Loading...
1/*
2 *
3 * Bluetooth HCI UART driver
4 *
5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 *
23 */
24
25#include <linux/module.h>
26
27#include <linux/kernel.h>
28#include <linux/init.h>
29#include <linux/types.h>
30#include <linux/fcntl.h>
31#include <linux/interrupt.h>
32#include <linux/ptrace.h>
33#include <linux/poll.h>
34
35#include <linux/slab.h>
36#include <linux/tty.h>
37#include <linux/errno.h>
38#include <linux/string.h>
39#include <linux/signal.h>
40#include <linux/ioctl.h>
41#include <linux/skbuff.h>
42#include <linux/bitrev.h>
43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
48#include "hci_uart.h"
49
50#define VERSION "0.3"
51
52static int txcrc = 1;
53static int hciextn = 1;
54
55#define BCSP_TXWINSIZE 4
56
57#define BCSP_ACK_PKT 0x05
58#define BCSP_LE_PKT 0x06
59
60struct bcsp_struct {
61 struct sk_buff_head unack; /* Unack'ed packets queue */
62 struct sk_buff_head rel; /* Reliable packets queue */
63 struct sk_buff_head unrel; /* Unreliable packets queue */
64
65 unsigned long rx_count;
66 struct sk_buff *rx_skb;
67 u8 rxseq_txack; /* rxseq == txack. */
68 u8 rxack; /* Last packet sent by us that the peer ack'ed */
69 struct timer_list tbcsp;
70
71 enum {
72 BCSP_W4_PKT_DELIMITER,
73 BCSP_W4_PKT_START,
74 BCSP_W4_BCSP_HDR,
75 BCSP_W4_DATA,
76 BCSP_W4_CRC
77 } rx_state;
78
79 enum {
80 BCSP_ESCSTATE_NOESC,
81 BCSP_ESCSTATE_ESC
82 } rx_esc_state;
83
84 u8 use_crc;
85 u16 message_crc;
86 u8 txack_req; /* Do we need to send ack's to the peer? */
87
88 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
89 u8 msgq_txseq;
90};
91
92/* ---- BCSP CRC calculation ---- */
93
94/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
95initial value 0xffff, bits shifted in reverse order. */
96
97static const u16 crc_table[] = {
98 0x0000, 0x1081, 0x2102, 0x3183,
99 0x4204, 0x5285, 0x6306, 0x7387,
100 0x8408, 0x9489, 0xa50a, 0xb58b,
101 0xc60c, 0xd68d, 0xe70e, 0xf78f
102};
103
104/* Initialise the crc calculator */
105#define BCSP_CRC_INIT(x) x = 0xffff
106
107/*
108 Update crc with next data byte
109
110 Implementation note
111 The data byte is treated as two nibbles. The crc is generated
112 in reverse, i.e., bits are fed into the register from the top.
113*/
114static void bcsp_crc_update(u16 *crc, u8 d)
115{
116 u16 reg = *crc;
117
118 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
119 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
120
121 *crc = reg;
122}
123
124/* ---- BCSP core ---- */
125
126static void bcsp_slip_msgdelim(struct sk_buff *skb)
127{
128 const char pkt_delim = 0xc0;
129
130 memcpy(skb_put(skb, 1), &pkt_delim, 1);
131}
132
133static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
134{
135 const char esc_c0[2] = { 0xdb, 0xdc };
136 const char esc_db[2] = { 0xdb, 0xdd };
137
138 switch (c) {
139 case 0xc0:
140 memcpy(skb_put(skb, 2), &esc_c0, 2);
141 break;
142 case 0xdb:
143 memcpy(skb_put(skb, 2), &esc_db, 2);
144 break;
145 default:
146 memcpy(skb_put(skb, 1), &c, 1);
147 }
148}
149
150static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
151{
152 struct bcsp_struct *bcsp = hu->priv;
153
154 if (skb->len > 0xFFF) {
155 BT_ERR("Packet too long");
156 kfree_skb(skb);
157 return 0;
158 }
159
160 switch (bt_cb(skb)->pkt_type) {
161 case HCI_ACLDATA_PKT:
162 case HCI_COMMAND_PKT:
163 skb_queue_tail(&bcsp->rel, skb);
164 break;
165
166 case HCI_SCODATA_PKT:
167 skb_queue_tail(&bcsp->unrel, skb);
168 break;
169
170 default:
171 BT_ERR("Unknown packet type");
172 kfree_skb(skb);
173 break;
174 }
175
176 return 0;
177}
178
179static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
180 int len, int pkt_type)
181{
182 struct sk_buff *nskb;
183 u8 hdr[4], chan;
184 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
185 int rel, i;
186
187 switch (pkt_type) {
188 case HCI_ACLDATA_PKT:
189 chan = 6; /* BCSP ACL channel */
190 rel = 1; /* reliable channel */
191 break;
192 case HCI_COMMAND_PKT:
193 chan = 5; /* BCSP cmd/evt channel */
194 rel = 1; /* reliable channel */
195 break;
196 case HCI_SCODATA_PKT:
197 chan = 7; /* BCSP SCO channel */
198 rel = 0; /* unreliable channel */
199 break;
200 case BCSP_LE_PKT:
201 chan = 1; /* BCSP LE channel */
202 rel = 0; /* unreliable channel */
203 break;
204 case BCSP_ACK_PKT:
205 chan = 0; /* BCSP internal channel */
206 rel = 0; /* unreliable channel */
207 break;
208 default:
209 BT_ERR("Unknown packet type");
210 return NULL;
211 }
212
213 if (hciextn && chan == 5) {
214 __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
215
216 /* Vendor specific commands */
217 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
218 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
219 if ((desc & 0xf0) == 0xc0) {
220 data += HCI_COMMAND_HDR_SIZE + 1;
221 len -= HCI_COMMAND_HDR_SIZE + 1;
222 chan = desc & 0x0f;
223 }
224 }
225 }
226
227 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
228 (because bytes 0xc0 and 0xdb are escaped, worst case is
229 when the packet is all made of 0xc0 and 0xdb :) )
230 + 2 (0xc0 delimiters at start and end). */
231
232 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
233 if (!nskb)
234 return NULL;
235
236 bt_cb(nskb)->pkt_type = pkt_type;
237
238 bcsp_slip_msgdelim(nskb);
239
240 hdr[0] = bcsp->rxseq_txack << 3;
241 bcsp->txack_req = 0;
242 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
