1325 } else if (read_ver_rsp->lmp_subver != patch_entry->lmp_sub) {
1326 RTKBT_INFO("%s: Warm BT controller startup with updated lmp", __func__);
1329 RTKBT_INFO("%s: Warm BT controller startup with same lmp", __func__);
1334 int get_eversion(firmware_info* fw_info)
1336 struct rtk_eversion_evt *ever_evt;
1342 fw_info->cmd_hdr->opcode = cpu_to_le16(HCI_VENDOR_READ_RTK_ROM_VERISION);
1343 fw_info->cmd_hdr->plen = 0;
1344 fw_info->pkt_len = CMD_HDR_LEN;
1346 ret_val = send_hci_cmd(fw_info);
1348 RTKBT_ERR("%s: Failed to send hci cmd 0x%04x, errno %d",
1349 __func__, fw_info->cmd_hdr->opcode, ret_val);
1353 ret_val = rcv_hci_evt(fw_info);
1355 RTKBT_ERR("%s: Failed to receive hci event, errno %d",
1360 ever_evt = (struct rtk_eversion_evt *)(fw_info->rsp_para);
1362 RTKBT_INFO("%s: status %d, eversion %d", __func__, ever_evt->status, ever_evt->version);
1364 if (ever_evt->status)
1365 fw_info->patch_entry->eversion = 0;
1367 fw_info->patch_entry->eversion = ever_evt->version;
1372 int load_firmware(firmware_info *fw_info, uint8_t **buff)
1374 const struct firmware *fw, *cfg;
1375 struct usb_device *udev;
1376 patch_info *patch_entry;
1377 char *config_name, *fw_name;
1381 int config_len = 0, buf_len = -1;
1382 uint8_t *buf = *buff, *config_file_buf = NULL;
1383 uint8_t *epatch_buf = NULL;
1385 struct rtk_epatch *epatch_info = NULL;
1386 uint8_t need_download_fw = 1;
1387 struct rtk_extension_entry patch_lmp = {0};
1388 struct rtk_epatch_entry *p_epatch_entry = NULL;
1389 uint16_t lmp_version;
1390 //uint8_t use_mp_fw = 0;
1391 RTKBT_DBG("%s: start", __func__);
1393 udev = fw_info->udev;
1394 patch_entry = fw_info->patch_entry;
1395 lmp_version = patch_entry->lmp_sub_default;
1396 config_name = patch_entry->config_name;
1397 fw_name = patch_entry->patch_name;
1399 RTKBT_INFO("%s: Default lmp version = 0x%04x, config file name[%s], "
1400 "fw file name[%s]", __func__, lmp_version,config_name, fw_name);
1402 /* ret_val = request_firmware(&cfg, "mp_test", &udev->dev);
1404 config_file_buf = kzalloc(cfg->size, GFP_KERNEL);
1405 if (config_file_buf) {
1406 memcpy(config_file_buf, cfg->data, cfg->size);
1407 use_mp_fw = *config_file_buf;
1408 if (1 == use_mp_fw){
1409 fw_name = patch_entry->mp_patch_name;
1410 RTKBT_WARN("%s: use_mp_fw = %04d, fw file name[%s]", __func__, use_mp_fw, fw_name);
1412 kfree(config_file_buf);
1413 release_firmware(cfg);
1416 ret_val = request_firmware(&cfg, config_name, &udev->dev);
1420 config_file_buf = kzalloc(cfg->size, GFP_KERNEL);
1421 if (!config_file_buf)
1423 memcpy(config_file_buf, cfg->data, cfg->size);
1424 config_len = cfg->size;
1425 release_firmware(cfg);
1428 ret_val = request_firmware(&fw, fw_name, &udev->dev);
1432 epatch_buf = kzalloc(fw->size, GFP_KERNEL);
1434 release_firmware(fw);
1437 memcpy(epatch_buf, fw->data, fw->size);
1439 buf_len = fw_len + config_len;
1440 release_firmware(fw);
1443 if (lmp_version == ROM_LMP_8723a) {
1444 RTKBT_DBG("%s: 8723a -> use old style patch", __func__);
1445 if (!memcmp(epatch_buf, RTK_EPATCH_SIGNATURE, 8)) {
1446 RTKBT_ERR("%s: 8723a check signature error", __func__);
1447 need_download_fw = 0;
1449 if (!(buf = kzalloc(buf_len, GFP_KERNEL))) {
1450 RTKBT_ERR("%s: Failed to allocate mem for fw&config", __func__);
1453 RTKBT_DBG("%s: 8723a -> fw copy directly", __func__);
1454 memcpy(buf, epatch_buf, buf_len);
1455 patch_entry->lmp_sub = *(uint16_t *)(buf + buf_len - config_len - 4);
1456 RTKBT_DBG("%s: Config lmp version = 0x%04x", __func__,
1457 patch_entry->lmp_sub);
1461 memcpy(buf + buf_len - config_len, config_file_buf, config_len);
1465 RTKBT_DBG("%s: Not 8723a -> use new style patch", __func__);
1466 ret_val = get_eversion(fw_info);
1468 RTKBT_ERR("%s: Failed to get eversion, errno %d", __func__, ret_val);
1471 RTKBT_DBG("%s: Get eversion =%d", __func__, patch_entry->eversion);
1472 if (memcmp(epatch_buf + buf_len - config_len - 4 , EXTENSION_SECTION_SIGNATURE, 4)) {
1473 RTKBT_ERR("%s: Failed to check extension section signature", __func__);
1474 need_download_fw = 0;
1477 temp = epatch_buf+buf_len-config_len - 5;
1479 if (*temp == 0x00) {
1480 patch_lmp.opcode = *temp;
1481 patch_lmp.length = *(temp-1);
1482 if ((patch_lmp.data = kzalloc(patch_lmp.length, GFP_KERNEL))) {
1484 for (k = 0; k < patch_lmp.length; k++) {
1485 *(patch_lmp.data+k) = *(temp-2-k);
1486 RTKBT_DBG("data = 0x%x", *(patch_lmp.data+k));
1489 RTKBT_DBG("%s: opcode = 0x%x, length = 0x%x, data = 0x%x", __func__,
1490 patch_lmp.opcode, patch_lmp.length, *(patch_lmp.data));
1493 temp -= *(temp-1) + 2;
1494 } while (*temp != 0xFF);
1496 if (lmp_version != project_id[*(patch_lmp.data)]) {
