Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 *
4 * Bluetooth HCI UART driver
5 *
6 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
7 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
8 */
9
10#include <linux/module.h>
11
12#include <linux/kernel.h>
13#include <linux/init.h>
14#include <linux/types.h>
15#include <linux/fcntl.h>
16#include <linux/interrupt.h>
17#include <linux/ptrace.h>
18#include <linux/poll.h>
19
20#include <linux/slab.h>
21#include <linux/tty.h>
22#include <linux/errno.h>
23#include <linux/string.h>
24#include <linux/signal.h>
25#include <linux/ioctl.h>
26#include <linux/skbuff.h>
27#include <linux/bitrev.h>
28#include <linux/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32
33#include "hci_uart.h"
34
35static bool txcrc = true;
36static bool hciextn = true;
37
38#define BCSP_TXWINSIZE 4
39
40#define BCSP_ACK_PKT 0x05
41#define BCSP_LE_PKT 0x06
42
43struct bcsp_struct {
44 struct sk_buff_head unack; /* Unack'ed packets queue */
45 struct sk_buff_head rel; /* Reliable packets queue */
46 struct sk_buff_head unrel; /* Unreliable packets queue */
47
48 unsigned long rx_count;
49 struct sk_buff *rx_skb;
50 u8 rxseq_txack; /* rxseq == txack. */
51 u8 rxack; /* Last packet sent by us that the peer ack'ed */
52 struct timer_list tbcsp;
53 struct hci_uart *hu;
54
55 enum {
56 BCSP_W4_PKT_DELIMITER,
57 BCSP_W4_PKT_START,
58 BCSP_W4_BCSP_HDR,
59 BCSP_W4_DATA,
60 BCSP_W4_CRC
61 } rx_state;
62
63 enum {
64 BCSP_ESCSTATE_NOESC,
65 BCSP_ESCSTATE_ESC
66 } rx_esc_state;
67
68 u8 use_crc;
69 u16 message_crc;
70 u8 txack_req; /* Do we need to send ack's to the peer? */
71
72 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
73 u8 msgq_txseq;
74};
75
76/* ---- BCSP CRC calculation ---- */
77
78/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
79 * initial value 0xffff, bits shifted in reverse order.
80 */
81
82static const u16 crc_table[] = {
83 0x0000, 0x1081, 0x2102, 0x3183,
84 0x4204, 0x5285, 0x6306, 0x7387,
85 0x8408, 0x9489, 0xa50a, 0xb58b,
86 0xc60c, 0xd68d, 0xe70e, 0xf78f
87};
88
89/* Initialise the crc calculator */
90#define BCSP_CRC_INIT(x) x = 0xffff
91
92/* Update crc with next data byte
93 *
94 * Implementation note
95 * The data byte is treated as two nibbles. The crc is generated
96 * in reverse, i.e., bits are fed into the register from the top.
97 */
98static void bcsp_crc_update(u16 *crc, u8 d)
99{
100 u16 reg = *crc;
101
102 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
103 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
104
105 *crc = reg;
106}
107
108/* ---- BCSP core ---- */
109
110static void bcsp_slip_msgdelim(struct sk_buff *skb)
111{
112 const char pkt_delim = 0xc0;
113
114 skb_put_data(skb, &pkt_delim, 1);
115}
116
117static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
118{
119 const char esc_c0[2] = { 0xdb, 0xdc };
120 const char esc_db[2] = { 0xdb, 0xdd };
121
122 switch (c) {
123 case 0xc0:
124 skb_put_data(skb, &esc_c0, 2);
125 break;
126 case 0xdb:
127 skb_put_data(skb, &esc_db, 2);
128 break;
129 default:
130 skb_put_data(skb, &c, 1);
131 }
132}
133
134static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
135{
136 struct bcsp_struct *bcsp = hu->priv;
137
138 if (skb->len > 0xFFF) {
139 BT_ERR("Packet too long");
140 kfree_skb(skb);
141 return 0;
142 }
143
144 switch (hci_skb_pkt_type(skb)) {
145 case HCI_ACLDATA_PKT:
146 case HCI_COMMAND_PKT:
147 skb_queue_tail(&bcsp->rel, skb);
148 break;
149
150 case HCI_SCODATA_PKT:
151 skb_queue_tail(&bcsp->unrel, skb);
152 break;
153
154 default:
155 BT_ERR("Unknown packet type");
156 kfree_skb(skb);
157 break;
158 }
159
160 return 0;
161}
162
163static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
164 int len, int pkt_type)
165{
166 struct sk_buff *nskb;
167 u8 hdr[4], chan;
168 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
169 int rel, i;
170
171 switch (pkt_type) {
172 case HCI_ACLDATA_PKT:
173 chan = 6; /* BCSP ACL channel */
174 rel = 1; /* reliable channel */
175 break;
176 case HCI_COMMAND_PKT:
177 chan = 5; /* BCSP cmd/evt channel */
178 rel = 1; /* reliable channel */