243
244 if (rel) {
245 hdr[0] |= 0x80 + bcsp->msgq_txseq;
246 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
247 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
248 }
249
250 if (bcsp->use_crc)
251 hdr[0] |= 0x40;
252
253 hdr[1] = ((len << 4) & 0xff) | chan;
254 hdr[2] = len >> 4;
255 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
256
257 /* Put BCSP header */
258 for (i = 0; i < 4; i++) {
259 bcsp_slip_one_byte(nskb, hdr[i]);
260
261 if (bcsp->use_crc)
262 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
263 }
264
265 /* Put payload */
266 for (i = 0; i < len; i++) {
267 bcsp_slip_one_byte(nskb, data[i]);
268
269 if (bcsp->use_crc)
270 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
271 }
272
273 /* Put CRC */
274 if (bcsp->use_crc) {
275 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
276 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
277 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
278 }
279
280 bcsp_slip_msgdelim(nskb);
281 return nskb;
282}
283
284/* This is a rewrite of pkt_avail in ABCSP */
285static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
286{
287 struct bcsp_struct *bcsp = hu->priv;
288 unsigned long flags;
289 struct sk_buff *skb;
290
291 /* First of all, check for unreliable messages in the queue,
292 since they have priority */
293
294 if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) {
295 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
296 if (nskb) {
297 kfree_skb(skb);
298 return nskb;
299 } else {
300 skb_queue_head(&bcsp->unrel, skb);
301 BT_ERR("Could not dequeue pkt because alloc_skb failed");
302 }
303 }
304
305 /* Now, try to send a reliable pkt. We can only send a
306 reliable packet if the number of packets sent but not yet ack'ed
307 is < than the winsize */
308
309 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
310
311 if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) {
312 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
313 if (nskb) {
314 __skb_queue_tail(&bcsp->unack, skb);
315 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
316 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
317 return nskb;
318 } else {
319 skb_queue_head(&bcsp->rel, skb);
320 BT_ERR("Could not dequeue pkt because alloc_skb failed");
321 }
322 }
323
324 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
325
326 /* We could not send a reliable packet, either because there are
327 none or because there are too many unack'ed pkts. Did we receive
328 any packets we have not acknowledged yet ? */
329
330 if (bcsp->txack_req) {
331 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
332 channel 0 */
333 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
334 return nskb;
335 }
336
337 /* We have nothing to send */
338 return NULL;
339}
340
341static int bcsp_flush(struct hci_uart *hu)
342{
343 BT_DBG("hu %p", hu);
344 return 0;
345}
346
347/* Remove ack'ed packets */
348static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
349{
350 struct sk_buff *skb, *tmp;
351 unsigned long flags;
352 int i, pkts_to_be_removed;
353 u8 seqno;
354
355 spin_lock_irqsave(&bcsp->unack.lock, flags);
356
357 pkts_to_be_removed = skb_queue_len(&bcsp->unack);
358 seqno = bcsp->msgq_txseq;
359
360 while (pkts_to_be_removed) {
361 if (bcsp->rxack == seqno)
362 break;
363 pkts_to_be_removed--;
364 seqno = (seqno - 1) & 0x07;
365 }
366
367 if (bcsp->rxack != seqno)
368 BT_ERR("Peer acked invalid packet");
369
370 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
371 pkts_to_be_removed, skb_queue_len(&bcsp->unack),
372 (seqno - 1) & 0x07);
373
374 i = 0;
375 skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
376 if (i >= pkts_to_be_removed)
377 break;
378 i++;
379
380 __skb_unlink(skb, &bcsp->unack);
381 kfree_skb(skb);
382 }
383
384 if (skb_queue_empty(&bcsp->unack))
385 del_timer(&bcsp->tbcsp);
386
387 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
388
389 if (i != pkts_to_be_removed)
390 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
391}
392
393/* Handle BCSP link-establishment packets. When we
394 detect a "sync" packet, symptom that the BT module has reset,
395 we do nothing :) (yet) */
396static void bcsp_handle_le_pkt(struct hci_uart *hu)
397{
398 struct bcsp_struct *bcsp = hu->priv;
399 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
400 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
401 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
402
403 /* spot "conf" pkts and reply with a "conf rsp" pkt */
404 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
405 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
406 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
407
408 BT_DBG("Found a LE conf pkt");
409 if (!nskb)
410 return;
411 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
412 bt_cb(nskb)->pkt_type = BCSP_LE_PKT;
413
414 skb_queue_head(&bcsp->unrel, nskb);
415 hci_uart_tx_wakeup(hu);
416 }
417 /* Spot "sync" pkts. If we find one...disaster! */
418 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
419 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
420 BT_ERR("Found a LE sync pkt, card has reset");
421 }
422}
423
424static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
425{
426 const u8 c0 = 0xc0, db = 0xdb;
427
428 switch (bcsp->rx_esc_state) {
429 case BCSP_ESCSTATE_NOESC:
430 switch (byte) {
431 case 0xdb:
432 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
433 break;
434 default:
435 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
436 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
437 bcsp->rx_state != BCSP_W4_CRC)
438 bcsp_crc_update(&bcsp->message_crc, byte);
439 bcsp->rx_count--;
440 }
441 break;
442
443 case BCSP_ESCSTATE_ESC:
444 switch (byte) {
445 case 0xdc:
446 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
447 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
448 bcsp->rx_state != BCSP_W4_CRC)
449 bcsp_crc_update(&bcsp-> message_crc, 0xc0);
450 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
451 bcsp->rx_count--;
452 break;
453
454 case 0xdd:
455 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
456 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
457 bcsp->rx_state != BCSP_W4_CRC)
458 bcsp_crc_update(&bcsp-> message_crc, 0xdb);
459 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
460 bcsp->rx_count--;
461 break;
462
463 default:
464 BT_ERR ("Invalid byte %02x after esc byte", byte);
465 kfree_skb(bcsp->rx_skb);
466 bcsp->rx_skb = NULL;
467 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
468 bcsp->rx_count = 0;
469 }
470 }
471}
472
473static void bcsp_complete_rx_pkt(struct hci_uart *hu)
474{
475 struct bcsp_struct *bcsp = hu->priv;
476 int pass_up;
477
478 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
479 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
480 bcsp->rxseq_txack++;
481 bcsp->rxseq_txack %= 0x8;
482 bcsp->txack_req = 1;
483
484 /* If needed, transmit an ack pkt */
485 hci_uart_tx_wakeup(hu);
486 }
487
488 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
489 BT_DBG("Request for pkt %u from card", bcsp->rxack);
490
491 bcsp_pkt_cull(bcsp);
492 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
493 bcsp->rx_skb->data[0] & 0x80) {
494 bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT;
495 pass_up = 1;
496 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
497 bcsp->rx_skb->data[0] & 0x80) {
498 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
499 pass_up = 1;
500 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
501 bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT;
502 pass_up = 1;
503 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
504 !(bcsp->rx_skb->data[0] & 0x80)) {
505 bcsp_handle_le_pkt(hu);
506 pass_up = 0;
507 } else
508 pass_up = 0;
509
510 if (!pass_up) {
511 struct hci_event_hdr hdr;
512 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
513
514 if (desc != 0 && desc != 1) {
515 if (hciextn) {
516 desc |= 0xc0;
517 skb_pull(bcsp->rx_skb, 4);
518 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
519
520 hdr.evt = 0xff;
521 hdr.plen = bcsp->rx_skb->len;
522 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
523 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
524
525 hci_recv_frame(bcsp->rx_skb);
526 } else {
527 BT_ERR ("Packet for unknown channel (%u %s)",
528 bcsp->rx_skb->data[1] & 0x0f,
529 bcsp->rx_skb->data[0] & 0x80 ?
530 "reliable" : "unreliable");
531 kfree_skb(bcsp->rx_skb);
532 }
533 } else
534 kfree_skb(bcsp->rx_skb);
535 } else {
536 /* Pull out BCSP hdr */
537 skb_pull(bcsp->rx_skb, 4);
538
539 hci_recv_frame(bcsp->rx_skb);
540 }
541
542 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
543 bcsp->rx_skb = NULL;
544}
545
546static u16 bscp_get_crc(struct bcsp_struct *bcsp)
547{
548 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
549}
550
551/* Recv data */
552static int bcsp_recv(struct hci_uart *hu, void *data, int count)
553{
554 struct bcsp_struct *bcsp = hu->priv;
555 register unsigned char *ptr;
556
557 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
558 hu, count, bcsp->rx_state, bcsp->rx_count);
559
560 ptr = data;
561 while (count) {
562 if (bcsp->rx_count) {
563 if (*ptr == 0xc0) {
564 BT_ERR("Short BCSP packet");
565 kfree_skb(bcsp->rx_skb);
566 bcsp->rx_state = BCSP_W4_PKT_START;
567 bcsp->rx_count = 0;
568 } else
569 bcsp_unslip_one_byte(bcsp, *ptr);
570
571 ptr++; count--;
572 continue;
573 }
574
575 switch (bcsp->rx_state) {
576 case BCSP_W4_BCSP_HDR:
577 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
578 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
579 BT_ERR("Error in BCSP hdr checksum");
580 kfree_skb(bcsp->rx_skb);
581 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
582 bcsp->rx_count = 0;
583 continue;
584 }
585 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */
586 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
587 BT_ERR ("Out-of-order packet arrived, got %u expected %u",
588 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
589
590 kfree_skb(bcsp->rx_skb);
591 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
592 bcsp->rx_count = 0;
593 continue;
594 }
595 bcsp->rx_state = BCSP_W4_DATA;
596 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
597 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
598 continue;
599
600 case BCSP_W4_DATA:
601 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
602 bcsp->rx_state = BCSP_W4_CRC;
603 bcsp->rx_count = 2;
604 } else
605 bcsp_complete_rx_pkt(hu);
606 continue;
607
608 case BCSP_W4_CRC:
609 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
610 BT_ERR ("Checksum failed: computed %04x received %04x",