1497 RTKBT_ERR("%s: Default lmp_version 0x%04x, project_id 0x%04x "
1498 "-> not match", __func__, lmp_version, project_id[*(patch_lmp.data)]);
1500 kfree(patch_lmp.data);
1501 need_download_fw = 0;
1503 RTKBT_INFO("%s: Default lmp_version 0x%04x, project_id 0x%04x "
1504 "-> match", __func__, lmp_version, project_id[*(patch_lmp.data)]);
1506 kfree(patch_lmp.data);
1507 if (memcmp(epatch_buf, RTK_EPATCH_SIGNATURE, 8)) {
1508 RTKBT_ERR("%s: Check signature error", __func__);
1509 need_download_fw = 0;
1511 epatch_info = (struct rtk_epatch*)epatch_buf;
1512 patch_entry->lmp_sub = (uint16_t)epatch_info->fw_version;
1514 RTKBT_DBG("%s: lmp version 0x%04x, fw_version 0x%x, "
1515 "number_of_total_patch %d", __func__,
1516 patch_entry->lmp_sub, epatch_info->fw_version,
1517 epatch_info->number_of_total_patch);
1519 /* Get right epatch entry */
1520 p_epatch_entry = get_fw_patch_entry(epatch_info, patch_entry->eversion);
1521 if (p_epatch_entry == NULL) {
1522 RTKBT_WARN("%s: Failed to get fw patch entry", __func__);
1527 buf_len = p_epatch_entry->patch_length + config_len;
1528 RTKBT_DBG("buf_len = 0x%x", buf_len);
1530 if (!(buf = kzalloc(buf_len, GFP_KERNEL))) {
1531 RTKBT_ERR("%s: Can't alloc memory for fw&config", __func__);
1534 memcpy(buf, &epatch_buf[p_epatch_entry->start_offset], p_epatch_entry->patch_length);
1535 memcpy(&buf[p_epatch_entry->patch_length-4], &epatch_info->fw_version, 4);
1536 kfree(p_epatch_entry);
1542 memcpy(&buf[buf_len - config_len], config_file_buf, config_len);
1548 if (config_file_buf)
1549 kfree(config_file_buf);
1551 RTKBT_INFO("%s: fw%s exists, config file%s exists", __func__,
1552 (buf_len > 0) ? "" : " not", (config_len > 0) ? "":" not");
1554 if (buf && buf_len > 0 && need_download_fw)
1557 RTKBT_DBG("%s: done", __func__);
1562 if (config_file_buf)
1563 kfree(config_file_buf);
1567 int get_firmware(firmware_info *fw_info, int cached)
1569 patch_info *patch_entry = fw_info->patch_entry;
1571 RTKBT_INFO("%s: start, cached %d,patch_entry->fw_len= %d", __func__, cached,patch_entry->fw_len);
1574 if (patch_entry->fw_len > 0) {
1575 fw_info->fw_data = kzalloc(patch_entry->fw_len, GFP_KERNEL);
1576 if (!fw_info->fw_data)
1578 memcpy(fw_info->fw_data, patch_entry->fw_cache, patch_entry->fw_len);
1579 fw_info->fw_len = patch_entry->fw_len;
1581 fw_info->fw_len = load_firmware(fw_info, &fw_info->fw_data);
1582 if (fw_info->fw_len <= 0)
1586 fw_info->fw_len = load_firmware(fw_info, &fw_info->fw_data);
1587 if (fw_info->fw_len <= 0)
1595 * Open the log message only if in debugging,
1596 * or it will decelerate download procedure.
1598 int download_data(firmware_info *fw_info)
1600 download_cp *cmd_para;
1601 download_rp *evt_para;
1603 int pkt_len, frag_num, frag_len;
1605 int ncmd = 1, step = 1;
1607 RTKBT_DBG("%s: start", __func__);
1609 cmd_para = (download_cp *)fw_info->req_para;
1610 evt_para = (download_rp *)fw_info->rsp_para;
1611 pcur = fw_info->fw_data;
1612 pkt_len = CMD_HDR_LEN + sizeof(download_cp);
1613 frag_num = fw_info->fw_len / PATCH_SEG_MAX + 1;
1614 frag_len = PATCH_SEG_MAX;
1616 for (i = 0; i < frag_num; i++) {
1617 cmd_para->index = i;
1618 if (i == (frag_num - 1)) {
1619 cmd_para->index |= DATA_END;
1620 frag_len = fw_info->fw_len % PATCH_SEG_MAX;
1621 pkt_len -= (PATCH_SEG_MAX - frag_len);
1623 fw_info->cmd_hdr->opcode = cpu_to_le16(DOWNLOAD_OPCODE);
1624 fw_info->cmd_hdr->plen = sizeof(uint8_t) + frag_len;
1625 fw_info->pkt_len = pkt_len;
1626 memcpy(cmd_para->data, pcur, frag_len);
1629 ret_val = send_hci_cmd(fw_info);
1631 RTKBT_DBG("%s: Failed to send frag num %d", __func__, cmd_para->index);
1634 RTKBT_DBG("%s: Send frag num %d", __func__, cmd_para->index);
1636 if (--step > 0 && i < frag_num - 1) {
1637 RTKBT_DBG("%s: Continue to send frag num %d", __func__, cmd_para->index + 1);
1638 pcur += PATCH_SEG_MAX;
1644 ret_val = rcv_hci_evt(fw_info);
1646 RTKBT_ERR("%s: rcv_hci_evt err %d", __func__, ret_val);
1649 RTKBT_DBG("%s: Receive acked frag num %d", __func__, evt_para->index);
1653 if (0 != evt_para->status) {
1654 RTKBT_ERR("%s: Receive acked frag num %d, err status %d",
1655 __func__, ret_val, evt_para->status);
1659 if ((evt_para->index & DATA_END) || (evt_para->index == frag_num - 1)) {
1660 RTKBT_DBG("%s: Receive last acked index %d", __func__, evt_para->index);
1665 ncmd = step = fw_info->cmd_cmp->ncmd;
1666 pcur += PATCH_SEG_MAX;
1667 RTKBT_DBG("%s: HCI command packet num %d", __func__, ncmd);
1671 * It is tricky that Host cannot receive DATA_END index from BT
1672 * controller, at least for 8723au. We are doomed if failed.
