Loading...
1/*
2 *
3 * Bluetooth HCI UART driver
4 *
5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 *
23 */
24
25#include <linux/module.h>
26
27#include <linux/kernel.h>
28#include <linux/init.h>
29#include <linux/types.h>
30#include <linux/fcntl.h>
31#include <linux/interrupt.h>
32#include <linux/ptrace.h>
33#include <linux/poll.h>
34
35#include <linux/slab.h>
36#include <linux/tty.h>
37#include <linux/errno.h>
38#include <linux/string.h>
39#include <linux/signal.h>
40#include <linux/ioctl.h>
41#include <linux/skbuff.h>
42#include <linux/bitrev.h>
43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
48#include "hci_uart.h"
49
50static bool txcrc = true;
51static bool hciextn = true;
52
53#define BCSP_TXWINSIZE 4
54
55#define BCSP_ACK_PKT 0x05
56#define BCSP_LE_PKT 0x06
57
58struct bcsp_struct {
59 struct sk_buff_head unack; /* Unack'ed packets queue */
60 struct sk_buff_head rel; /* Reliable packets queue */
61 struct sk_buff_head unrel; /* Unreliable packets queue */
62
63 unsigned long rx_count;
64 struct sk_buff *rx_skb;
65 u8 rxseq_txack; /* rxseq == txack. */
66 u8 rxack; /* Last packet sent by us that the peer ack'ed */
67 struct timer_list tbcsp;
68
69 enum {
70 BCSP_W4_PKT_DELIMITER,
71 BCSP_W4_PKT_START,
72 BCSP_W4_BCSP_HDR,
73 BCSP_W4_DATA,
74 BCSP_W4_CRC
75 } rx_state;
76
77 enum {
78 BCSP_ESCSTATE_NOESC,
79 BCSP_ESCSTATE_ESC
80 } rx_esc_state;
81
82 u8 use_crc;
83 u16 message_crc;
84 u8 txack_req; /* Do we need to send ack's to the peer? */
85
86 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
87 u8 msgq_txseq;
88};
89
90/* ---- BCSP CRC calculation ---- */
91
92/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
93initial value 0xffff, bits shifted in reverse order. */
94
95static const u16 crc_table[] = {
96 0x0000, 0x1081, 0x2102, 0x3183,
97 0x4204, 0x5285, 0x6306, 0x7387,
98 0x8408, 0x9489, 0xa50a, 0xb58b,
99 0xc60c, 0xd68d, 0xe70e, 0xf78f
100};
101
102/* Initialise the crc calculator */
103#define BCSP_CRC_INIT(x) x = 0xffff
104
105/*
106 Update crc with next data byte
107
108 Implementation note
109 The data byte is treated as two nibbles. The crc is generated
110 in reverse, i.e., bits are fed into the register from the top.
111*/
112static void bcsp_crc_update(u16 *crc, u8 d)
113{
114 u16 reg = *crc;
115
116 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
117 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
118
119 *crc = reg;
120}
121
122/* ---- BCSP core ---- */
123
124static void bcsp_slip_msgdelim(struct sk_buff *skb)
125{
126 const char pkt_delim = 0xc0;
127
128 memcpy(skb_put(skb, 1), &pkt_delim, 1);
129}
130
131static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
132{
133 const char esc_c0[2] = { 0xdb, 0xdc };
134 const char esc_db[2] = { 0xdb, 0xdd };
135
136 switch (c) {
137 case 0xc0:
138 memcpy(skb_put(skb, 2), &esc_c0, 2);
139 break;
140 case 0xdb:
141 memcpy(skb_put(skb, 2), &esc_db, 2);
142 break;
143 default:
144 memcpy(skb_put(skb, 1), &c, 1);
145 }
146}
147
148static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
149{
150 struct bcsp_struct *bcsp = hu->priv;
151
152 if (skb->len > 0xFFF) {
153 BT_ERR("Packet too long");
154 kfree_skb(skb);
155 return 0;
156 }
157
158 switch (hci_skb_pkt_type(skb)) {
159 case HCI_ACLDATA_PKT:
160 case HCI_COMMAND_PKT:
161 skb_queue_tail(&bcsp->rel, skb);
162 break;
163
164 case HCI_SCODATA_PKT:
165 skb_queue_tail(&bcsp->unrel, skb);
166 break;
167
168 default:
169 BT_ERR("Unknown packet type");
170 kfree_skb(skb);
171 break;
172 }
173
174 return 0;
175}
176
177static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
178 int len, int pkt_type)
179{
180 struct sk_buff *nskb;
181 u8 hdr[4], chan;
182 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
183 int rel, i;
184
185 switch (pkt_type) {
186 case HCI_ACLDATA_PKT:
187 chan = 6; /* BCSP ACL channel */
188 rel = 1; /* reliable channel */
189 break;
190 case HCI_COMMAND_PKT:
191 chan = 5; /* BCSP cmd/evt channel */
192 rel = 1; /* reliable channel */
193 break;
194 case HCI_SCODATA_PKT:
195 chan = 7; /* BCSP SCO channel */
196 rel = 0; /* unreliable channel */
197 break;
198 case BCSP_LE_PKT:
199 chan = 1; /* BCSP LE channel */
200 rel = 0; /* unreliable channel */
201 break;
202 case BCSP_ACK_PKT:
203 chan = 0; /* BCSP internal channel */
204 rel = 0; /* unreliable channel */
205 break;
206 default:
207 BT_ERR("Unknown packet type");
208 return NULL;
209 }
210
211 if (hciextn && chan == 5) {
212 __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
213
214 /* Vendor specific commands */
215 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
216 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