611 bitrev16(bcsp->message_crc),
612 bscp_get_crc(bcsp));
613
614 kfree_skb(bcsp->rx_skb);
615 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
616 bcsp->rx_count = 0;
617 continue;
618 }
619 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
620 bcsp_complete_rx_pkt(hu);
621 continue;
622
623 case BCSP_W4_PKT_DELIMITER:
624 switch (*ptr) {
625 case 0xc0:
626 bcsp->rx_state = BCSP_W4_PKT_START;
627 break;
628 default:
629 /*BT_ERR("Ignoring byte %02x", *ptr);*/
630 break;
631 }
632 ptr++; count--;
633 break;
634
635 case BCSP_W4_PKT_START:
636 switch (*ptr) {
637 case 0xc0:
638 ptr++; count--;
639 break;
640
641 default:
642 bcsp->rx_state = BCSP_W4_BCSP_HDR;
643 bcsp->rx_count = 4;
644 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
645 BCSP_CRC_INIT(bcsp->message_crc);
646
647 /* Do not increment ptr or decrement count
648 * Allocate packet. Max len of a BCSP pkt=
649 * 0xFFF (payload) +4 (header) +2 (crc) */
650
651 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
652 if (!bcsp->rx_skb) {
653 BT_ERR("Can't allocate mem for new packet");
654 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
655 bcsp->rx_count = 0;
656 return 0;
657 }
658 bcsp->rx_skb->dev = (void *) hu->hdev;
659 break;
660 }
661 break;
662 }
663 }
664 return count;
665}
666
667 /* Arrange to retransmit all messages in the relq. */
668static void bcsp_timed_event(unsigned long arg)
669{
670 struct hci_uart *hu = (struct hci_uart *) arg;
671 struct bcsp_struct *bcsp = hu->priv;
672 struct sk_buff *skb;
673 unsigned long flags;
674
675 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
676
677 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
678
679 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
680 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
681 skb_queue_head(&bcsp->rel, skb);
682 }
683
684 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
685
686 hci_uart_tx_wakeup(hu);
687}
688
689static int bcsp_open(struct hci_uart *hu)
690{
691 struct bcsp_struct *bcsp;
692
693 BT_DBG("hu %p", hu);
694
695 bcsp = kzalloc(sizeof(*bcsp), GFP_ATOMIC);
696 if (!bcsp)
697 return -ENOMEM;
698
699 hu->priv = bcsp;
700 skb_queue_head_init(&bcsp->unack);
701 skb_queue_head_init(&bcsp->rel);
702 skb_queue_head_init(&bcsp->unrel);
703
704 init_timer(&bcsp->tbcsp);
705 bcsp->tbcsp.function = bcsp_timed_event;
706 bcsp->tbcsp.data = (u_long) hu;
707
708 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
709
710 if (txcrc)
711 bcsp->use_crc = 1;
712
713 return 0;
714}
715
716static int bcsp_close(struct hci_uart *hu)
717{
718 struct bcsp_struct *bcsp = hu->priv;
719 hu->priv = NULL;
720
721 BT_DBG("hu %p", hu);
722
723 skb_queue_purge(&bcsp->unack);
724 skb_queue_purge(&bcsp->rel);
725 skb_queue_purge(&bcsp->unrel);
726 del_timer(&bcsp->tbcsp);
727
728 kfree(bcsp);
729 return 0;
730}
731
732static struct hci_uart_proto bcsp = {
733 .id = HCI_UART_BCSP,
734 .open = bcsp_open,
735 .close = bcsp_close,
736 .enqueue = bcsp_enqueue,
737 .dequeue = bcsp_dequeue,
738 .recv = bcsp_recv,
739 .flush = bcsp_flush
740};
741
742int __init bcsp_init(void)
743{
744 int err = hci_uart_register_proto(&bcsp);
745
746 if (!err)
747 BT_INFO("HCI BCSP protocol initialized");
748 else
749 BT_ERR("HCI BCSP protocol registration failed");
750
751 return err;
752}
753
754int __exit bcsp_deinit(void)
755{
756 return hci_uart_unregister_proto(&bcsp);
757}
758
759module_param(txcrc, bool, 0644);
760MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
761
762module_param(hciextn, bool, 0644);
763MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");
1/*
2 *
3 * Bluetooth HCI UART driver
4 *
5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 *
23 */
24
25#include <linux/module.h>
26
27#include <linux/kernel.h>
28#include <linux/init.h>
29#include <linux/types.h>
30#include <linux/fcntl.h>
31#include <linux/interrupt.h>
32#include <linux/ptrace.h>
33#include <linux/poll.h>
34
35#include <linux/slab.h>
36#include <linux/tty.h>
37#include <linux/errno.h>
38#include <linux/string.h>
39#include <linux/signal.h>
40#include <linux/ioctl.h>
41#include <linux/skbuff.h>
42#include <linux/bitrev.h>
43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
48#include "hci_uart.h"
49
50static bool txcrc = true;
51static bool hciextn = true;
52
53#define BCSP_TXWINSIZE 4
54
55#define BCSP_ACK_PKT 0x05
56#define BCSP_LE_PKT 0x06
57
58struct bcsp_struct {
59 struct sk_buff_head unack; /* Unack'ed packets queue */
60 struct sk_buff_head rel; /* Reliable packets queue */
61 struct sk_buff_head unrel; /* Unreliable packets queue */
62
63 unsigned long rx_count;
64 struct sk_buff *rx_skb;
65 u8 rxseq_txack; /* rxseq == txack. */
66 u8 rxack; /* Last packet sent by us that the peer ack'ed */
67 struct timer_list tbcsp;
68 struct hci_uart *hu;
69
70 enum {
71 BCSP_W4_PKT_DELIMITER,
72 BCSP_W4_PKT_START,
73 BCSP_W4_BCSP_HDR,
74 BCSP_W4_DATA,
75 BCSP_W4_CRC
76 } rx_state;
77
78 enum {
79 BCSP_ESCSTATE_NOESC,
80 BCSP_ESCSTATE_ESC
81 } rx_esc_state;
82
83 u8 use_crc;
84 u16 message_crc;
85 u8 txack_req; /* Do we need to send ack's to the peer? */
86
87 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
88 u8 msgq_txseq;
89};
90
91/* ---- BCSP CRC calculation ---- */
92
93/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
94 * initial value 0xffff, bits shifted in reverse order.