179 break;
180 case HCI_SCODATA_PKT:
181 chan = 7; /* BCSP SCO channel */
182 rel = 0; /* unreliable channel */
183 break;
184 case BCSP_LE_PKT:
185 chan = 1; /* BCSP LE channel */
186 rel = 0; /* unreliable channel */
187 break;
188 case BCSP_ACK_PKT:
189 chan = 0; /* BCSP internal channel */
190 rel = 0; /* unreliable channel */
191 break;
192 default:
193 BT_ERR("Unknown packet type");
194 return NULL;
195 }
196
197 if (hciextn && chan == 5) {
198 __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
199
200 /* Vendor specific commands */
201 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
202 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
203
204 if ((desc & 0xf0) == 0xc0) {
205 data += HCI_COMMAND_HDR_SIZE + 1;
206 len -= HCI_COMMAND_HDR_SIZE + 1;
207 chan = desc & 0x0f;
208 }
209 }
210 }
211
212 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
213 * (because bytes 0xc0 and 0xdb are escaped, worst case is
214 * when the packet is all made of 0xc0 and 0xdb :) )
215 * + 2 (0xc0 delimiters at start and end).
216 */
217
218 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
219 if (!nskb)
220 return NULL;
221
222 hci_skb_pkt_type(nskb) = pkt_type;
223
224 bcsp_slip_msgdelim(nskb);
225
226 hdr[0] = bcsp->rxseq_txack << 3;
227 bcsp->txack_req = 0;
228 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
229
230 if (rel) {
231 hdr[0] |= 0x80 + bcsp->msgq_txseq;
232 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
233 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
234 }
235
236 if (bcsp->use_crc)
237 hdr[0] |= 0x40;
238
239 hdr[1] = ((len << 4) & 0xff) | chan;
240 hdr[2] = len >> 4;
241 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
242
243 /* Put BCSP header */
244 for (i = 0; i < 4; i++) {
245 bcsp_slip_one_byte(nskb, hdr[i]);
246
247 if (bcsp->use_crc)
248 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
249 }
250
251 /* Put payload */
252 for (i = 0; i < len; i++) {
253 bcsp_slip_one_byte(nskb, data[i]);
254
255 if (bcsp->use_crc)
256 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
257 }
258
259 /* Put CRC */
260 if (bcsp->use_crc) {
261 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
262 bcsp_slip_one_byte(nskb, (u8)((bcsp_txmsg_crc >> 8) & 0x00ff));
263 bcsp_slip_one_byte(nskb, (u8)(bcsp_txmsg_crc & 0x00ff));
264 }
265
266 bcsp_slip_msgdelim(nskb);
267 return nskb;
268}
269
270/* This is a rewrite of pkt_avail in ABCSP */
271static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
272{
273 struct bcsp_struct *bcsp = hu->priv;
274 unsigned long flags;
275 struct sk_buff *skb;
276
277 /* First of all, check for unreliable messages in the queue,
278 * since they have priority
279 */
280
281 skb = skb_dequeue(&bcsp->unrel);
282 if (skb != NULL) {
283 struct sk_buff *nskb;
284
285 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
286 hci_skb_pkt_type(skb));
287 if (nskb) {
288 kfree_skb(skb);
289 return nskb;
290 } else {
291 skb_queue_head(&bcsp->unrel, skb);
292 BT_ERR("Could not dequeue pkt because alloc_skb failed");
293 }
294 }
295
296 /* Now, try to send a reliable pkt. We can only send a
297 * reliable packet if the number of packets sent but not yet ack'ed
298 * is < than the winsize
299 */
300
301 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
302
303 if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
304 skb = skb_dequeue(&bcsp->rel);
305 if (skb != NULL) {
306 struct sk_buff *nskb;
307
308 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
309 hci_skb_pkt_type(skb));
310 if (nskb) {
311 __skb_queue_tail(&bcsp->unack, skb);
312 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
313 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
314 return nskb;
315 } else {
316 skb_queue_head(&bcsp->rel, skb);
317 BT_ERR("Could not dequeue pkt because alloc_skb failed");
318 }
319 }
320 }
321
322 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
323
324 /* We could not send a reliable packet, either because there are
325 * none or because there are too many unack'ed pkts. Did we receive
326 * any packets we have not acknowledged yet ?