217 if ((desc & 0xf0) == 0xc0) {
218 data += HCI_COMMAND_HDR_SIZE + 1;
219 len -= HCI_COMMAND_HDR_SIZE + 1;
220 chan = desc & 0x0f;
221 }
222 }
223 }
224
225 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
226 (because bytes 0xc0 and 0xdb are escaped, worst case is
227 when the packet is all made of 0xc0 and 0xdb :) )
228 + 2 (0xc0 delimiters at start and end). */
229
230 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
231 if (!nskb)
232 return NULL;
233
234 hci_skb_pkt_type(nskb) = pkt_type;
235
236 bcsp_slip_msgdelim(nskb);
237
238 hdr[0] = bcsp->rxseq_txack << 3;
239 bcsp->txack_req = 0;
240 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
241
242 if (rel) {
243 hdr[0] |= 0x80 + bcsp->msgq_txseq;
244 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
245 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
246 }
247
248 if (bcsp->use_crc)
249 hdr[0] |= 0x40;
250
251 hdr[1] = ((len << 4) & 0xff) | chan;
252 hdr[2] = len >> 4;
253 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
254
255 /* Put BCSP header */
256 for (i = 0; i < 4; i++) {
257 bcsp_slip_one_byte(nskb, hdr[i]);
258
259 if (bcsp->use_crc)
260 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
261 }
262
263 /* Put payload */
264 for (i = 0; i < len; i++) {
265 bcsp_slip_one_byte(nskb, data[i]);
266
267 if (bcsp->use_crc)
268 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
269 }
270
271 /* Put CRC */
272 if (bcsp->use_crc) {
273 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
274 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
275 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
276 }
277
278 bcsp_slip_msgdelim(nskb);
279 return nskb;
280}
281
282/* This is a rewrite of pkt_avail in ABCSP */
283static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
284{
285 struct bcsp_struct *bcsp = hu->priv;
286 unsigned long flags;
287 struct sk_buff *skb;
288
289 /* First of all, check for unreliable messages in the queue,
290 since they have priority */
291
292 skb = skb_dequeue(&bcsp->unrel);
293 if (skb != NULL) {
294 struct sk_buff *nskb;
295
296 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
297 hci_skb_pkt_type(skb));
298 if (nskb) {
299 kfree_skb(skb);
300 return nskb;
301 } else {
302 skb_queue_head(&bcsp->unrel, skb);
303 BT_ERR("Could not dequeue pkt because alloc_skb failed");
304 }
305 }
306
307 /* Now, try to send a reliable pkt. We can only send a
308 reliable packet if the number of packets sent but not yet ack'ed
309 is < than the winsize */
310
311 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
312
313 if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
314 skb = skb_dequeue(&bcsp->rel);
315 if (skb != NULL) {
316 struct sk_buff *nskb;
317
318 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
319 hci_skb_pkt_type(skb));
320 if (nskb) {
321 __skb_queue_tail(&bcsp->unack, skb);
322 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
323 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
324 return nskb;
325 } else {
326 skb_queue_head(&bcsp->rel, skb);
327 BT_ERR("Could not dequeue pkt because alloc_skb failed");
328 }
329 }
330 }
331
332 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
333
334 /* We could not send a reliable packet, either because there are
335 none or because there are too many unack'ed pkts. Did we receive
336 any packets we have not acknowledged yet ? */
337
338 if (bcsp->txack_req) {
339 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
340 channel 0 */
341 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
342 return nskb;
343 }
344
345 /* We have nothing to send */
346 return NULL;
347}
348
349static int bcsp_flush(struct hci_uart *hu)
350{
351 BT_DBG("hu %p", hu);
352 return 0;
353}
354
355/* Remove ack'ed packets */
356static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
357{
358 struct sk_buff *skb, *tmp;
359 unsigned long flags;
360 int i, pkts_to_be_removed;
361 u8 seqno;
362
363 spin_lock_irqsave(&bcsp->unack.lock, flags);
364
365 pkts_to_be_removed = skb_queue_len(&bcsp->unack);
366 seqno = bcsp->msgq_txseq;
367
368 while (pkts_to_be_removed) {
369 if (bcsp->rxack == seqno)
370 break;
371 pkts_to_be_removed--;
372 seqno = (seqno - 1) & 0x07;
373 }
374
375 if (bcsp->rxack != seqno)
376 BT_ERR("Peer acked invalid packet");
377
378 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
379 pkts_to_be_removed, skb_queue_len(&bcsp->unack),
380 (seqno - 1) & 0x07);
381
382 i = 0;
383 skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
384 if (i >= pkts_to_be_removed)
385 break;
386 i++;
387
388 __skb_unlink(skb, &bcsp->unack);
389 kfree_skb(skb);
