From de8b582893b9eaa098e7efb385a484819657920b Mon Sep 17 00:00:00 2001 From: Marcel Holtmann Date: Mon, 23 Dec 2013 06:52:32 -0800 Subject: Bluetooth: Set HCI_QUIRK_RESET_ON_CLOSE for Socket SDIO cards The Socket Bluetooth SDIO cards are branded versions of Toshiba SD-BT2 and they do not support sending HCI_Reset as first command. To make this card work the HCI_QUIRK_RESET_ON_CLOSE quirk needs to be set before registering the controller. Signed-off-by: Marcel Holtmann Signed-off-by: Johan Hedberg --- drivers/bluetooth/btsdio.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'drivers') diff --git a/drivers/bluetooth/btsdio.c b/drivers/bluetooth/btsdio.c index b61440aaee65..1f6815825e61 100644 --- a/drivers/bluetooth/btsdio.c +++ b/drivers/bluetooth/btsdio.c @@ -333,6 +333,9 @@ static int btsdio_probe(struct sdio_func *func, hdev->flush = btsdio_flush; hdev->send = btsdio_send_frame; + if (func->vendor == 0x0104 && func->device == 0x00c5) + set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); + err = hci_register_dev(hdev); if (err < 0) { hci_free_dev(hdev); -- cgit v1.2.3 From 5bc00b5c58f051bfe076be319b5e0b8062553016 Mon Sep 17 00:00:00 2001 From: Marcel Holtmann Date: Sat, 28 Dec 2013 21:57:14 -0800 Subject: Bluetooth: Add support for vectored writes to virtual HCI driver The Bluetooth virtual HCI driver is using a misc character device to allow emulation of HCI devices from userspace. This change enables the support for vectored writes. Previously this was failing with EINVAL since no complete H:4 packet was written. Signed-off-by: Marcel Holtmann Signed-off-by: Johan Hedberg --- drivers/bluetooth/hci_vhci.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) (limited to 'drivers') diff --git a/drivers/bluetooth/hci_vhci.c b/drivers/bluetooth/hci_vhci.c index 7b167385a1c4..1ef6990a5c7e 100644 --- a/drivers/bluetooth/hci_vhci.c +++ b/drivers/bluetooth/hci_vhci.c @@ -141,22 +141,28 @@ static int vhci_create_device(struct vhci_data *data, __u8 dev_type) } static inline ssize_t vhci_get_user(struct vhci_data *data, - const char __user *buf, size_t count) + const struct iovec *iov, + unsigned long count) { + size_t len = iov_length(iov, count); struct sk_buff *skb; __u8 pkt_type, dev_type; + unsigned long i; int ret; - if (count < 2 || count > HCI_MAX_FRAME_SIZE) + if (len < 2 || len > HCI_MAX_FRAME_SIZE) return -EINVAL; - skb = bt_skb_alloc(count, GFP_KERNEL); + skb = bt_skb_alloc(len, GFP_KERNEL); if (!skb) return -ENOMEM; - if (copy_from_user(skb_put(skb, count), buf, count)) { - kfree_skb(skb); - return -EFAULT; + for (i = 0; i < count; i++) { + if (copy_from_user(skb_put(skb, iov[i].iov_len), + iov[i].iov_base, iov[i].iov_len)) { + kfree_skb(skb); + return -EFAULT; + } } pkt_type = *((__u8 *) skb->data); @@ -205,7 +211,7 @@ static inline ssize_t vhci_get_user(struct vhci_data *data, return -EINVAL; } - return (ret < 0) ? ret : count; + return (ret < 0) ? ret : len; } static inline ssize_t vhci_put_user(struct vhci_data *data, @@ -272,12 +278,13 @@ static ssize_t vhci_read(struct file *file, return ret; } -static ssize_t vhci_write(struct file *file, - const char __user *buf, size_t count, loff_t *pos) +static ssize_t vhci_write(struct kiocb *iocb, const struct iovec *iov, + unsigned long count, loff_t pos) { + struct file *file = iocb->ki_filp; struct vhci_data *data = file->private_data; - return vhci_get_user(data, buf, count); + return vhci_get_user(data, iov, count); } static unsigned int vhci_poll(struct file *file, poll_table *wait) @@ -342,7 +349,7 @@ static int vhci_release(struct inode *inode, struct file *file) static const struct file_operations vhci_fops = { .owner = THIS_MODULE, .read = vhci_read, - .write = vhci_write, + .aio_write = vhci_write, .poll = vhci_poll, .open = vhci_open, .release = vhci_release, -- cgit v1.2.3 From bc7219709978b963bc6820717e140c15547a6dd9 Mon Sep 17 00:00:00 2001 From: Marcel Holtmann Date: Sat, 28 Dec 2013 22:10:02 -0800 Subject: Bluetooth: Use MD SET register for changing SDIO Type-B to Type-A The register for setting the SDIO card mode of a Type-B Bluetooth card is called MD SET. The MD STAT register is used for reading the current mode back. Signed-off-by: Marcel Holtmann Signed-off-by: Johan Hedberg --- drivers/bluetooth/btsdio.