1675 /* Continue to receive the responsed events until last index occurs */
1676 if (i == frag_num) {
1677 RTKBT_DBG("%s: total frag count %d", __func__, frag_num);
1678 while (!(evt_para->index & DATA_END)) {
1679 ret_val = rcv_hci_evt(fw_info);
1681 RTKBT_ERR("%s: rcv_hci_evt err %d", __func__, ret_val);
1684 if (0 != evt_para->status)
1686 RTKBT_DBG("%s: continue to receive acked frag num %d", __func__, evt_para->index);
1691 RTKBT_INFO("%s: done, sent %d frag pkts, received %d frag events",
1692 __func__, cmd_para->index, evt_para->index);
1693 return fw_info->fw_len;
1696 int download_patch(firmware_info *fw_info, int cached)
1700 RTKBT_DBG("%s: Download fw patch start, cached %d", __func__, cached);
1702 if (!fw_info || !fw_info->patch_entry) {
1703 RTKBT_ERR("%s: No patch entry exists(fw_info %p)", __func__, fw_info);
1709 * step1: get local firmware if existed
1710 * step2: check firmware version
1711 * step3: download firmware if updated
1713 ret_val = get_firmware(fw_info, cached);
1715 RTKBT_ERR("%s: Failed to get firmware", __func__);
1719 ret_val = check_fw_version(fw_info);
1721 ret_val = download_data(fw_info);
1723 RTKBT_DBG("%s: Download fw patch done, fw len %d", __func__, ret_val);
1725 /* Free fw data after download finished */
1726 kfree(fw_info->fw_data);
1727 fw_info->fw_data = NULL;
1733 firmware_info *firmware_info_init(struct usb_interface *intf)
1735 struct usb_device *udev = interface_to_usbdev(intf);
1736 firmware_info *fw_info;
1738 RTKBT_DBG("%s: start", __func__);
1740 fw_info = kzalloc(sizeof(*fw_info), GFP_KERNEL);
1744 fw_info->send_pkt = kzalloc(PKT_LEN, GFP_KERNEL);
1745 if (!fw_info->send_pkt) {
1750 fw_info->rcv_pkt = kzalloc(PKT_LEN, GFP_KERNEL);
1751 if (!fw_info->rcv_pkt) {
1752 kfree(fw_info->send_pkt);
1757 fw_info->patch_entry = get_fw_table_entry(udev);
1758 if (!fw_info->patch_entry) {
1759 kfree(fw_info->rcv_pkt);
1760 kfree(fw_info->send_pkt);
1765 fw_info->intf = intf;
1766 fw_info->udev = udev;
1767 fw_info->pipe_in = usb_rcvintpipe(fw_info->udev, INTR_EP);
1768 fw_info->pipe_out = usb_sndctrlpipe(fw_info->udev, CTRL_EP);
1769 fw_info->cmd_hdr = (struct hci_command_hdr *)(fw_info->send_pkt);
1770 fw_info->evt_hdr = (struct hci_event_hdr *)(fw_info->rcv_pkt);
1771 fw_info->cmd_cmp = (struct hci_ev_cmd_complete *)(fw_info->rcv_pkt + EVT_HDR_LEN);
1772 fw_info->req_para = fw_info->send_pkt + CMD_HDR_LEN;
1773 fw_info->rsp_para = fw_info->rcv_pkt + EVT_HDR_LEN + CMD_CMP_LEN;
1776 RTKBT_INFO("%s: Auto suspend is enabled", __func__);
1777 usb_enable_autosuspend(udev);
1778 pm_runtime_set_autosuspend_delay(&(udev->dev), 2000);
1780 RTKBT_INFO("%s: Auto suspend is disabled", __func__);
1781 usb_disable_autosuspend(udev);
1784 #if BTUSB_WAKEUP_HOST
1785 device_wakeup_enable(&udev->dev);
1791 void firmware_info_destroy(struct usb_interface *intf)
1793 firmware_info *fw_info;
1794 struct usb_device *udev;
1795 struct btusb_data *data;
1797 udev = interface_to_usbdev(intf);
1798 data = usb_get_intfdata(intf);
1800 fw_info = data->fw_info;
1805 usb_disable_autosuspend(udev);
1809 * In order to reclaim fw data mem, we free fw_data immediately
1810 * after download patch finished instead of here.
1812 kfree(fw_info->rcv_pkt);
1813 kfree(fw_info->send_pkt);
1817 static struct usb_driver btusb_driver;
1819 static struct usb_device_id btusb_table[] = {
1820 { .match_flags = USB_DEVICE_ID_MATCH_VENDOR |
1821 USB_DEVICE_ID_MATCH_INT_INFO,
1823 .bInterfaceClass = 0xe0,
1824 .bInterfaceSubClass = 0x01,
1825 .bInterfaceProtocol = 0x01 },
1827 { .match_flags = USB_DEVICE_ID_MATCH_VENDOR |
1828 USB_DEVICE_ID_MATCH_INT_INFO,
1830 .bInterfaceClass = 0xe0,
1831 .bInterfaceSubClass = 0x01,
1832 .bInterfaceProtocol = 0x01 },
1837 MODULE_DEVICE_TABLE(usb, btusb_table);
1839 static int inc_tx(struct btusb_data *data)
1841 unsigned long flags;
1844 spin_lock_irqsave(&data->txlock, flags);
1845 rv = test_bit(BTUSB_SUSPENDING, &data->flags);
1847 data->tx_in_flight++;
1848 spin_unlock_irqrestore(&data->txlock, flags);
1853 void check_sco_event(struct urb *urb)
1855 u8* opcode = (u8*)(urb->transfer_buffer);
1857 static uint16_t sco_handle = 0;
1859 struct hci_dev *hdev = urb->context;
1860 struct btusb_data *data = GET_DRV_DATA(hdev);
1863 case HCI_EV_SYNC_CONN_COMPLETE:
1864 RTKBT_INFO("%s: HCI_EV_SYNC_CONN_COMPLETE(0x%02x)", __func__, *opcode);
1865 status = *(opcode + 2);
1866 sco_handle = *(opcode + 3) | *(opcode + 4) << 8;
1868 hdev->conn_hash.sco_num++;
1869 schedule_work(&data->work);
1872 case HCI_EV_DISCONN_COMPLETE:
1873 RTKBT_INFO("%s: HCI_EV_DISCONN_COMPLETE(0x%02x)", __func__, *opcode);
1874 status = *(opcode + 2);
1875 handle = *(opcode + 3) | *(opcode + 4) << 8;
1876 if (status == 0 && sco_handle == handle) {
1877 hdev->conn_hash.sco_num--;
1878 schedule_work(&data->work);
1882 RTKBT_DBG("%s: event 0x%02x", __func__, *opcode);
1887 static void btusb_intr_complete(struct urb *urb)
1889 struct hci_dev *hdev = urb->context;
1890 struct btusb_data *data = GET_DRV_DATA(hdev);
1893 RTKBT_DBG("%s: urb %p status %d count %d ", __func__,
1894 urb, urb->status, urb->actual_length);
1896 check_sco_event(urb);
1898 if (!test_bit(HCI_RUNNING, &hdev->flags))
1902 if (urb->status == 0) {
1903 hdev->stat.byte_rx += urb->actual_length;
1905 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
1906 urb->transfer_buffer,
1907 urb->actual_length) < 0) {