95 */
96
97static const u16 crc_table[] = {
98 0x0000, 0x1081, 0x2102, 0x3183,
99 0x4204, 0x5285, 0x6306, 0x7387,
100 0x8408, 0x9489, 0xa50a, 0xb58b,
101 0xc60c, 0xd68d, 0xe70e, 0xf78f
102};
103
104/* Initialise the crc calculator */
105#define BCSP_CRC_INIT(x) x = 0xffff
106
107/* Update crc with next data byte
108 *
109 * Implementation note
110 * The data byte is treated as two nibbles. The crc is generated
111 * in reverse, i.e., bits are fed into the register from the top.
112 */
113static void bcsp_crc_update(u16 *crc, u8 d)
114{
115 u16 reg = *crc;
116
117 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
118 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
119
120 *crc = reg;
121}
122
123/* ---- BCSP core ---- */
124
125static void bcsp_slip_msgdelim(struct sk_buff *skb)
126{
127 const char pkt_delim = 0xc0;
128
129 skb_put_data(skb, &pkt_delim, 1);
130}
131
132static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
133{
134 const char esc_c0[2] = { 0xdb, 0xdc };
135 const char esc_db[2] = { 0xdb, 0xdd };
136
137 switch (c) {
138 case 0xc0:
139 skb_put_data(skb, &esc_c0, 2);
140 break;
141 case 0xdb:
142 skb_put_data(skb, &esc_db, 2);
143 break;
144 default:
145 skb_put_data(skb, &c, 1);
146 }
147}
148
149static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
150{
151 struct bcsp_struct *bcsp = hu->priv;
152
153 if (skb->len > 0xFFF) {
154 BT_ERR("Packet too long");
155 kfree_skb(skb);
156 return 0;
157 }
158
159 switch (hci_skb_pkt_type(skb)) {
160 case HCI_ACLDATA_PKT:
161 case HCI_COMMAND_PKT:
162 skb_queue_tail(&bcsp->rel, skb);
163 break;
164
165 case HCI_SCODATA_PKT:
166 skb_queue_tail(&bcsp->unrel, skb);
167 break;
168
169 default:
170 BT_ERR("Unknown packet type");
171 kfree_skb(skb);
172 break;
173 }
174
175 return 0;
176}
177
178static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
179 int len, int pkt_type)
180{
181 struct sk_buff *nskb;
182 u8 hdr[4], chan;
183 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
184 int rel, i;
185
186 switch (pkt_type) {
187 case HCI_ACLDATA_PKT:
188 chan = 6; /* BCSP ACL channel */
189 rel = 1; /* reliable channel */
190 break;
191 case HCI_COMMAND_PKT:
192 chan = 5; /* BCSP cmd/evt channel */
193 rel = 1; /* reliable channel */
194 break;
195 case HCI_SCODATA_PKT:
196 chan = 7; /* BCSP SCO channel */
197 rel = 0; /* unreliable channel */
198 break;
199 case BCSP_LE_PKT:
200 chan = 1; /* BCSP LE channel */
201 rel = 0; /* unreliable channel */
202 break;
203 case BCSP_ACK_PKT:
204 chan = 0; /* BCSP internal channel */
205 rel = 0; /* unreliable channel */
206 break;
207 default:
208 BT_ERR("Unknown packet type");
209 return NULL;
210 }
211
212 if (hciextn && chan == 5) {
213 __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
214
215 /* Vendor specific commands */
216 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
217 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
218
219 if ((desc & 0xf0) == 0xc0) {
220 data += HCI_COMMAND_HDR_SIZE + 1;
221 len -= HCI_COMMAND_HDR_SIZE + 1;
222 chan = desc & 0x0f;
223 }
224 }
225 }
226
227 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
228 * (because bytes 0xc0 and 0xdb are escaped, worst case is
229 * when the packet is all made of 0xc0 and 0xdb :) )
230 * + 2 (0xc0 delimiters at start and end).