390 }
391
392 if (skb_queue_empty(&bcsp->unack))
393 del_timer(&bcsp->tbcsp);
394
395 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
396
397 if (i != pkts_to_be_removed)
398 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
399}
400
401/* Handle BCSP link-establishment packets. When we
402 detect a "sync" packet, symptom that the BT module has reset,
403 we do nothing :) (yet) */
404static void bcsp_handle_le_pkt(struct hci_uart *hu)
405{
406 struct bcsp_struct *bcsp = hu->priv;
407 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
408 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
409 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
410
411 /* spot "conf" pkts and reply with a "conf rsp" pkt */
412 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
413 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
414 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
415
416 BT_DBG("Found a LE conf pkt");
417 if (!nskb)
418 return;
419 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
420 hci_skb_pkt_type(nskb) = BCSP_LE_PKT;
421
422 skb_queue_head(&bcsp->unrel, nskb);
423 hci_uart_tx_wakeup(hu);
424 }
425 /* Spot "sync" pkts. If we find one...disaster! */
426 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
427 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
428 BT_ERR("Found a LE sync pkt, card has reset");
429 }
430}
431
432static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
433{
434 const u8 c0 = 0xc0, db = 0xdb;
435
436 switch (bcsp->rx_esc_state) {
437 case BCSP_ESCSTATE_NOESC:
438 switch (byte) {
439 case 0xdb:
440 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
441 break;
442 default:
443 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
444 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
445 bcsp->rx_state != BCSP_W4_CRC)
446 bcsp_crc_update(&bcsp->message_crc, byte);
447 bcsp->rx_count--;
448 }
449 break;
450
451 case BCSP_ESCSTATE_ESC:
452 switch (byte) {
453 case 0xdc:
454 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
455 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
456 bcsp->rx_state != BCSP_W4_CRC)
457 bcsp_crc_update(&bcsp->message_crc, 0xc0);
458 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
459 bcsp->rx_count--;
460 break;
461
462 case 0xdd:
463 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
464 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
465 bcsp->rx_state != BCSP_W4_CRC)
466 bcsp_crc_update(&bcsp->message_crc, 0xdb);
467 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
468 bcsp->rx_count--;
469 break;
470
471 default:
472 BT_ERR("Invalid byte %02x after esc byte", byte);
473 kfree_skb(bcsp->rx_skb);
474 bcsp->rx_skb = NULL;
475 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
476 bcsp->rx_count = 0;
477 }
478 }
479}
480
481static void bcsp_complete_rx_pkt(struct hci_uart *hu)
482{
483 struct bcsp_struct *bcsp = hu->priv;
484 int pass_up;
485
486 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
487 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
488 bcsp->rxseq_txack++;
489 bcsp->rxseq_txack %= 0x8;
490 bcsp->txack_req = 1;
491
492 /* If needed, transmit an ack pkt */
493 hci_uart_tx_wakeup(hu);
494 }
495
496 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
497 BT_DBG("Request for pkt %u from card", bcsp->rxack);
498
499 bcsp_pkt_cull(bcsp);
500 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
501 bcsp->rx_skb->data[0] & 0x80) {
502 hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT;
503 pass_up = 1;
504 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
505 bcsp->rx_skb->data[0] & 0x80) {
506 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
507 pass_up = 1;
508 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
509 hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT;
510 pass_up = 1;
511 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
512 !(bcsp->rx_skb->data[0] & 0x80)) {
513 bcsp_handle_le_pkt(hu);
514 pass_up = 0;
515 } else
516 pass_up = 0;
517
518 if (!pass_up) {
519 struct hci_event_hdr hdr;
520 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
521
522 if (desc != 0 && desc != 1) {
523 if (hciextn) {
524 desc |= 0xc0;
525 skb_pull(bcsp->rx_skb, 4);
526 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
527
528 hdr.evt = 0xff;
529 hdr.plen = bcsp->rx_skb->len;
530 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
531 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
532
533 hci_recv_frame(hu->hdev, bcsp->rx_skb);
534 } else {
535 BT_ERR("Packet for unknown channel (%u %s)",
536 bcsp->rx_skb->data[1] & 0x0f,
537 bcsp->rx_skb->data[0] & 0x80 ?