1908 RTKBT_ERR("%s: Corrupted event packet", __func__);
1909 hdev->stat.err_rx++;
1912 /* Avoid suspend failed when usb_kill_urb */
1913 else if(urb->status == -ENOENT) {
1918 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
1921 usb_mark_last_busy(data->udev);
1922 usb_anchor_urb(urb, &data->intr_anchor);
1924 err = usb_submit_urb(urb, GFP_ATOMIC);
1926 /* EPERM: urb is being killed;
1927 * ENODEV: device got disconnected */
1928 if (err != -EPERM && err != -ENODEV)
1929 RTKBT_ERR("%s: Failed to re-submit urb %p, err %d",
1930 __func__, urb, err);
1931 usb_unanchor_urb(urb);
1935 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
1937 struct btusb_data *data = GET_DRV_DATA(hdev);
1946 urb = usb_alloc_urb(0, mem_flags);
1950 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
1952 buf = kmalloc(size, mem_flags);
1958 RTKBT_DBG("%s: mMaxPacketSize %d, bEndpointAddress 0x%02x",
1959 __func__, size, data->intr_ep->bEndpointAddress);
1961 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
1963 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
1964 btusb_intr_complete, hdev,
1965 data->intr_ep->bInterval);
1967 urb->transfer_flags |= URB_FREE_BUFFER;
1969 usb_anchor_urb(urb, &data->intr_anchor);
1971 err = usb_submit_urb(urb, mem_flags);
1973 RTKBT_ERR("%s: Failed to submit urb %p, err %d",
1974 __func__, urb, err);
1975 usb_unanchor_urb(urb);
1983 static void btusb_bulk_complete(struct urb *urb)
1985 struct hci_dev *hdev = urb->context;
1986 struct btusb_data *data = GET_DRV_DATA(hdev);
1989 RTKBT_DBG("%s: urb %p status %d count %d",
1990 __func__, urb, urb->status, urb->actual_length);
1992 if (!test_bit(HCI_RUNNING, &hdev->flags))
1995 if (urb->status == 0) {
1996 hdev->stat.byte_rx += urb->actual_length;
1998 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
1999 urb->transfer_buffer,
2000 urb->actual_length) < 0) {
2001 RTKBT_ERR("%s: Corrupted ACL packet", __func__);
2002 hdev->stat.err_rx++;
2005 /* Avoid suspend failed when usb_kill_urb */
2006 else if(urb->status == -ENOENT) {
2011 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
2014 usb_anchor_urb(urb, &data->bulk_anchor);
2015 usb_mark_last_busy(data->udev);
2017 err = usb_submit_urb(urb, GFP_ATOMIC);
2019 /* -EPERM: urb is being killed;
2020 * -ENODEV: device got disconnected */
2021 if (err != -EPERM && err != -ENODEV)
2022 RTKBT_ERR("btusb_bulk_complete %s urb %p failed to resubmit (%d)",
2023 hdev->name, urb, -err);
2024 usb_unanchor_urb(urb);
2028 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
2030 struct btusb_data *data = GET_DRV_DATA(hdev);
2034 int err, size = HCI_MAX_FRAME_SIZE;
2036 RTKBT_DBG("%s: hdev name %s", __func__, hdev->name);
2038 if (!data->bulk_rx_ep)
2041 urb = usb_alloc_urb(0, mem_flags);
2045 buf = kmalloc(size, mem_flags);
2051 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
2053 usb_fill_bulk_urb(urb, data->udev, pipe,
2054 buf, size, btusb_bulk_complete, hdev);
2056 urb->transfer_flags |= URB_FREE_BUFFER;
2058 usb_mark_last_busy(data->udev);
2059 usb_anchor_urb(urb, &data->bulk_anchor);
2061 err = usb_submit_urb(urb, mem_flags);
2063 RTKBT_ERR("%s: Failed to submit urb %p, err %d", __func__, urb, err);
2064 usb_unanchor_urb(urb);
2072 static void btusb_isoc_complete(struct urb *urb)
2074 struct hci_dev *hdev = urb->context;
2075 struct btusb_data *data = GET_DRV_DATA(hdev);
2079 RTKBT_DBG("%s: urb %p status %d count %d",
2080 __func__, urb, urb->status, urb->actual_length);
2082 if (!test_bit(HCI_RUNNING, &hdev->flags))
2085 if (urb->status == 0) {
2086 for (i = 0; i < urb->number_of_packets; i++) {
2087 unsigned int offset = urb->iso_frame_desc[i].offset;
2088 unsigned int length = urb->iso_frame_desc[i].actual_length;
2090 if (urb->iso_frame_desc[i].status)
2093 hdev->stat.byte_rx += length;
2095 if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
2096 urb->transfer_buffer + offset,
2098 RTKBT_ERR("%s: Corrupted SCO packet", __func__);
2099 hdev->stat.err_rx++;
2103 /* Avoid suspend failed when usb_kill_urb */
2104 else if(urb->status == -ENOENT) {
2109 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
2112 usb_anchor_urb(urb, &data->isoc_anchor);
2115 err = usb_submit_urb(urb, GFP_ATOMIC);
2117 /* -EPERM: urb is being killed;
2118 * -ENODEV: device got disconnected */
2119 if (err != -EPERM && err != -ENODEV)
2120 RTKBT_ERR("%s: Failed to re-sumbit urb %p, retry %d, err %d",
2121 __func__, urb, i, err);
2128 usb_unanchor_urb(urb);
2132 static inline void fill_isoc_descriptor(struct urb *urb, int len, int mtu)
2136 RTKBT_DBG("%s: len %d mtu %d", __func__, len, mtu);
2138 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
2139 i++, offset += mtu, len -= mtu) {
2140 urb->iso_frame_desc[i].offset = offset;
2141 urb->iso_frame_desc[i].length = mtu;
2144 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
2145 urb->iso_frame_desc[i].offset = offset;
2146 urb->iso_frame_desc[i].length = len;
2150 urb->number_of_packets = i;
2153 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
2155 struct btusb_data *data = GET_DRV_DATA(hdev);
2161 if (!data->isoc_rx_ep)
2164 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
2168 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
2169 BTUSB_MAX_ISOC_FRAMES;
2171 buf = kmalloc(size, mem_flags);
2177 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
2179 urb->dev = data->udev;