231 */
232
233 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
234 if (!nskb)
235 return NULL;
236
237 hci_skb_pkt_type(nskb) = pkt_type;
238
239 bcsp_slip_msgdelim(nskb);
240
241 hdr[0] = bcsp->rxseq_txack << 3;
242 bcsp->txack_req = 0;
243 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
244
245 if (rel) {
246 hdr[0] |= 0x80 + bcsp->msgq_txseq;
247 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
248 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
249 }
250
251 if (bcsp->use_crc)
252 hdr[0] |= 0x40;
253
254 hdr[1] = ((len << 4) & 0xff) | chan;
255 hdr[2] = len >> 4;
256 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
257
258 /* Put BCSP header */
259 for (i = 0; i < 4; i++) {
260 bcsp_slip_one_byte(nskb, hdr[i]);
261
262 if (bcsp->use_crc)
263 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
264 }
265
266 /* Put payload */
267 for (i = 0; i < len; i++) {
268 bcsp_slip_one_byte(nskb, data[i]);
269
270 if (bcsp->use_crc)
271 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
272 }
273
274 /* Put CRC */
275 if (bcsp->use_crc) {
276 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
277 bcsp_slip_one_byte(nskb, (u8)((bcsp_txmsg_crc >> 8) & 0x00ff));
278 bcsp_slip_one_byte(nskb, (u8)(bcsp_txmsg_crc & 0x00ff));
279 }
280
281 bcsp_slip_msgdelim(nskb);
282 return nskb;
283}
284
285/* This is a rewrite of pkt_avail in ABCSP */
286static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
287{
288 struct bcsp_struct *bcsp = hu->priv;
289 unsigned long flags;
290 struct sk_buff *skb;
291
292 /* First of all, check for unreliable messages in the queue,
293 * since they have priority
294 */
295
296 skb = skb_dequeue(&bcsp->unrel);
297 if (skb != NULL) {
298 struct sk_buff *nskb;
299
300 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
301 hci_skb_pkt_type(skb));
302 if (nskb) {
303 kfree_skb(skb);
304 return nskb;
305 } else {
306 skb_queue_head(&bcsp->unrel, skb);
307 BT_ERR("Could not dequeue pkt because alloc_skb failed");
308 }
309 }
310
311 /* Now, try to send a reliable pkt. We can only send a
312 * reliable packet if the number of packets sent but not yet ack'ed
313 * is < than the winsize
314 */
315
316 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
317
318 if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
319 skb = skb_dequeue(&bcsp->rel);
320 if (skb != NULL) {
321 struct sk_buff *nskb;
322
323 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
324 hci_skb_pkt_type(skb));
325 if (nskb) {
326 __skb_queue_tail(&bcsp->unack, skb);
327 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
328 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
329 return nskb;
330 } else {
331 skb_queue_head(&bcsp->rel, skb);
332 BT_ERR("Could not dequeue pkt because alloc_skb failed");
333 }
334 }
335 }
336
337 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
338
339 /* We could not send a reliable packet, either because there are
340 * none or because there are too many unack'ed pkts. Did we receive
341 * any packets we have not acknowledged yet ?
342 */
343
344 if (bcsp->txack_req) {
345 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
346 * channel 0
347 */
348 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
349 return nskb;
350 }
351
352 /* We have nothing to send */
353 return NULL;
354}
355
356static int bcsp_flush(struct hci_uart *hu)
357{
358 BT_DBG("hu %p", hu);
359 return 0;
360}
361
362/* Remove ack'ed packets */
363static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
364{
365 struct sk_buff *skb, *tmp;
366 unsigned long flags;
367 int i, pkts_to_be_removed;
368 u8 seqno;
369
370 spin_lock_irqsave(&bcsp->unack.lock, flags);
371
372 pkts_to_be_removed = skb_queue_len(&bcsp->unack);
373 seqno = bcsp->msgq_txseq;
374
375 while (pkts_to_be_removed) {
376 if (bcsp->rxack == seqno)
377 break;
378 pkts_to_be_removed--;
379 seqno = (seqno - 1) & 0x07;
380 }
381
382 if (bcsp->rxack != seqno)
383 BT_ERR("Peer acked invalid packet");
384
385 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
386 pkts_to_be_removed, skb_queue_len(&bcsp->unack),
387 (seqno - 1) & 0x07);
388
389 i = 0;
390 skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
391 if (i >= pkts_to_be_removed)
392 break;
393 i++;
394
395 __skb_unlink(skb, &bcsp->unack);
396 kfree_skb(skb);
397 }
398
399 if (skb_queue_empty(&bcsp->unack))
400 del_timer(&bcsp->tbcsp);
401
402 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
403
404 if (i != pkts_to_be_removed)
405 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
406}
407
408/* Handle BCSP link-establishment packets. When we
409 * detect a "sync" packet, symptom that the BT module has reset,
410 * we do nothing :) (yet)
411 */
412static void bcsp_handle_le_pkt(struct hci_uart *hu)