538 "reliable" : "unreliable");
539 kfree_skb(bcsp->rx_skb);
540 }
541 } else
542 kfree_skb(bcsp->rx_skb);
543 } else {
544 /* Pull out BCSP hdr */
545 skb_pull(bcsp->rx_skb, 4);
546
547 hci_recv_frame(hu->hdev, bcsp->rx_skb);
548 }
549
550 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
551 bcsp->rx_skb = NULL;
552}
553
554static u16 bscp_get_crc(struct bcsp_struct *bcsp)
555{
556 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
557}
558
559/* Recv data */
560static int bcsp_recv(struct hci_uart *hu, const void *data, int count)
561{
562 struct bcsp_struct *bcsp = hu->priv;
563 const unsigned char *ptr;
564
565 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
566 hu, count, bcsp->rx_state, bcsp->rx_count);
567
568 ptr = data;
569 while (count) {
570 if (bcsp->rx_count) {
571 if (*ptr == 0xc0) {
572 BT_ERR("Short BCSP packet");
573 kfree_skb(bcsp->rx_skb);
574 bcsp->rx_state = BCSP_W4_PKT_START;
575 bcsp->rx_count = 0;
576 } else
577 bcsp_unslip_one_byte(bcsp, *ptr);
578
579 ptr++; count--;
580 continue;
581 }
582
583 switch (bcsp->rx_state) {
584 case BCSP_W4_BCSP_HDR:
585 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
586 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
587 BT_ERR("Error in BCSP hdr checksum");
588 kfree_skb(bcsp->rx_skb);
589 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
590 bcsp->rx_count = 0;
591 continue;
592 }
593 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */
594 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
595 BT_ERR("Out-of-order packet arrived, got %u expected %u",
596 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
597
598 kfree_skb(bcsp->rx_skb);
599 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
600 bcsp->rx_count = 0;
601 continue;
602 }
603 bcsp->rx_state = BCSP_W4_DATA;
604 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
605 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
606 continue;
607
608 case BCSP_W4_DATA:
609 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
610 bcsp->rx_state = BCSP_W4_CRC;
611 bcsp->rx_count = 2;
612 } else
613 bcsp_complete_rx_pkt(hu);
614 continue;
615
616 case BCSP_W4_CRC:
617 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
618 BT_ERR ("Checksum failed: computed %04x received %04x",
619 bitrev16(bcsp->message_crc),
620 bscp_get_crc(bcsp));
621
622 kfree_skb(bcsp->rx_skb);
623 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
624 bcsp->rx_count = 0;
625 continue;
626 }
627 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
628 bcsp_complete_rx_pkt(hu);
629 continue;
630
631 case BCSP_W4_PKT_DELIMITER:
632 switch (*ptr) {
633 case 0xc0:
634 bcsp->rx_state = BCSP_W4_PKT_START;
635 break;
636 default:
637 /*BT_ERR("Ignoring byte %02x", *ptr);*/
638 break;
639 }
640 ptr++; count--;
641 break;
642
643 case BCSP_W4_PKT_START:
644 switch (*ptr) {
645 case 0xc0:
646 ptr++; count--;
647 break;
648
649 default:
650 bcsp->rx_state = BCSP_W4_BCSP_HDR;
651 bcsp->rx_count = 4;
652 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
653 BCSP_CRC_INIT(bcsp->message_crc);
654
655 /* Do not increment ptr or decrement count
656 * Allocate packet. Max len of a BCSP pkt=
657 * 0xFFF (payload) +4 (header) +2 (crc) */
658
659 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
660 if (!bcsp->rx_skb) {
661 BT_ERR("Can't allocate mem for new packet");
662 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
663 bcsp->rx_count = 0;
664 return 0;
665 }
666 break;
667 }
668 break;
669 }
670 }
671 return count;
672}
673
674 /* Arrange to retransmit all messages in the relq. */
675static void bcsp_timed_event(unsigned long arg)
676{
677 struct hci_uart *hu = (struct hci_uart *) arg;
678 struct bcsp_struct *bcsp = hu->priv;
679 struct sk_buff *skb;
680 unsigned long flags;
681
682 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
683
684 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
685
686 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
687 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
688 skb_queue_head(&bcsp->rel, skb);
689 }
690
691 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
692
693 hci_uart_tx_wakeup(hu);
694}
695
696static int bcsp_open(struct hci_uart *hu)
697{
698 struct bcsp_struct *bcsp;
699
700 BT_DBG("hu %p", hu);
701
702 bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
703 if (!bcsp)
704 return -ENOMEM;
705
706 hu->priv = bcsp;
707 skb_queue_head_init(&bcsp->unack);
708 skb_queue_head_init(&bcsp->rel);
709 skb_queue_head_init(&bcsp->unrel);
710
711 init_timer(&bcsp->tbcsp);
712 bcsp->tbcsp.function = bcsp_timed_event;
713 bcsp->tbcsp.data = (u_long) hu;
714
715 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
716
717 if (txcrc)
718 bcsp->use_crc = 1;
719
720 return 0;
721}
722
723static int bcsp_close(struct hci_uart *hu)
724{
725 struct bcsp_struct *bcsp = hu->priv;
726
727 del_timer_sync(&bcsp->tbcsp);
728
729 hu->priv = NULL;
730
731 BT_DBG("hu %p", hu);
732
733 skb_queue_purge(&bcsp->unack);
734 skb_queue_purge(&bcsp->rel);
735 skb_queue_purge(&bcsp->unrel);
736
737 kfree(bcsp);
738 return 0;
739}
740
741static const struct hci_uart_proto bcsp = {
742 .id = HCI_UART_BCSP,
743 .name = "BCSP",
744 .open = bcsp_open,
745 .close = bcsp_close,
746 .enqueue = bcsp_enqueue,
747 .dequeue = bcsp_dequeue,
748 .recv = bcsp_recv,
749 .flush = bcsp_flush
750};
751
752int __init bcsp_init(void)
753{