2181 urb->context = hdev;
2182 urb->complete = btusb_isoc_complete;
2183 urb->interval = data->isoc_rx_ep->bInterval;
2185 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
2186 urb->transfer_buffer = buf;
2187 urb->transfer_buffer_length = size;
2189 fill_isoc_descriptor(urb, size,
2190 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
2192 usb_anchor_urb(urb, &data->isoc_anchor);
2194 err = usb_submit_urb(urb, mem_flags);
2196 RTKBT_ERR("%s: Failed to submit urb %p, err %d", __func__, urb, err);
2197 usb_unanchor_urb(urb);
2205 static void btusb_tx_complete(struct urb *urb)
2207 struct sk_buff *skb = urb->context;
2208 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2209 struct btusb_data *data = GET_DRV_DATA(hdev);
2211 if (!test_bit(HCI_RUNNING, &hdev->flags))
2215 hdev->stat.byte_tx += urb->transfer_buffer_length;
2217 hdev->stat.err_tx++;
2220 spin_lock(&data->txlock);
2221 data->tx_in_flight--;
2222 spin_unlock(&data->txlock);
2224 kfree(urb->setup_packet);
2229 static void btusb_isoc_tx_complete(struct urb *urb)
2231 struct sk_buff *skb = urb->context;
2232 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2234 RTKBT_DBG("%s: urb %p status %d count %d",
2235 __func__, urb, urb->status, urb->actual_length);
2238 if (!test_bit(HCI_RUNNING, &hdev->flags))
2242 hdev->stat.byte_tx += urb->transfer_buffer_length;
2244 hdev->stat.err_tx++;
2246 RTKBT_ERR("%s: skb 0x%p hdev 0x%p", __func__, skb, hdev);
2249 kfree(urb->setup_packet);
2254 static int btusb_open(struct hci_dev *hdev)
2256 struct btusb_data *data = GET_DRV_DATA(hdev);
2259 RTKBT_INFO("%s: Start, PM usage count %d", __func__,
2260 atomic_read(&(data->intf->pm_usage_cnt)));
2262 err = usb_autopm_get_interface(data->intf);
2266 data->intf->needs_remote_wakeup = 1;
2268 err = download_patch(data->fw_info, 1);
2269 if (err < 0) goto failed;
2271 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
2274 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
2277 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
2281 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
2283 mdelay(URB_CANCELING_DELAY_MS);
2284 usb_kill_anchored_urbs(&data->intr_anchor);
2288 set_bit(BTUSB_BULK_RUNNING, &data->flags);
2289 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
2292 usb_autopm_put_interface(data->intf);
2293 RTKBT_INFO("%s: End, PM usage count %d", __func__,
2294 atomic_read(&(data->intf->pm_usage_cnt)));
2298 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
2299 clear_bit(HCI_RUNNING, &hdev->flags);
2300 usb_autopm_put_interface(data->intf);
2301 RTKBT_ERR("%s: Failed, PM usage count %d", __func__,
2302 atomic_read(&(data->intf->pm_usage_cnt)));
2306 static void btusb_stop_traffic(struct btusb_data *data)
2308 mdelay(URB_CANCELING_DELAY_MS);
2309 usb_kill_anchored_urbs(&data->intr_anchor);
2310 usb_kill_anchored_urbs(&data->bulk_anchor);
2311 usb_kill_anchored_urbs(&data->isoc_anchor);
2314 static int btusb_close(struct hci_dev *hdev)
2316 struct btusb_data *data = GET_DRV_DATA(hdev);
2319 RTKBT_INFO("%s: hci running %lu", __func__, hdev->flags & HCI_RUNNING);
2321 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
2324 for (i = 0; i < NUM_REASSEMBLY; i++) {
2325 if (hdev->reassembly[i]) {
2326 RTKBT_DBG("%s: free ressembly[%d]", __func__, i);
2327 kfree_skb(hdev->reassembly[i]);
2328 hdev->reassembly[i] = NULL;
2332 cancel_work_sync(&data->work);
2333 cancel_work_sync(&data->waker);
2335 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
2336 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
2337 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
2339 btusb_stop_traffic(data);
2340 err = usb_autopm_get_interface(data->intf);
2344 data->intf->needs_remote_wakeup = 0;
2345 usb_autopm_put_interface(data->intf);
2348 mdelay(URB_CANCELING_DELAY_MS);
2349 usb_scuttle_anchored_urbs(&data->deferred);
2353 static int btusb_flush(struct hci_dev *hdev)
2355 struct btusb_data *data = GET_DRV_DATA(hdev);
2357 RTKBT_DBG("%s", __func__);
2359 mdelay(URB_CANCELING_DELAY_MS);
2360 usb_kill_anchored_urbs(&data->tx_anchor);
2365 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)
2366 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
2369 static int btusb_send_frame(struct sk_buff *skb)
2371 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2373 struct btusb_data *data = GET_DRV_DATA(hdev);
2374 struct usb_ctrlrequest *dr;
2380 RTKBT_DBG("%s: hdev %p, btusb data %p, pkt type %d",
2381 __func__, hdev, data, bt_cb(skb)->pkt_type);
2383 if (!test_bit(HCI_RUNNING, &hdev->flags))
2386 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)
2387 skb->dev = (void *)hdev;
2390 switch (bt_cb(skb)->pkt_type) {
2391 case HCI_COMMAND_PKT:
2393 urb = usb_alloc_urb(0, GFP_ATOMIC);
2397 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
2403 dr->bRequestType = data->cmdreq_type;
2407 dr->wLength = __cpu_to_le16(skb->len);
2409 pipe = usb_sndctrlpipe(data->udev, 0x00);
2411 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
2412 skb->data, skb->len, btusb_tx_complete, skb);
2414 hdev->stat.cmd_tx++;
2417 case HCI_ACLDATA_PKT:
2419 if (!data->bulk_tx_ep)
2422 urb = usb_alloc_urb(0, GFP_ATOMIC);
2426 pipe = usb_sndbulkpipe(data->udev,
2427 data->bulk_tx_ep->bEndpointAddress);
2429 usb_fill_bulk_urb(urb, data->udev, pipe,
2430 skb->data, skb->len, btusb_tx_complete, skb);