327 */
328
329 if (bcsp->txack_req) {
330 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
331 * channel 0
332 */
333 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
334 return nskb;
335 }
336
337 /* We have nothing to send */
338 return NULL;
339}
340
341static int bcsp_flush(struct hci_uart *hu)
342{
343 BT_DBG("hu %p", hu);
344 return 0;
345}
346
347/* Remove ack'ed packets */
348static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
349{
350 struct sk_buff *skb, *tmp;
351 unsigned long flags;
352 int i, pkts_to_be_removed;
353 u8 seqno;
354
355 spin_lock_irqsave(&bcsp->unack.lock, flags);
356
357 pkts_to_be_removed = skb_queue_len(&bcsp->unack);
358 seqno = bcsp->msgq_txseq;
359
360 while (pkts_to_be_removed) {
361 if (bcsp->rxack == seqno)
362 break;
363 pkts_to_be_removed--;
364 seqno = (seqno - 1) & 0x07;
365 }
366
367 if (bcsp->rxack != seqno)
368 BT_ERR("Peer acked invalid packet");
369
370 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
371 pkts_to_be_removed, skb_queue_len(&bcsp->unack),
372 (seqno - 1) & 0x07);
373
374 i = 0;
375 skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
376 if (i >= pkts_to_be_removed)
377 break;
378 i++;
379
380 __skb_unlink(skb, &bcsp->unack);
381 dev_kfree_skb_irq(skb);
382 }
383
384 if (skb_queue_empty(&bcsp->unack))
385 del_timer(&bcsp->tbcsp);
386
387 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
388
389 if (i != pkts_to_be_removed)
390 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
391}
392
393/* Handle BCSP link-establishment packets. When we
394 * detect a "sync" packet, symptom that the BT module has reset,
395 * we do nothing :) (yet)
396 */
397static void bcsp_handle_le_pkt(struct hci_uart *hu)
398{
399 struct bcsp_struct *bcsp = hu->priv;
400 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
401 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
402 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
403
404 /* spot "conf" pkts and reply with a "conf rsp" pkt */
405 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
406 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
407 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
408
409 BT_DBG("Found a LE conf pkt");
410 if (!nskb)
411 return;
412 skb_put_data(nskb, conf_rsp_pkt, 4);
413 hci_skb_pkt_type(nskb) = BCSP_LE_PKT;
414
415 skb_queue_head(&bcsp->unrel, nskb);
416 hci_uart_tx_wakeup(hu);
417 }
418 /* Spot "sync" pkts. If we find one...disaster! */
419 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
420 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
421 BT_ERR("Found a LE sync pkt, card has reset");
422 }
423}
424
425static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
426{
427 const u8 c0 = 0xc0, db = 0xdb;
428
429 switch (bcsp->rx_esc_state) {
430 case BCSP_ESCSTATE_NOESC:
431 switch (byte) {
432 case 0xdb:
433 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
434 break;
435 default:
436 skb_put_data(bcsp->rx_skb, &byte, 1);
437 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
438 bcsp->rx_state != BCSP_W4_CRC)
439 bcsp_crc_update(&bcsp->message_crc, byte);
440 bcsp->rx_count--;
441 }
442 break;
443
444 case BCSP_ESCSTATE_ESC:
445 switch (byte) {
446 case 0xdc:
447 skb_put_data(bcsp->rx_skb, &c0, 1);
448 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
449 bcsp->rx_state != BCSP_W4_CRC)
450 bcsp_crc_update(&bcsp->message_crc, 0xc0);
451 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
452 bcsp->rx_count--;
453 break;
454
455 case 0xdd:
456 skb_put_data(bcsp->rx_skb, &db, 1);
457 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