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'drivers') diff --git a/drivers/bluetooth/btsdio.c b/drivers/bluetooth/btsdio.c index 1f6815825e61..83f6437dd91d 100644 --- a/drivers/bluetooth/btsdio.c +++ b/drivers/bluetooth/btsdio.c @@ -73,6 +73,7 @@ struct btsdio_data { #define REG_CL_INTRD 0x13 /* Interrupt Clear */ #define REG_EN_INTRD 0x14 /* Interrupt Enable */ #define REG_MD_STAT 0x20 /* Bluetooth Mode Status */ +#define REG_MD_SET 0x20 /* Bluetooth Mode Set */ static int btsdio_tx_packet(struct btsdio_data *data, struct sk_buff *skb) { @@ -212,7 +213,7 @@ static int btsdio_open(struct hci_dev *hdev) } if (data->func->class == SDIO_CLASS_BT_B) - sdio_writeb(data->func, 0x00, REG_MD_STAT, NULL); + sdio_writeb(data->func, 0x00, REG_MD_SET, NULL); sdio_writeb(data->func, 0x01, REG_EN_INTRD, NULL); -- cgit v1.2.3 From 81cac64ba258ae823f52cfaec0cad26ecb31adc3 Mon Sep 17 00:00:00 2001 From: Marcel Holtmann Date: Fri, 3 Jan 2014 03:02:36 -0800 Subject: Bluetooth: Deal with USB devices that are faking CSR vendor There exists a set of Bluetooth USB devices that show up on the USB bus as 0a12:0001 and identify themselves as devices from CSR. However they are not. When sending Read Local Version command they now have a split personality and say they are from Broadcom. < HCI Command: Read Local Version Information (0x04|0x0001) plen 0 > HCI Event: Command Complete (0x0e) plen 12 Read Local Version Information (0x04|0x0001) ncmd 1 status 0x00 HCI Version: 2.0 (0x3) HCI Revision: 0x3000 LMP Version: 2.0 (0x3) LMP Subversion: 0x420b Manufacturer: Broadcom Corporation (15) The assumption is that they are neither CSR nor Broadcom based devices and that they are designed and manufactured by someone else. For the most parts they follow the Bluetooth HCI specification and can be used as standard Bluetooth devices. However they have the minor problem that the Delete Stored Link Key command is not working as it should. During the Bluetooth controller setup, this command is needed if stored link keys are supported. For these devices it has to be assumed that this is broken and so just set a quirk to clearly indicate the behavior. After that the setup can just proceed. Now the trick part is to detect these faulty devices since we do not want to punish all CSR and all Broadcom devices. The original devices do actually work according to the specification. What is known so far is that these broken devices set the USB bcdDevice revision information to 1.0 or less. T: Bus=02 Lev=01 Prnt=01 Port=08 Cnt=03 Dev#= 9 Spd=12 MxCh= 0 D: Ver= 2.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0a12 ProdID=0001 Rev= 1.00 S: Manufacturer=Bluetooth v2.0 S: Product=Bluetooth V2.0 Dongle T: Bus=05 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 2 Spd=12 MxCh= 0 D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0a12 ProdID=0001 Rev= 0.07 In case of CSR devices, the bcdDevice revision contains the firmware build ID and that is normally a higher value. If the bcdDevice revision is 1.0 or less, then an extra setup stage is checking if Read Local Version returns CSR manufacturer information. If not then it will be assumed that this is a broken device and the Delete Stored Link Key command will be marked as broken. Signed-off-by: Marcel Holtmann Signed-off-by: Johan Hedberg --- drivers/bluetooth/btusb.c | 46 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) (limited to 'drivers') diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index bfbcc5a772a6..e7b36beca42c 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -964,6 +964,45 @@ static int btusb_setup_bcm92035(struct hci_dev *hdev) return 0; } +static int btusb_setup_csr(struct hci_dev *hdev) +{ + struct hci_rp_read_local_version *rp; + struct sk_buff *skb; + int ret; + + BT_DBG("%s", hdev->name); + + skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, + HCI_INIT_TIMEOUT); + if (IS_ERR(skb)) { + BT_ERR("Reading local version failed (%ld)", -PTR_ERR(skb)); + return -PTR_ERR(skb); + } + + rp = (struct hci_rp_read_local_version *) skb->data; + + if (!rp->status) { + if (le16_to_cpu(rp->manufacturer) != 10) { + /* Clear the reset quirk since this is not an actual + * early Bluetooth 1.1 device from CSR. + */ + clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); + + /* These fake CSR controllers have all a broken + * stored link key handling and so just disable it. + */ + set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, + &hdev->quirks); + } + } + + ret = -bt_to_errno(rp->status); + + kfree_skb(skb); + + return ret; +} + struct intel_version { u8 status; u8 hw_platform; @@ -1464,10 +1503,15 @@ static int btusb_probe(struct usb_interface *intf, if (id->driver_info & BTUSB_CSR) { struct usb_device *udev = data->udev; + u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice); /* Old firmware would otherwise execute USB reset */ - if (le16_to_cpu(udev->descriptor.bcdDevice) < 0x117) + if (bcdDevice < 0x117) set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); + + /* Fake CSR devices with broken commands */ + if (bcdDevice <= 0x100) + hdev->setup = btusb_setup_csr; } if (id->driver_info & BTUSB_SNIFFER) { -- cgit v1.2.3