754 return hci_uart_register_proto(&bcsp);
755}
756
757int __exit bcsp_deinit(void)
758{
759 return hci_uart_unregister_proto(&bcsp);
760}
761
762module_param(txcrc, bool, 0644);
763MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
764
765module_param(hciextn, bool, 0644);
766MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");
1/*
2 *
3 * Bluetooth HCI UART driver
4 *
5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 *
23 */
24
25#include <linux/module.h>
26
27#include <linux/kernel.h>
28#include <linux/init.h>
29#include <linux/types.h>
30#include <linux/fcntl.h>
31#include <linux/interrupt.h>
32#include <linux/ptrace.h>
33#include <linux/poll.h>
34
35#include <linux/slab.h>
36#include <linux/tty.h>
37#include <linux/errno.h>
38#include <linux/string.h>
39#include <linux/signal.h>
40#include <linux/ioctl.h>
41#include <linux/skbuff.h>
42#include <linux/bitrev.h>
43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
48#include "hci_uart.h"
49
50static bool txcrc = true;
51static bool hciextn = true;
52
53#define BCSP_TXWINSIZE 4
54
55#define BCSP_ACK_PKT 0x05
56#define BCSP_LE_PKT 0x06
57
58struct bcsp_struct {
59 struct sk_buff_head unack; /* Unack'ed packets queue */
60 struct sk_buff_head rel; /* Reliable packets queue */
61 struct sk_buff_head unrel; /* Unreliable packets queue */
62
63 unsigned long rx_count;
64 struct sk_buff *rx_skb;
65 u8 rxseq_txack; /* rxseq == txack. */
66 u8 rxack; /* Last packet sent by us that the peer ack'ed */
67 struct timer_list tbcsp;
68
69 enum {
70 BCSP_W4_PKT_DELIMITER,
71 BCSP_W4_PKT_START,
72 BCSP_W4_BCSP_HDR,
73 BCSP_W4_DATA,
74 BCSP_W4_CRC
75 } rx_state;
76
77 enum {
78 BCSP_ESCSTATE_NOESC,
79 BCSP_ESCSTATE_ESC
80 } rx_esc_state;
81
82 u8 use_crc;
83 u16 message_crc;
84 u8 txack_req; /* Do we need to send ack's to the peer? */
85
86 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
87 u8 msgq_txseq;
88};
89
90/* ---- BCSP CRC calculation ---- */
91
92/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
93 * initial value 0xffff, bits shifted in reverse order.
94 */
95
96static const u16 crc_table[] = {
97 0x0000, 0x1081, 0x2102, 0x3183,
98 0x4204, 0x5285, 0x6306, 0x7387,
99 0x8408, 0x9489, 0xa50a, 0xb58b,
100 0xc60c, 0xd68d, 0xe70e, 0xf78f
101};
102
103/* Initialise the crc calculator */
104#define BCSP_CRC_INIT(x) x = 0xffff
105
106/* Update crc with next data byte
107 *
108 * Implementation note
109 * The data byte is treated as two nibbles. The crc is generated
110 * in reverse, i.e., bits are fed into the register from the top.
111 */
112static void bcsp_crc_update(u16 *crc, u8 d)
113{
114 u16 reg = *crc;
115
116 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
117 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
118
119 *crc = reg;
120}
121
122/* ---- BCSP core ---- */
123
124static void bcsp_slip_msgdelim(struct sk_buff *skb)
125{
126 const char pkt_delim = 0xc0;
127
128 memcpy(skb_put(skb, 1), &pkt_delim, 1);
129}
130
131static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
132{
133 const char esc_c0[2] = { 0xdb, 0xdc };
134 const char esc_db[2] = { 0xdb, 0xdd };
135
136 switch (c) {
137 case 0xc0:
138 memcpy(skb_put(skb, 2), &esc_c0, 2);
139 break;
140 case 0xdb:
141 memcpy(skb_put(skb, 2), &esc_db, 2);
142 break;
143 default:
144 memcpy(skb_put(skb, 1), &c, 1);
145 }
146}
147
148static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
149{
150 struct bcsp_struct *bcsp = hu->priv;
151
152 if (skb->len > 0xFFF) {
153 BT_ERR("Packet too long");
154 kfree_skb(skb);
155 return 0;
156 }
157
158 switch (hci_skb_pkt_type(skb)) {
159 case HCI_ACLDATA_PKT:
160 case HCI_COMMAND_PKT:
161 skb_queue_tail(&bcsp->rel, skb);
162 break;
163
164 case HCI_SCODATA_PKT:
165 skb_queue_tail(&bcsp->unrel, skb);
166 break;
167
168 default:
169 BT_ERR("Unknown packet type");
170 kfree_skb(skb);
171 break;
172 }
173
174 return 0;
175}
176
177static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
178 int len, int pkt_type)
179{
180 struct sk_buff *nskb;
181 u8 hdr[4], chan;
182 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
183 int rel, i;
184
185 switch (pkt_type) {
186 case HCI_ACLDATA_PKT:
187 chan = 6; /* BCSP ACL channel */
188 rel = 1; /* reliable channel */
189 break;
190 case HCI_COMMAND_PKT:
191 chan = 5; /* BCSP cmd/evt channel */
192 rel = 1; /* reliable channel */
193 break;
194 case HCI_SCODATA_PKT:
195 chan = 7; /* BCSP SCO channel */
196 rel = 0; /* unreliable channel */
197 break;
198 case BCSP_LE_PKT:
199 chan = 1; /* BCSP LE channel */
200 rel = 0; /* unreliable channel */
201 break;
202 case BCSP_ACK_PKT:
203 chan = 0; /* BCSP internal channel */
204 rel = 0; /* unreliable channel */
205 break;
206 default:
207 BT_ERR("Unknown packet type");
208 return NULL;
209 }
210
211 if (hciextn && chan == 5) {
212 __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
213
214 /* Vendor specific commands */
215 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
216 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
217
218 if ((desc & 0xf0) == 0xc0) {
219 data += HCI_COMMAND_HDR_SIZE + 1;
220 len -= HCI_COMMAND_HDR_SIZE + 1;
221 chan = desc & 0x0f;
222 }
223 }
224 }
225
226 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
227 * (because bytes 0xc0 and 0xdb are escaped, worst case is
228 * when the packet is all made of 0xc0 and 0xdb :) )
229 * + 2 (0xc0 delimiters at start and end).