458 bcsp->rx_state != BCSP_W4_CRC)
459 bcsp_crc_update(&bcsp->message_crc, 0xdb);
460 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
461 bcsp->rx_count--;
462 break;
463
464 default:
465 BT_ERR("Invalid byte %02x after esc byte", byte);
466 kfree_skb(bcsp->rx_skb);
467 bcsp->rx_skb = NULL;
468 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
469 bcsp->rx_count = 0;
470 }
471 }
472}
473
474static void bcsp_complete_rx_pkt(struct hci_uart *hu)
475{
476 struct bcsp_struct *bcsp = hu->priv;
477 int pass_up = 0;
478
479 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
480 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
481
482 /* check the rx sequence number is as expected */
483 if ((bcsp->rx_skb->data[0] & 0x07) == bcsp->rxseq_txack) {
484 bcsp->rxseq_txack++;
485 bcsp->rxseq_txack %= 0x8;
486 } else {
487 /* handle re-transmitted packet or
488 * when packet was missed
489 */
490 BT_ERR("Out-of-order packet arrived, got %u expected %u",
491 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
492
493 /* do not process out-of-order packet payload */
494 pass_up = 2;
495 }
496
497 /* send current txack value to all received reliable packets */
498 bcsp->txack_req = 1;
499
500 /* If needed, transmit an ack pkt */
501 hci_uart_tx_wakeup(hu);
502 }
503
504 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
505 BT_DBG("Request for pkt %u from card", bcsp->rxack);
506
507 /* handle received ACK indications,
508 * including those from out-of-order packets
509 */
510 bcsp_pkt_cull(bcsp);
511
512 if (pass_up != 2) {
513 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
514 (bcsp->rx_skb->data[0] & 0x80)) {
515 hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT;
516 pass_up = 1;
517 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
518 (bcsp->rx_skb->data[0] & 0x80)) {
519 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
520 pass_up = 1;
521 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
522 hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT;
523 pass_up = 1;
524 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
525 !(bcsp->rx_skb->data[0] & 0x80)) {
526 bcsp_handle_le_pkt(hu);
527 pass_up = 0;
528 } else {
529 pass_up = 0;
530 }
531 }
532
533 if (pass_up == 0) {
534 struct hci_event_hdr hdr;
535 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
536
537 if (desc != 0 && desc != 1) {
538 if (hciextn) {
539 desc |= 0xc0;
540 skb_pull(bcsp->rx_skb, 4);
541 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
542
543 hdr.evt = 0xff;
544 hdr.plen = bcsp->rx_skb->len;
545 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
546 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
547
548 hci_recv_frame(hu->hdev, bcsp->rx_skb);
549 } else {
550 BT_ERR("Packet for unknown channel (%u %s)",
551 bcsp->rx_skb->data[1] & 0x0f,
552 bcsp->rx_skb->data[0] & 0x80 ?
553 "reliable" : "unreliable");
554 kfree_skb(bcsp->rx_skb);
555 }
556 } else
557 kfree_skb(bcsp->rx_skb);
558 } else if (pass_up == 1) {
559 /* Pull out BCSP hdr */
560 skb_pull(bcsp->rx_skb, 4);
561
562 hci_recv_frame(hu->hdev, bcsp->rx_skb);
563 } else {
564 /* ignore packet payload of already ACKed re-transmitted
565 * packets or when a packet was missed in the BCSP window
566 */
567 kfree_skb(bcsp->rx_skb);
568 }
569
570 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
571 bcsp->rx_skb = NULL;
572}
573
574static u16 bscp_get_crc(struct bcsp_struct *bcsp)
575{
576 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
577}
578
579/* Recv data */
580static int bcsp_recv(struct hci_uart *hu, const void *data, int count)