2432 hdev->stat.acl_tx++;
2435 case HCI_SCODATA_PKT:
2437 if (!data->isoc_tx_ep || hdev->conn_hash.sco_num < 1) {
2442 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
2444 RTKBT_ERR("%s: Failed to allocate mem for sco pkts", __func__);
2449 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress);
2451 usb_fill_int_urb(urb, data->udev, pipe,
2452 skb->data, skb->len, btusb_isoc_tx_complete,
2453 skb, data->isoc_tx_ep->bInterval);
2455 urb->transfer_flags = URB_ISO_ASAP;
2457 fill_isoc_descriptor(urb, skb->len,
2458 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
2460 hdev->stat.sco_tx++;
2469 usb_anchor_urb(urb, &data->deferred);
2470 schedule_work(&data->waker);
2476 usb_anchor_urb(urb, &data->tx_anchor);
2478 err = usb_submit_urb(urb, GFP_ATOMIC);
2480 RTKBT_ERR("%s: Failed to submit urb %p, pkt type %d, err %d, retries %d",
2481 __func__, urb, bt_cb(skb)->pkt_type, err, retries);
2482 if ((bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) && (retries < 10)) {
2485 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT)
2486 print_error_command(skb);
2490 kfree(urb->setup_packet);
2491 usb_unanchor_urb(urb);
2493 usb_mark_last_busy(data->udev);
2500 #if LINUX_VERSION_CODE <= KERNEL_VERSION(3, 4, 0)
2501 static void btusb_destruct(struct hci_dev *hdev)
2503 struct btusb_data *data = GET_DRV_DATA(hdev);
2505 RTKBT_DBG("%s: name %s", __func__, hdev->name);
2511 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
2513 struct btusb_data *data = GET_DRV_DATA(hdev);
2515 RTKBT_DBG("%s: name %s, evt %d", __func__, hdev->name, evt);
2517 if (hdev->conn_hash.sco_num != data->sco_num) {
2518 data->sco_num = hdev->conn_hash.sco_num;
2519 schedule_work(&data->work);
2523 static inline int set_isoc_interface(struct hci_dev *hdev, int altsetting)
2525 struct btusb_data *data = GET_DRV_DATA(hdev);
2526 struct usb_interface *intf = data->isoc;
2527 struct usb_endpoint_descriptor *ep_desc;
2533 err = usb_set_interface(data->udev, 1, altsetting);
2535 RTKBT_ERR("%s: Failed to set interface, altsetting %d, err %d",
2536 __func__, altsetting, err);
2540 data->isoc_altsetting = altsetting;
2542 data->isoc_tx_ep = NULL;
2543 data->isoc_rx_ep = NULL;
2545 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
2546 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
2548 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
2549 data->isoc_tx_ep = ep_desc;
2553 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
2554 data->isoc_rx_ep = ep_desc;
2559 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
2560 RTKBT_ERR("%s: Invalid SCO descriptors", __func__);
2567 static void btusb_work(struct work_struct *work)
2569 struct btusb_data *data = container_of(work, struct btusb_data, work);
2570 struct hci_dev *hdev = data->hdev;
2574 if (hdev->conn_hash.sco_num > 0) {
2575 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
2576 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
2578 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
2579 mdelay(URB_CANCELING_DELAY_MS);
2580 usb_kill_anchored_urbs(&data->isoc_anchor);
2584 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
2586 #if LINUX_VERSION_CODE > KERNEL_VERSION(3, 7, 1)
2587 if (hdev->voice_setting & 0x0020) {
2588 static const int alts[3] = { 2, 4, 5 };
2589 new_alts = alts[hdev->conn_hash.sco_num - 1];
2591 new_alts = hdev->conn_hash.sco_num;
2593 if (data->isoc_altsetting != new_alts) {
2595 if (data->isoc_altsetting != 2) {
2599 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
2600 mdelay(URB_CANCELING_DELAY_MS);
2601 usb_kill_anchored_urbs(&data->isoc_anchor);
2603 if (set_isoc_interface(hdev, new_alts) < 0)
2607 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
2608 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
2609 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
2611 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
2614 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
2615 mdelay(URB_CANCELING_DELAY_MS);
2616 usb_kill_anchored_urbs(&data->isoc_anchor);
2618 set_isoc_interface(hdev, 0);
2619 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
2620 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
2624 static void btusb_waker(struct work_struct *work)
2626 struct btusb_data *data = container_of(work, struct btusb_data, waker);
2629 RTKBT_DBG("%s: PM usage count %d", __func__,
2630 atomic_read(&data->intf->pm_usage_cnt));
2632 err = usb_autopm_get_interface(data->intf);
2636 usb_autopm_put_interface(data->intf);
2640 //#ifdef CONFIG_HAS_EARLYSUSPEND
2642 static void btusb_early_suspend(struct early_suspend *h)
2644 struct btusb_data *data;
2645 firmware_info *fw_info;
2646 patch_info *patch_entry;
2648 RTKBT_INFO("%s", __func__);
2650 data = container_of(h, struct btusb_data, early_suspend);
2651 fw_info = data->fw_info;
2652 patch_entry = fw_info->patch_entry;
2654 patch_entry->fw_len = load_firmware(fw_info, &patch_entry->fw_cache);
2655 if (patch_entry->fw_len <= 0) {
2656 /* We may encount failure in loading firmware, just give a warning */
2657 RTKBT_WARN("%s: Failed to load firmware", __func__);
2661 static void btusb_late_resume(struct early_suspend *h)
2663 struct btusb_data *data;
2664 firmware_info *fw_info;
2665 patch_info *patch_entry;
2667 RTKBT_INFO("%s", __func__);
2669 data = container_of(h, struct btusb_data, early_suspend);