230 */
231
232 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
233 if (!nskb)
234 return NULL;
235
236 hci_skb_pkt_type(nskb) = pkt_type;
237
238 bcsp_slip_msgdelim(nskb);
239
240 hdr[0] = bcsp->rxseq_txack << 3;
241 bcsp->txack_req = 0;
242 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
243
244 if (rel) {
245 hdr[0] |= 0x80 + bcsp->msgq_txseq;
246 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
247 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
248 }
249
250 if (bcsp->use_crc)
251 hdr[0] |= 0x40;
252
253 hdr[1] = ((len << 4) & 0xff) | chan;
254 hdr[2] = len >> 4;
255 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
256
257 /* Put BCSP header */
258 for (i = 0; i < 4; i++) {
259 bcsp_slip_one_byte(nskb, hdr[i]);
260
261 if (bcsp->use_crc)
262 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
263 }
264
265 /* Put payload */
266 for (i = 0; i < len; i++) {
267 bcsp_slip_one_byte(nskb, data[i]);
268
269 if (bcsp->use_crc)
270 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
271 }
272
273 /* Put CRC */
274 if (bcsp->use_crc) {
275 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
276 bcsp_slip_one_byte(nskb, (u8)((bcsp_txmsg_crc >> 8) & 0x00ff));
277 bcsp_slip_one_byte(nskb, (u8)(bcsp_txmsg_crc & 0x00ff));
278 }
279
280 bcsp_slip_msgdelim(nskb);
281 return nskb;
282}
283
284/* This is a rewrite of pkt_avail in ABCSP */
285static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
286{
287 struct bcsp_struct *bcsp = hu->priv;
288 unsigned long flags;
289 struct sk_buff *skb;
290
291 /* First of all, check for unreliable messages in the queue,
292 * since they have priority
293 */
294
295 skb = skb_dequeue(&bcsp->unrel);
296 if (skb != NULL) {
297 struct sk_buff *nskb;
298
299 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
300 hci_skb_pkt_type(skb));
301 if (nskb) {
302 kfree_skb(skb);
303 return nskb;
304 } else {
305 skb_queue_head(&bcsp->unrel, skb);
306 BT_ERR("Could not dequeue pkt because alloc_skb failed");
307 }
308 }
309
310 /* Now, try to send a reliable pkt. We can only send a
311 * reliable packet if the number of packets sent but not yet ack'ed
312 * is < than the winsize
313 */
314
315 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
316
317 if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
318 skb = skb_dequeue(&bcsp->rel);
319 if (skb != NULL) {
320 struct sk_buff *nskb;
321
322 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
323 hci_skb_pkt_type(skb));
324 if (nskb) {
325 __skb_queue_tail(&bcsp->unack, skb);
326 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
327 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
328 return nskb;
329 } else {
330 skb_queue_head(&bcsp->rel, skb);
331 BT_ERR("Could not dequeue pkt because alloc_skb failed");
332 }
333 }
334 }
335
336 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
337
338 /* We could not send a reliable packet, either because there are
339 * none or because there are too many unack'ed pkts. Did we receive
340 * any packets we have not acknowledged yet ?
341 */
342
343 if (bcsp->txack_req) {
344 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
345 * channel 0
346 */
347 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
348 return nskb;
349 }
350
351 /* We have nothing to send */
352 return NULL;
353}
354
355static int bcsp_flush(struct hci_uart *hu)
356{
357 BT_DBG("hu %p", hu);
358 return 0;
359}
360
361/* Remove ack'ed packets */
362static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
363{
364 struct sk_buff *skb, *tmp;
365 unsigned long flags;
366 int i, pkts_to_be_removed;
367 u8 seqno;
368
369 spin_lock_irqsave(&bcsp->unack.lock, flags);
370
371 pkts_to_be_removed = skb_queue_len(&bcsp->unack);
372 seqno = bcsp->msgq_txseq;
373
374 while (pkts_to_be_removed) {
375 if (bcsp->rxack == seqno)
376 break;
377 pkts_to_be_removed--;
378 seqno = (seqno - 1) & 0x07;
379 }
380
381 if (bcsp->rxack != seqno)
382 BT_ERR("Peer acked invalid packet");
383
384 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
385 pkts_to_be_removed, skb_queue_len(&bcsp->unack),
386 (seqno - 1) & 0x07);
387
388 i = 0;
389 skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
390 if (i >= pkts_to_be_removed)
391 break;
392 i++;
393
394 __skb_unlink(skb, &bcsp->unack);
395 kfree_skb(skb);
396 }
397
398 if (skb_queue_empty(&bcsp->unack))
399 del_timer(&bcsp->tbcsp);
400
401 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
402
403 if (i != pkts_to_be_removed)
404 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
405}
406
407/* Handle BCSP link-establishment packets. When we
408 * detect a "sync" packet, symptom that the BT module has reset,
409 * we do nothing :) (yet)
410 */
411static void bcsp_handle_le_pkt(struct hci_uart *hu)
412{