581{
582 struct bcsp_struct *bcsp = hu->priv;
583 const unsigned char *ptr;
584
585 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
586 hu, count, bcsp->rx_state, bcsp->rx_count);
587
588 ptr = data;
589 while (count) {
590 if (bcsp->rx_count) {
591 if (*ptr == 0xc0) {
592 BT_ERR("Short BCSP packet");
593 kfree_skb(bcsp->rx_skb);
594 bcsp->rx_skb = NULL;
595 bcsp->rx_state = BCSP_W4_PKT_START;
596 bcsp->rx_count = 0;
597 } else
598 bcsp_unslip_one_byte(bcsp, *ptr);
599
600 ptr++; count--;
601 continue;
602 }
603
604 switch (bcsp->rx_state) {
605 case BCSP_W4_BCSP_HDR:
606 if ((0xff & (u8)~(bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
607 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
608 BT_ERR("Error in BCSP hdr checksum");
609 kfree_skb(bcsp->rx_skb);
610 bcsp->rx_skb = NULL;
611 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
612 bcsp->rx_count = 0;
613 continue;
614 }
615 bcsp->rx_state = BCSP_W4_DATA;
616 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
617 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
618 continue;
619
620 case BCSP_W4_DATA:
621 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
622 bcsp->rx_state = BCSP_W4_CRC;
623 bcsp->rx_count = 2;
624 } else
625 bcsp_complete_rx_pkt(hu);
626 continue;
627
628 case BCSP_W4_CRC:
629 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
630 BT_ERR("Checksum failed: computed %04x received %04x",
631 bitrev16(bcsp->message_crc),
632 bscp_get_crc(bcsp));
633
634 kfree_skb(bcsp->rx_skb);
635 bcsp->rx_skb = NULL;
636 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
637 bcsp->rx_count = 0;
638 continue;
639 }
640 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
641 bcsp_complete_rx_pkt(hu);
642 continue;
643
644 case BCSP_W4_PKT_DELIMITER:
645 switch (*ptr) {
646 case 0xc0:
647 bcsp->rx_state = BCSP_W4_PKT_START;
648 break;
649 default:
650 /*BT_ERR("Ignoring byte %02x", *ptr);*/
651 break;
652 }
653 ptr++; count--;
654 break;
655
656 case BCSP_W4_PKT_START:
657 switch (*ptr) {
658 case 0xc0:
659 ptr++; count--;
660 break;
661
662 default:
663 bcsp->rx_state = BCSP_W4_BCSP_HDR;
664 bcsp->rx_count = 4;
665 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
666 BCSP_CRC_INIT(bcsp->message_crc);
667
668 /* Do not increment ptr or decrement count
669 * Allocate packet. Max len of a BCSP pkt=
670 * 0xFFF (payload) +4 (header) +2 (crc)
671 */
672
673 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
674 if (!bcsp->rx_skb) {
675 BT_ERR("Can't allocate mem for new packet");
676 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
677 bcsp->rx_count = 0;
678 return 0;
679 }
680 break;
681 }
682 break;
683 }
684 }
685 return count;
686}
687
688 /* Arrange to retransmit all messages in the relq. */
689static void bcsp_timed_event(struct timer_list *t)
690{
691 struct bcsp_struct *bcsp = from_timer(bcsp, t, tbcsp);
692 struct hci_uart *hu = bcsp->hu;
693 struct sk_buff *skb;
694 unsigned long flags;
695
696 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
697
698 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
699
700 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
701 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
702 skb_queue_head(&bcsp->rel, skb);
703 }
704
705 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
706
707 hci_uart_tx_wakeup(hu);
708}
709
710static int bcsp_open(struct hci_uart *hu)
711{
712 struct bcsp_struct *bcsp;
713
714 BT_DBG("hu %p", hu);
715
716 bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
717 if (!bcsp)
718 return -ENOMEM;
719
720 hu->priv = bcsp;