2670 fw_info = data->fw_info;
2671 patch_entry = fw_info->patch_entry;
2673 /* Reclaim fw buffer when bt usb resumed */
2674 if (patch_entry->fw_len > 0) {
2675 kfree(patch_entry->fw_cache);
2676 patch_entry->fw_cache = NULL;
2677 patch_entry->fw_len = 0;
2681 int bt_pm_notify(struct notifier_block *notifier, ulong pm_event, void *unused)
2683 struct btusb_data *data;
2684 firmware_info *fw_info;
2685 patch_info *patch_entry;
2686 struct usb_device *udev;
2688 RTKBT_INFO("%s: pm event %ld", __func__, pm_event);
2690 data = container_of(notifier, struct btusb_data, pm_notifier);
2691 fw_info = data->fw_info;
2692 patch_entry = fw_info->patch_entry;
2693 udev = fw_info->udev;
2696 case PM_SUSPEND_PREPARE:
2697 case PM_HIBERNATION_PREPARE:
2698 patch_entry->fw_len = load_firmware(fw_info, &patch_entry->fw_cache);
2699 if (patch_entry->fw_len <= 0) {
2700 /* We may encount failure in loading firmware, just give a warning */
2701 RTKBT_WARN("%s: Failed to load firmware", __func__);
2704 if (!device_may_wakeup(&udev->dev)) {
2705 #if (CONFIG_RESET_RESUME || CONFIG_BLUEDROID)
2706 RTKBT_INFO("%s:remote wakeup not supported, reset resume supported", __func__);
2708 fw_info->intf->needs_binding = 1;
2709 RTKBT_INFO("%s:remote wakeup not supported, binding needed", __func__);
2714 case PM_POST_SUSPEND:
2715 case PM_POST_HIBERNATION:
2716 case PM_POST_RESTORE:
2717 /* Reclaim fw buffer when bt usb resumed */
2718 if (patch_entry->fw_len > 0) {
2719 kfree(patch_entry->fw_cache);
2720 patch_entry->fw_cache = NULL;
2721 patch_entry->fw_len = 0;
2724 usb_disable_autosuspend(udev);
2725 usb_enable_autosuspend(udev);
2726 pm_runtime_set_autosuspend_delay(&(udev->dev), 2000);
2738 static int btusb_probe(struct usb_interface *intf, const struct usb_device_id *id)
2740 struct usb_device *udev = interface_to_usbdev(intf);
2741 struct usb_endpoint_descriptor *ep_desc;
2742 struct btusb_data *data;
2743 struct hci_dev *hdev;
2744 firmware_info *fw_info;
2747 RTKBT_INFO("%s: usb_interface %p, bInterfaceNumber %d, idVendor 0x%04x, "
2748 "idProduct 0x%04x", __func__, intf,
2749 intf->cur_altsetting->desc.bInterfaceNumber,
2750 id->idVendor, id->idProduct);
2752 /* interface numbers are hardcoded in the spec */
2753 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
2756 RTKBT_DBG("%s: can wakeup = %x, may wakeup = %x", __func__,
2757 device_can_wakeup(&udev->dev), device_may_wakeup(&udev->dev));
2759 data = rtk_alloc(intf);
2763 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
2764 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
2766 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
2767 data->intr_ep = ep_desc;
2771 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
2772 data->bulk_tx_ep = ep_desc;
2776 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
2777 data->bulk_rx_ep = ep_desc;
2782 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) {
2787 data->cmdreq_type = USB_TYPE_CLASS;
2792 spin_lock_init(&data->lock);
2794 INIT_WORK(&data->work, btusb_work);
2795 INIT_WORK(&data->waker, btusb_waker);
2796 spin_lock_init(&data->txlock);
2798 init_usb_anchor(&data->tx_anchor);
2799 init_usb_anchor(&data->intr_anchor);
2800 init_usb_anchor(&data->bulk_anchor);
2801 init_usb_anchor(&data->isoc_anchor);
2802 init_usb_anchor(&data->deferred);
2804 fw_info = firmware_info_init(intf);
2806 data->fw_info = fw_info;
2808 RTKBT_WARN("%s: Failed to initialize fw info", __func__);
2809 /* Skip download patch */
2813 RTKBT_INFO("%s: download begining...", __func__);
2815 #if CONFIG_BLUEDROID
2816 mutex_lock(&btchr_mutex);
2818 // err = download_patch(fw_info, 0);
2819 // /* If download failed, we just throw out a warning */
2821 // RTKBT_WARN("%s: Failed to download fw patch", __func__);
2822 #if CONFIG_BLUEDROID
2823 mutex_unlock(&btchr_mutex);
2826 RTKBT_INFO("%s: download ending...", __func__);
2828 hdev = hci_alloc_dev();
2839 SET_HCIDEV_DEV(hdev, &intf->dev);
2841 hdev->open = btusb_open;
2842 hdev->close = btusb_close;
2843 hdev->flush = btusb_flush;
2844 hdev->send = btusb_send_frame;
2845 hdev->notify = btusb_notify;
2847 #if LINUX_VERSION_CODE > KERNEL_VERSION(3, 4, 0)
2848 hci_set_drvdata(hdev, data);
2850 hdev->driver_data = data;
2851 hdev->destruct = btusb_destruct;
2852 hdev->owner = THIS_MODULE;
2855 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 7, 1)
2856 if (!reset_on_close){
2857 /* set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); */
2858 RTKBT_DBG("%s: Set HCI_QUIRK_RESET_ON_CLOSE", __func__);
2862 /* Interface numbers are hardcoded in the specification */
2863 data->isoc = usb_ifnum_to_if(data->udev, 1);
2865 err = usb_driver_claim_interface(&btusb_driver,
2876 err = hci_register_dev(hdev);
2885 usb_set_intfdata(intf, data);
2887 //#ifdef CONFIG_HAS_EARLYSUSPEND
2889 data->early_suspend.level = EARLY_SUSPEND_LEVEL_BLANK_SCREEN;
2890 data->early_suspend.suspend = btusb_early_suspend;
2891 data->early_suspend.resume = btusb_late_resume;
2892 register_early_suspend(&data->early_suspend);
2894 data->pm_notifier.notifier_call = bt_pm_notify;
2895 register_pm_notifier(&data->pm_notifier);
2898 #if CONFIG_BLUEDROID
2899 RTKBT_INFO("%s: Check bt reset flag %d", __func__, bt_reset);
2900 /* Report hci hardware error after everthing is ready,
2901 * especially hci register is completed. Or, btchr_poll
2902 * will get null hci dev when hotplug in.