413 struct bcsp_struct *bcsp = hu->priv;
414 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
415 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
416 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
417
418 /* spot "conf" pkts and reply with a "conf rsp" pkt */
419 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
420 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
421 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
422
423 BT_DBG("Found a LE conf pkt");
424 if (!nskb)
425 return;
426 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
427 hci_skb_pkt_type(nskb) = BCSP_LE_PKT;
428
429 skb_queue_head(&bcsp->unrel, nskb);
430 hci_uart_tx_wakeup(hu);
431 }
432 /* Spot "sync" pkts. If we find one...disaster! */
433 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
434 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
435 BT_ERR("Found a LE sync pkt, card has reset");
436 }
437}
438
439static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
440{
441 const u8 c0 = 0xc0, db = 0xdb;
442
443 switch (bcsp->rx_esc_state) {
444 case BCSP_ESCSTATE_NOESC:
445 switch (byte) {
446 case 0xdb:
447 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
448 break;
449 default:
450 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
451 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
452 bcsp->rx_state != BCSP_W4_CRC)
453 bcsp_crc_update(&bcsp->message_crc, byte);
454 bcsp->rx_count--;
455 }
456 break;
457
458 case BCSP_ESCSTATE_ESC:
459 switch (byte) {
460 case 0xdc:
461 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
462 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
463 bcsp->rx_state != BCSP_W4_CRC)
464 bcsp_crc_update(&bcsp->message_crc, 0xc0);
465 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
466 bcsp->rx_count--;
467 break;
468
469 case 0xdd:
470 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
471 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
472 bcsp->rx_state != BCSP_W4_CRC)
473 bcsp_crc_update(&bcsp->message_crc, 0xdb);
474 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
475 bcsp->rx_count--;
476 break;
477
478 default:
479 BT_ERR("Invalid byte %02x after esc byte", byte);
480 kfree_skb(bcsp->rx_skb);
481 bcsp->rx_skb = NULL;
482 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
483 bcsp->rx_count = 0;
484 }
485 }
486}
487
488static void bcsp_complete_rx_pkt(struct hci_uart *hu)
489{
490 struct bcsp_struct *bcsp = hu->priv;
491 int pass_up = 0;
492
493 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
494 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
495
496 /* check the rx sequence number is as expected */
497 if ((bcsp->rx_skb->data[0] & 0x07) == bcsp->rxseq_txack) {
498 bcsp->rxseq_txack++;
499 bcsp->rxseq_txack %= 0x8;
500 } else {
501 /* handle re-transmitted packet or
502 * when packet was missed
503 */
504 BT_ERR("Out-of-order packet arrived, got %u expected %u",
505 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
506
507 /* do not process out-of-order packet payload */
508 pass_up = 2;
509 }
510
511 /* send current txack value to all received reliable packets */
512 bcsp->txack_req = 1;
513
514 /* If needed, transmit an ack pkt */
515 hci_uart_tx_wakeup(hu);
516 }
517
518 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
519 BT_DBG("Request for pkt %u from card", bcsp->rxack);
520
521 /* handle received ACK indications,
522 * including those from out-of-order packets
523 */
524 bcsp_pkt_cull(bcsp);
525
526 if (pass_up != 2) {
527 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
528 (bcsp->rx_skb->data[0] & 0x80)) {
529 hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT;
530 pass_up = 1;
531 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
532 (bcsp->rx_skb->data[0] & 0x80)) {
533 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
534 pass_up = 1;
535 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
536 hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT;
537 pass_up = 1;
538 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
539 !(bcsp->rx_skb->data[0] & 0x80)) {
540 bcsp_handle_le_pkt(hu);
541 pass_up = 0;
542 } else {
543 pass_up = 0;
544 }
545 }
546
547 if (pass_up == 0) {
548 struct hci_event_hdr hdr;
549 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
550
551 if (desc != 0 && desc != 1) {
552 if (hciextn) {
553 desc |= 0xc0;
554 skb_pull(bcsp->rx_skb, 4);
555 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
556
557 hdr.evt = 0xff;
558 hdr.plen = bcsp->rx_skb->len;
559 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
560 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
561
562 hci_recv_frame(hu->hdev, bcsp->rx_skb);
563 } else {
564 BT_ERR("Packet for unknown channel (%u %s)",
565 bcsp->rx_skb->data[1] & 0x0f,
566 bcsp->rx_skb->data[0] & 0x80 ?