721 bcsp->hu = hu;
722 skb_queue_head_init(&bcsp->unack);
723 skb_queue_head_init(&bcsp->rel);
724 skb_queue_head_init(&bcsp->unrel);
725
726 timer_setup(&bcsp->tbcsp, bcsp_timed_event, 0);
727
728 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
729
730 if (txcrc)
731 bcsp->use_crc = 1;
732
733 return 0;
734}
735
736static int bcsp_close(struct hci_uart *hu)
737{
738 struct bcsp_struct *bcsp = hu->priv;
739
740 timer_shutdown_sync(&bcsp->tbcsp);
741
742 hu->priv = NULL;
743
744 BT_DBG("hu %p", hu);
745
746 skb_queue_purge(&bcsp->unack);
747 skb_queue_purge(&bcsp->rel);
748 skb_queue_purge(&bcsp->unrel);
749
750 if (bcsp->rx_skb) {
751 kfree_skb(bcsp->rx_skb);
752 bcsp->rx_skb = NULL;
753 }
754
755 kfree(bcsp);
756 return 0;
757}
758
759static const struct hci_uart_proto bcsp = {
760 .id = HCI_UART_BCSP,
761 .name = "BCSP",
762 .open = bcsp_open,
763 .close = bcsp_close,
764 .enqueue = bcsp_enqueue,
765 .dequeue = bcsp_dequeue,
766 .recv = bcsp_recv,
767 .flush = bcsp_flush
768};
769
770int __init bcsp_init(void)
771{
772 return hci_uart_register_proto(&bcsp);
773}
774
775int __exit bcsp_deinit(void)
776{
777 return hci_uart_unregister_proto(&bcsp);
778}
779
780module_param(txcrc, bool, 0644);
781MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
782
783module_param(hciextn, bool, 0644);
784MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");
1/*
2 *
3 * Bluetooth HCI UART driver
4 *
5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 *
23 */
24
25#include <linux/module.h>
26
27#include <linux/kernel.h>
28#include <linux/init.h>
29#include <linux/types.h>
30#include <linux/fcntl.h>
31#include <linux/interrupt.h>
32#include <linux/ptrace.h>
33#include <linux/poll.h>
34
35#include <linux/slab.h>
36#include <linux/tty.h>
37#include <linux/errno.h>
38#include <linux/string.h>
39#include <linux/signal.h>
40#include <linux/ioctl.h>
41#include <linux/skbuff.h>
42#include <linux/bitrev.h>
43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
48#include "hci_uart.h"
49
50#define VERSION "0.3"
51
52static bool txcrc = 1;
53static bool hciextn = 1;
54
55#define BCSP_TXWINSIZE 4
56
57#define BCSP_ACK_PKT 0x05
58#define BCSP_LE_PKT 0x06
59
60struct bcsp_struct {
61 struct sk_buff_head unack; /* Unack'ed packets queue */
62 struct sk_buff_head rel; /* Reliable packets queue */
63 struct sk_buff_head unrel; /* Unreliable packets queue */
64
65 unsigned long rx_count;
66 struct sk_buff *rx_skb;
67 u8 rxseq_txack; /* rxseq == txack. */
68 u8 rxack; /* Last packet sent by us that the peer ack'ed */
69 struct timer_list tbcsp;
70
71 enum {
72 BCSP_W4_PKT_DELIMITER,
73 BCSP_W4_PKT_START,
74 BCSP_W4_BCSP_HDR,
75 BCSP_W4_DATA,
76 BCSP_W4_CRC
77 } rx_state;
78
79 enum {
80 BCSP_ESCSTATE_NOESC,
81 BCSP_ESCSTATE_ESC
82 } rx_esc_state;
83
84 u8 use_crc;
85 u16 message_crc;
86 u8 txack_req; /* Do we need to send ack's to the peer? */
87
88 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
89 u8 msgq_txseq;
90};
91
92/* ---- BCSP CRC calculation ---- */
93
94/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
95initial value 0xffff, bits shifted in reverse order. */
96
97static const u16 crc_table[] = {
98 0x0000, 0x1081, 0x2102, 0x3183,
99 0x4204, 0x5285, 0x6306, 0x7387,
100 0x8408, 0x9489, 0xa50a, 0xb58b,
101 0xc60c, 0xd68d, 0xe70e, 0xf78f
102};
103
104/* Initialise the crc calculator */
105#define BCSP_CRC_INIT(x) x = 0xffff
106
107/*
108 Update crc with next data byte
109
110 Implementation note
111 The data byte is treated as two nibbles. The crc is generated
112 in reverse, i.e., bits are fed into the register from the top.