2904 if (bt_reset == 1) {
2905 hci_hardware_error();
2908 bt_reset = 0; /* Clear and reset it anyway */
2915 static void btusb_disconnect(struct usb_interface *intf)
2917 struct btusb_data *data = usb_get_intfdata(intf);
2918 struct hci_dev *hdev = NULL;
2920 RTKBT_INFO("%s: usb_interface %p, bInterfaceNumber %d",
2921 __func__, intf, intf->cur_altsetting->desc.bInterfaceNumber);
2923 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
2929 RTKBT_WARN("%s: Failed to get bt usb data[Null]", __func__);
2933 //#ifdef CONFIG_HAS_EARLYSUSPEND
2935 unregister_early_suspend(&data->early_suspend);
2937 unregister_pm_notifier(&data->pm_notifier);
2940 firmware_info_destroy(intf);
2942 #if CONFIG_BLUEDROID
2943 if (test_bit(HCI_RUNNING, &hdev->flags)) {
2944 RTKBT_INFO("%s: Set BT reset flag", __func__);
2949 usb_set_intfdata(data->intf, NULL);
2952 usb_set_intfdata(data->isoc, NULL);
2954 hci_unregister_dev(hdev);
2956 if (intf == data->isoc)
2957 usb_driver_release_interface(&btusb_driver, data->intf);
2958 else if (data->isoc)
2959 usb_driver_release_interface(&btusb_driver, data->isoc);
2961 #if !CONFIG_BLUEDROID
2962 #if LINUX_VERSION_CODE <= KERNEL_VERSION(3, 4, 0)
2963 __hci_dev_put(hdev);
2973 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
2975 struct btusb_data *data = usb_get_intfdata(intf);
2976 firmware_info *fw_info = data->fw_info;
2978 RTKBT_INFO("%s: event 0x%x, suspend count %d", __func__,
2979 message.event, data->suspend_count);
2981 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
2984 if (!test_bit(HCI_RUNNING, &data->hdev->flags))
2985 set_bt_onoff(fw_info, 1);
2987 if (data->suspend_count++)
2990 spin_lock_irq(&data->txlock);
2991 if (!((message.event & PM_EVENT_AUTO) && data->tx_in_flight)) {
2992 set_bit(BTUSB_SUSPENDING, &data->flags);
2993 spin_unlock_irq(&data->txlock);
2995 spin_unlock_irq(&data->txlock);
2996 data->suspend_count--;
2997 RTKBT_ERR("%s: Failed to enter suspend", __func__);
3001 cancel_work_sync(&data->work);
3003 btusb_stop_traffic(data);
3004 mdelay(URB_CANCELING_DELAY_MS);
3005 usb_kill_anchored_urbs(&data->tx_anchor);
3010 static void play_deferred(struct btusb_data *data)
3015 while ((urb = usb_get_from_anchor(&data->deferred))) {
3016 usb_anchor_urb(urb, &data->tx_anchor);
3017 err = usb_submit_urb(urb, GFP_ATOMIC);
3019 RTKBT_ERR("%s: Failed to submit urb %p, err %d",
3020 __func__, urb, err);
3021 kfree(urb->setup_packet);
3022 usb_unanchor_urb(urb);
3024 usb_mark_last_busy(data->udev);
3028 data->tx_in_flight++;
3030 mdelay(URB_CANCELING_DELAY_MS);
3031 usb_scuttle_anchored_urbs(&data->deferred);
3034 static int btusb_resume(struct usb_interface *intf)
3036 struct btusb_data *data = usb_get_intfdata(intf);
3037 struct hci_dev *hdev = data->hdev;
3038 firmware_info *fw_info = data->fw_info;
3041 RTKBT_INFO("%s: Suspend count %d", __func__, data->suspend_count);
3043 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
3046 if (!test_bit(HCI_RUNNING, &hdev->flags)) {
3047 RTKBT_INFO("%s: Bt is off, download patch before bt is on", __func__);
3048 download_patch(fw_info, 1);
3051 if (--data->suspend_count)
3054 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
3055 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
3057 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
3062 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
3063 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
3065 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
3069 btusb_submit_bulk_urb(hdev, GFP_NOIO);
3072 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
3073 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
3074 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
3076 btusb_submit_isoc_urb(hdev, GFP_NOIO);
3079 spin_lock_irq(&data->txlock);
3080 play_deferred(data);
3081 clear_bit(BTUSB_SUSPENDING, &data->flags);
3082 spin_unlock_irq(&data->txlock);
3083 schedule_work(&data->work);
3088 mdelay(URB_CANCELING_DELAY_MS);
3089 usb_scuttle_anchored_urbs(&data->deferred);
3090 spin_lock_irq(&data->txlock);
3091 clear_bit(BTUSB_SUSPENDING, &data->flags);
3092 spin_unlock_irq(&data->txlock);
3098 static struct usb_driver btusb_driver = {
3099 .name = "rtk_btusb",
3100 .probe = btusb_probe,
3101 .disconnect = btusb_disconnect,
3103 .suspend = btusb_suspend,
3104 .resume = btusb_resume,
3106 #if CONFIG_RESET_RESUME
3107 .reset_resume = btusb_resume,
3109 .id_table = btusb_table,
3110 .supports_autosuspend = 1,
3111 #if LINUX_VERSION_CODE > KERNEL_VERSION(3, 7, 1)
3112 .disable_hub_initiated_lpm = 1,
3116 static int __init btusb_init(void)
3120 RTKBT_INFO("Realtek Bluetooth USB driver module init, version %s", VERSION);
3121 #if CONFIG_BLUEDROID
3124 /* usb register will go on, even bt char register failed */
3125 RTKBT_ERR("Failed to register usb char device interfaces");
3127 bt_char_dev_registered = 1;
3129 err = usb_register(&btusb_driver);
3131 RTKBT_ERR("Failed to register RTK bluetooth USB driver");
3135 static void __exit btusb_exit(void)
3137 RTKBT_INFO("Realtek Bluetooth USB driver module exit");
3138 #if CONFIG_BLUEDROID
3139 if (bt_char_dev_registered > 0)
3142 usb_deregister(&btusb_driver);
3145 module_init(btusb_init);
3146 module_exit(btusb_exit);
3148 MODULE_AUTHOR("Realtek Corporation");
3149 MODULE_DESCRIPTION("Realtek Bluetooth USB driver version");
3150 MODULE_VERSION(VERSION);
3151 MODULE_LICENSE("GPL");