413{
414 struct bcsp_struct *bcsp = hu->priv;
415 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
416 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
417 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
418
419 /* spot "conf" pkts and reply with a "conf rsp" pkt */
420 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
421 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
422 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
423
424 BT_DBG("Found a LE conf pkt");
425 if (!nskb)
426 return;
427 skb_put_data(nskb, conf_rsp_pkt, 4);
428 hci_skb_pkt_type(nskb) = BCSP_LE_PKT;
429
430 skb_queue_head(&bcsp->unrel, nskb);
431 hci_uart_tx_wakeup(hu);
432 }
433 /* Spot "sync" pkts. If we find one...disaster! */
434 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
435 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
436 BT_ERR("Found a LE sync pkt, card has reset");
437 }
438}
439
440static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
441{
442 const u8 c0 = 0xc0, db = 0xdb;
443
444 switch (bcsp->rx_esc_state) {
445 case BCSP_ESCSTATE_NOESC:
446 switch (byte) {
447 case 0xdb:
448 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
449 break;
450 default:
451 skb_put_data(bcsp->rx_skb, &byte, 1);
452 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
453 bcsp->rx_state != BCSP_W4_CRC)
454 bcsp_crc_update(&bcsp->message_crc, byte);
455 bcsp->rx_count--;
456 }
457 break;
458
459 case BCSP_ESCSTATE_ESC:
460 switch (byte) {
461 case 0xdc:
462 skb_put_data(bcsp->rx_skb, &c0, 1);
463 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
464 bcsp->rx_state != BCSP_W4_CRC)
465 bcsp_crc_update(&bcsp->message_crc, 0xc0);
466 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
467 bcsp->rx_count--;
468 break;
469
470 case 0xdd:
471 skb_put_data(bcsp->rx_skb, &db, 1);
472 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
473 bcsp->rx_state != BCSP_W4_CRC)
474 bcsp_crc_update(&bcsp->message_crc, 0xdb);
475 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
476 bcsp->rx_count--;
477 break;
478
479 default:
480 BT_ERR("Invalid byte %02x after esc byte", byte);
481 kfree_skb(bcsp->rx_skb);
482 bcsp->rx_skb = NULL;
483 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
484 bcsp->rx_count = 0;
485 }
486 }
487}
488
489static void bcsp_complete_rx_pkt(struct hci_uart *hu)
490{
491 struct bcsp_struct *bcsp = hu->priv;
492 int pass_up = 0;
493
494 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
495 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
496
497 /* check the rx sequence number is as expected */
498 if ((bcsp->rx_skb->data[0] & 0x07) == bcsp->rxseq_txack) {
499 bcsp->rxseq_txack++;
500 bcsp->rxseq_txack %= 0x8;
501 } else {
502 /* handle re-transmitted packet or
503 * when packet was missed
504 */
505 BT_ERR("Out-of-order packet arrived, got %u expected %u",
506 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
507
508 /* do not process out-of-order packet payload */
509 pass_up = 2;
510 }
511
512 /* send current txack value to all received reliable packets */
513 bcsp->txack_req = 1;
514
515 /* If needed, transmit an ack pkt */
516 hci_uart_tx_wakeup(hu);
517 }
518
519 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
520 BT_DBG("Request for pkt %u from card", bcsp->rxack);
521
522 /* handle received ACK indications,
523 * including those from out-of-order packets
524 */
525 bcsp_pkt_cull(bcsp);
526
527 if (pass_up != 2) {
528 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
529 (bcsp->rx_skb->data[0] & 0x80)) {
530 hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT;
531 pass_up = 1;
532 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
533 (bcsp->rx_skb->data[0] & 0x80)) {
534 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
535 pass_up = 1;
536 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
537 hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT;
538 pass_up = 1;
539 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
540 !(bcsp->rx_skb->data[0] & 0x80)) {
541 bcsp_handle_le_pkt(hu);
542 pass_up = 0;
543 } else {
544 pass_up = 0;
545 }
546 }
547
548 if (pass_up == 0) {
549 struct hci_event_hdr hdr;
550 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
551
552 if (desc != 0 && desc != 1) {
553 if (hciextn) {
554 desc |= 0xc0;
555 skb_pull(bcsp->rx_skb, 4);
556 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
557
558 hdr.evt = 0xff;
559 hdr.plen = bcsp->rx_skb->len;
560 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
561 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
562
563 hci_recv_frame(hu->hdev, bcsp->rx_skb);
564 } else {
565 BT_ERR("Packet for unknown channel (%u %s)",
566 bcsp->rx_skb->data[1] & 0x0f,
567 bcsp->rx_skb->data[0] & 0x80 ?