113*/
114static void bcsp_crc_update(u16 *crc, u8 d)
115{
116 u16 reg = *crc;
117
118 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
119 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
120
121 *crc = reg;
122}
123
124/* ---- BCSP core ---- */
125
126static void bcsp_slip_msgdelim(struct sk_buff *skb)
127{
128 const char pkt_delim = 0xc0;
129
130 memcpy(skb_put(skb, 1), &pkt_delim, 1);
131}
132
133static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
134{
135 const char esc_c0[2] = { 0xdb, 0xdc };
136 const char esc_db[2] = { 0xdb, 0xdd };
137
138 switch (c) {
139 case 0xc0:
140 memcpy(skb_put(skb, 2), &esc_c0, 2);
141 break;
142 case 0xdb:
143 memcpy(skb_put(skb, 2), &esc_db, 2);
144 break;
145 default:
146 memcpy(skb_put(skb, 1), &c, 1);
147 }
148}
149
150static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
151{
152 struct bcsp_struct *bcsp = hu->priv;
153
154 if (skb->len > 0xFFF) {
155 BT_ERR("Packet too long");
156 kfree_skb(skb);
157 return 0;
158 }
159
160 switch (bt_cb(skb)->pkt_type) {
161 case HCI_ACLDATA_PKT:
162 case HCI_COMMAND_PKT:
163 skb_queue_tail(&bcsp->rel, skb);
164 break;
165
166 case HCI_SCODATA_PKT:
167 skb_queue_tail(&bcsp->unrel, skb);
168 break;
169
170 default:
171 BT_ERR("Unknown packet type");
172 kfree_skb(skb);
173 break;
174 }
175
176 return 0;
177}
178
179static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
180 int len, int pkt_type)
181{
182 struct sk_buff *nskb;
183 u8 hdr[4], chan;
184 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
185 int rel, i;
186
187 switch (pkt_type) {
188 case HCI_ACLDATA_PKT:
189 chan = 6; /* BCSP ACL channel */
190 rel = 1; /* reliable channel */
191 break;
192 case HCI_COMMAND_PKT:
193 chan = 5; /* BCSP cmd/evt channel */
194 rel = 1; /* reliable channel */
195 break;
196 case HCI_SCODATA_PKT:
197 chan = 7; /* BCSP SCO channel */
198 rel = 0; /* unreliable channel */
199 break;
200 case BCSP_LE_PKT:
201 chan = 1; /* BCSP LE channel */
202 rel = 0; /* unreliable channel */
203 break;
204 case BCSP_ACK_PKT:
205 chan = 0; /* BCSP internal channel */
206 rel = 0; /* unreliable channel */
207 break;
208 default:
209 BT_ERR("Unknown packet type");
210 return NULL;
211 }
212
213 if (hciextn && chan == 5) {
214 __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
215
216 /* Vendor specific commands */
217 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
218 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
219 if ((desc & 0xf0) == 0xc0) {
220 data += HCI_COMMAND_HDR_SIZE + 1;
221 len -= HCI_COMMAND_HDR_SIZE + 1;
222 chan = desc & 0x0f;
223 }
224 }
225 }
226
227 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
228 (because bytes 0xc0 and 0xdb are escaped, worst case is
229 when the packet is all made of 0xc0 and 0xdb :) )
230 + 2 (0xc0 delimiters at start and end). */
231
232 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
233 if (!nskb)
234 return NULL;
235
236 bt_cb(nskb)->pkt_type = pkt_type;
237
238 bcsp_slip_msgdelim(nskb);
239
240 hdr[0] = bcsp->rxseq_txack << 3;
241 bcsp->txack_req = 0;
242 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
243
244 if (rel) {
245 hdr[0] |= 0x80 + bcsp->msgq_txseq;
246 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
247 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
248 }
249
250 if (bcsp->use_crc)
251 hdr[0] |= 0x40;
252
253 hdr[1] = ((len << 4) & 0xff) | chan;
254 hdr[2] = len >> 4;
255 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
256
257 /* Put BCSP header */
258 for (i = 0; i < 4; i++) {
259 bcsp_slip_one_byte(nskb, hdr[i]);
260
261 if (bcsp->use_crc)
262 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
263 }
264
265 /* Put payload */
266 for (i = 0; i < len; i++) {
267 bcsp_slip_one_byte(nskb, data[i]);
268
269 if (bcsp->use_crc)
270 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
271 }
272
273 /* Put CRC */
274 if (bcsp->use_crc) {
275 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
276 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
277 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
278 }
279
280 bcsp_slip_msgdelim(nskb);
281 return nskb;
282}
283
284/* This is a rewrite of pkt_avail in ABCSP */
285static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
286{
287 struct bcsp_struct *bcsp = hu->priv;
288 unsigned long flags;
289 struct sk_buff *skb;
290
291 /* First of all, check for unreliable messages in the queue,
292 since they have priority */
293
294 skb = skb_dequeue(&bcsp->unrel);
295 if (skb != NULL) {
296 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
297 if (nskb) {
298 kfree_skb(skb);
299 return nskb;
300 } else {
301 skb_queue_head(&bcsp->unrel, skb);
302 BT_ERR("Could not dequeue pkt because alloc_skb failed");
303 }
304 }
305
306 /* Now, try to send a reliable pkt. We can only send a