567 "reliable" : "unreliable");
568 kfree_skb(bcsp->rx_skb);
569 }
570 } else
571 kfree_skb(bcsp->rx_skb);
572 } else if (pass_up == 1) {
573 /* Pull out BCSP hdr */
574 skb_pull(bcsp->rx_skb, 4);
575
576 hci_recv_frame(hu->hdev, bcsp->rx_skb);
577 } else {
578 /* ignore packet payload of already ACKed re-transmitted
579 * packets or when a packet was missed in the BCSP window
580 */
581 kfree_skb(bcsp->rx_skb);
582 }
583
584 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
585 bcsp->rx_skb = NULL;
586}
587
588static u16 bscp_get_crc(struct bcsp_struct *bcsp)
589{
590 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
591}
592
593/* Recv data */
594static int bcsp_recv(struct hci_uart *hu, const void *data, int count)
595{
596 struct bcsp_struct *bcsp = hu->priv;
597 const unsigned char *ptr;
598
599 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
600 hu, count, bcsp->rx_state, bcsp->rx_count);
601
602 ptr = data;
603 while (count) {
604 if (bcsp->rx_count) {
605 if (*ptr == 0xc0) {
606 BT_ERR("Short BCSP packet");
607 kfree_skb(bcsp->rx_skb);
608 bcsp->rx_state = BCSP_W4_PKT_START;
609 bcsp->rx_count = 0;
610 } else
611 bcsp_unslip_one_byte(bcsp, *ptr);
612
613 ptr++; count--;
614 continue;
615 }
616
617 switch (bcsp->rx_state) {
618 case BCSP_W4_BCSP_HDR:
619 if ((0xff & (u8)~(bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
620 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
621 BT_ERR("Error in BCSP hdr checksum");
622 kfree_skb(bcsp->rx_skb);
623 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
624 bcsp->rx_count = 0;
625 continue;
626 }
627 bcsp->rx_state = BCSP_W4_DATA;
628 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
629 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
630 continue;
631
632 case BCSP_W4_DATA:
633 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
634 bcsp->rx_state = BCSP_W4_CRC;
635 bcsp->rx_count = 2;
636 } else
637 bcsp_complete_rx_pkt(hu);
638 continue;
639
640 case BCSP_W4_CRC:
641 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
642 BT_ERR("Checksum failed: computed %04x received %04x",
643 bitrev16(bcsp->message_crc),
644 bscp_get_crc(bcsp));
645
646 kfree_skb(bcsp->rx_skb);
647 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
648 bcsp->rx_count = 0;
649 continue;
650 }
651 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
652 bcsp_complete_rx_pkt(hu);
653 continue;
654
655 case BCSP_W4_PKT_DELIMITER:
656 switch (*ptr) {
657 case 0xc0:
658 bcsp->rx_state = BCSP_W4_PKT_START;
659 break;
660 default:
661 /*BT_ERR("Ignoring byte %02x", *ptr);*/
662 break;
663 }
664 ptr++; count--;
665 break;
666
667 case BCSP_W4_PKT_START:
668 switch (*ptr) {
669 case 0xc0:
670 ptr++; count--;
671 break;
672
673 default:
674 bcsp->rx_state = BCSP_W4_BCSP_HDR;
675 bcsp->rx_count = 4;
676 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
677 BCSP_CRC_INIT(bcsp->message_crc);
678
679 /* Do not increment ptr or decrement count
680 * Allocate packet. Max len of a BCSP pkt=
681 * 0xFFF (payload) +4 (header) +2 (crc)
682 */
683
684 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
685 if (!bcsp->rx_skb) {
686 BT_ERR("Can't allocate mem for new packet");
687 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
688 bcsp->rx_count = 0;
689 return 0;
690 }
691 break;
692 }
693 break;
694 }
695 }
696 return count;
697}
698
699 /* Arrange to retransmit all messages in the relq. */
700static void bcsp_timed_event(unsigned long arg)
701{
702 struct hci_uart *hu = (struct hci_uart *)arg;
703 struct bcsp_struct *bcsp = hu->priv;
704 struct sk_buff *skb;
705 unsigned long flags;
706
707 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
708
709 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
710
711 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
712 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
713 skb_queue_head(&bcsp->rel, skb);
714 }
715
716 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
717
718 hci_uart_tx_wakeup(hu);
719}
720
721static int bcsp_open(struct hci_uart *hu)
722{
723 struct bcsp_struct *bcsp;
724
725 BT_DBG("hu %p", hu);
726
727 bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
728 if (!bcsp)
729 return -ENOMEM;
730
731 hu->priv = bcsp;
732 skb_queue_head_init(&bcsp->unack);
733 skb_queue_head_init(&bcsp->rel);
734 skb_queue_head_init(&bcsp->unrel);
735
736 setup_timer(&bcsp->tbcsp, bcsp_timed_event, (u_long)hu);
737
738 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
739
740 if (txcrc)
741 bcsp->use_crc = 1;
742
743 return 0;
744}
745
746static int bcsp_close(struct hci_uart *hu)
747{
748 struct bcsp_struct *bcsp = hu->priv;
749
750 del_timer_sync(&bcsp->tbcsp);
751
752 hu->priv = NULL;
753
754 BT_DBG("hu %p", hu);
755
756 skb_queue_purge(&bcsp->unack);
757 skb_queue_purge(&bcsp->rel);
758 skb_queue_purge(&bcsp->unrel);
759
760 kfree(bcsp);
761 return 0;
762}
763
764static const struct hci_uart_proto bcsp = {
765 .id = HCI_UART_BCSP,
766 .name = "BCSP",
767 .open = bcsp_open,
768 .close = bcsp_close,
769 .enqueue = bcsp_enqueue,
770 .dequeue = bcsp_dequeue,
771 .recv = bcsp_recv,
772 .flush = bcsp_flush
773};
774
775int __init bcsp_init(void)
776{
777 return hci_uart_register_proto(&bcsp);
778}
779
780int __exit bcsp_deinit(void)
781{
782 return hci_uart_unregister_proto(&bcsp);
783}
784
785module_param(txcrc, bool, 0644);
786MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
787
788module_param(hciextn, bool, 0644);
789MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");