568 "reliable" : "unreliable");
569 kfree_skb(bcsp->rx_skb);
570 }
571 } else
572 kfree_skb(bcsp->rx_skb);
573 } else if (pass_up == 1) {
574 /* Pull out BCSP hdr */
575 skb_pull(bcsp->rx_skb, 4);
576
577 hci_recv_frame(hu->hdev, bcsp->rx_skb);
578 } else {
579 /* ignore packet payload of already ACKed re-transmitted
580 * packets or when a packet was missed in the BCSP window
581 */
582 kfree_skb(bcsp->rx_skb);
583 }
584
585 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
586 bcsp->rx_skb = NULL;
587}
588
589static u16 bscp_get_crc(struct bcsp_struct *bcsp)
590{
591 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
592}
593
594/* Recv data */
595static int bcsp_recv(struct hci_uart *hu, const void *data, int count)
596{
597 struct bcsp_struct *bcsp = hu->priv;
598 const unsigned char *ptr;
599
600 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
601 hu, count, bcsp->rx_state, bcsp->rx_count);
602
603 ptr = data;
604 while (count) {
605 if (bcsp->rx_count) {
606 if (*ptr == 0xc0) {
607 BT_ERR("Short BCSP packet");
608 kfree_skb(bcsp->rx_skb);
609 bcsp->rx_state = BCSP_W4_PKT_START;
610 bcsp->rx_count = 0;
611 } else
612 bcsp_unslip_one_byte(bcsp, *ptr);
613
614 ptr++; count--;
615 continue;
616 }
617
618 switch (bcsp->rx_state) {
619 case BCSP_W4_BCSP_HDR:
620 if ((0xff & (u8)~(bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
621 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
622 BT_ERR("Error in BCSP hdr checksum");
623 kfree_skb(bcsp->rx_skb);
624 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
625 bcsp->rx_count = 0;
626 continue;
627 }
628 bcsp->rx_state = BCSP_W4_DATA;
629 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
630 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
631 continue;
632
633 case BCSP_W4_DATA:
634 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
635 bcsp->rx_state = BCSP_W4_CRC;
636 bcsp->rx_count = 2;
637 } else
638 bcsp_complete_rx_pkt(hu);
639 continue;
640
641 case BCSP_W4_CRC:
642 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
643 BT_ERR("Checksum failed: computed %04x received %04x",
644 bitrev16(bcsp->message_crc),
645 bscp_get_crc(bcsp));
646
647 kfree_skb(bcsp->rx_skb);
648 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
649 bcsp->rx_count = 0;
650 continue;
651 }
652 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
653 bcsp_complete_rx_pkt(hu);
654 continue;
655
656 case BCSP_W4_PKT_DELIMITER:
657 switch (*ptr) {
658 case 0xc0:
659 bcsp->rx_state = BCSP_W4_PKT_START;
660 break;
661 default:
662 /*BT_ERR("Ignoring byte %02x", *ptr);*/
663 break;
664 }
665 ptr++; count--;
666 break;
667
668 case BCSP_W4_PKT_START:
669 switch (*ptr) {
670 case 0xc0:
671 ptr++; count--;
672 break;
673
674 default:
675 bcsp->rx_state = BCSP_W4_BCSP_HDR;
676 bcsp->rx_count = 4;
677 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
678 BCSP_CRC_INIT(bcsp->message_crc);
679
680 /* Do not increment ptr or decrement count
681 * Allocate packet. Max len of a BCSP pkt=
682 * 0xFFF (payload) +4 (header) +2 (crc)
683 */
684
685 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
686 if (!bcsp->rx_skb) {
687 BT_ERR("Can't allocate mem for new packet");
688 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
689 bcsp->rx_count = 0;
690 return 0;
691 }
692 break;
693 }
694 break;
695 }
696 }
697 return count;
698}
699
700 /* Arrange to retransmit all messages in the relq. */
701static void bcsp_timed_event(struct timer_list *t)
702{
703 struct bcsp_struct *bcsp = from_timer(bcsp, t, tbcsp);
704 struct hci_uart *hu = bcsp->hu;
705 struct sk_buff *skb;
706 unsigned long flags;
707
708 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
709
710 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
711
712 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
713 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
714 skb_queue_head(&bcsp->rel, skb);
715 }
716
717 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
718
719 hci_uart_tx_wakeup(hu);
720}
721
722static int bcsp_open(struct hci_uart *hu)
723{
724 struct bcsp_struct *bcsp;
725
726 BT_DBG("hu %p", hu);
727
728 bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
729 if (!bcsp)
730 return -ENOMEM;
731
732 hu->priv = bcsp;
733 bcsp->hu = hu;
734 skb_queue_head_init(&bcsp->unack);
735 skb_queue_head_init(&bcsp->rel);
736 skb_queue_head_init(&bcsp->unrel);
737
738 timer_setup(&bcsp->tbcsp, bcsp_timed_event, 0);
739
740 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
741
742 if (txcrc)
743 bcsp->use_crc = 1;
744
745 return 0;
746}
747
748static int bcsp_close(struct hci_uart *hu)
749{
750 struct bcsp_struct *bcsp = hu->priv;
751
752 del_timer_sync(&bcsp->tbcsp);
753
754 hu->priv = NULL;
755
756 BT_DBG("hu %p", hu);
757
758 skb_queue_purge(&bcsp->unack);
759 skb_queue_purge(&bcsp->rel);
760 skb_queue_purge(&bcsp->unrel);
761
762 kfree(bcsp);
763 return 0;
764}
765
766static const struct hci_uart_proto bcsp = {
767 .id = HCI_UART_BCSP,
768 .name = "BCSP",
769 .open = bcsp_open,
770 .close = bcsp_close,
771 .enqueue = bcsp_enqueue,
772 .dequeue = bcsp_dequeue,
773 .recv = bcsp_recv,
774 .flush = bcsp_flush
775};
776
777int __init bcsp_init(void)
778{
779 return hci_uart_register_proto(&bcsp);
780}
781
782int __exit bcsp_deinit(void)
783{
784 return hci_uart_unregister_proto(&bcsp);
785}
786
787module_param(txcrc, bool, 0644);
788MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
789
790module_param(hciextn, bool, 0644);
791MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");