307 reliable packet if the number of packets sent but not yet ack'ed
308 is < than the winsize */
309
310 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
311
312 if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
313 skb = skb_dequeue(&bcsp->rel);
314 if (skb != NULL) {
315 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
316 bt_cb(skb)->pkt_type);
317 if (nskb) {
318 __skb_queue_tail(&bcsp->unack, skb);
319 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
320 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
321 return nskb;
322 } else {
323 skb_queue_head(&bcsp->rel, skb);
324 BT_ERR("Could not dequeue pkt because alloc_skb failed");
325 }
326 }
327 }
328
329 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
330
331 /* We could not send a reliable packet, either because there are
332 none or because there are too many unack'ed pkts. Did we receive
333 any packets we have not acknowledged yet ? */
334
335 if (bcsp->txack_req) {
336 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
337 channel 0 */
338 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
339 return nskb;
340 }
341
342 /* We have nothing to send */
343 return NULL;
344}
345
346static int bcsp_flush(struct hci_uart *hu)
347{
348 BT_DBG("hu %p", hu);
349 return 0;
350}
351
352/* Remove ack'ed packets */
353static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
354{
355 struct sk_buff *skb, *tmp;
356 unsigned long flags;
357 int i, pkts_to_be_removed;
358 u8 seqno;
359
360 spin_lock_irqsave(&bcsp->unack.lock, flags);
361
362 pkts_to_be_removed = skb_queue_len(&bcsp->unack);
363 seqno = bcsp->msgq_txseq;
364
365 while (pkts_to_be_removed) {
366 if (bcsp->rxack == seqno)
367 break;
368 pkts_to_be_removed--;
369 seqno = (seqno - 1) & 0x07;
370 }
371
372 if (bcsp->rxack != seqno)
373 BT_ERR("Peer acked invalid packet");
374
375 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
376 pkts_to_be_removed, skb_queue_len(&bcsp->unack),
377 (seqno - 1) & 0x07);
378
379 i = 0;
380 skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
381 if (i >= pkts_to_be_removed)
382 break;
383 i++;
384
385 __skb_unlink(skb, &bcsp->unack);
386 kfree_skb(skb);
387 }
388
389 if (skb_queue_empty(&bcsp->unack))
390 del_timer(&bcsp->tbcsp);
391
392 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
393
394 if (i != pkts_to_be_removed)
395 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
396}
397
398/* Handle BCSP link-establishment packets. When we
399 detect a "sync" packet, symptom that the BT module has reset,
400 we do nothing :) (yet) */
401static void bcsp_handle_le_pkt(struct hci_uart *hu)
402{
403 struct bcsp_struct *bcsp = hu->priv;
404 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
405 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
406 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
407
408 /* spot "conf" pkts and reply with a "conf rsp" pkt */
409 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
410 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
411 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
412
413 BT_DBG("Found a LE conf pkt");
414 if (!nskb)
415 return;
416 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
417 bt_cb(nskb)->pkt_type = BCSP_LE_PKT;
418
419 skb_queue_head(&bcsp->unrel, nskb);
420 hci_uart_tx_wakeup(hu);
421 }
422 /* Spot "sync" pkts. If we find one...disaster! */
423 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
424 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
425 BT_ERR("Found a LE sync pkt, card has reset");
426 }
427}
428
429static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
430{
431 const u8 c0 = 0xc0, db = 0xdb;
432
433 switch (bcsp->rx_esc_state) {
434 case BCSP_ESCSTATE_NOESC:
435 switch (byte) {
436 case 0xdb:
437 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
438 break;
439 default:
440 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
441 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
442 bcsp->rx_state != BCSP_W4_CRC)
443 bcsp_crc_update(&bcsp->message_crc, byte);
444 bcsp->rx_count--;
445 }
446 break;
447
448 case BCSP_ESCSTATE_ESC:
449 switch (byte) {
450 case 0xdc:
451 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
452 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
453 bcsp->rx_state != BCSP_W4_CRC)
454 bcsp_crc_update(&bcsp-> message_crc, 0xc0);
455 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
456 bcsp->rx_count--;
457 break;
458
459 case 0xdd:
460 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
461 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
462 bcsp->rx_state != BCSP_W4_CRC)
463 bcsp_crc_update(&bcsp-> message_crc, 0xdb);
464 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
465 bcsp->rx_count--;
466 break;
467
468 default:
469 BT_ERR ("Invalid byte %02x after esc byte", byte);
470 kfree_skb(bcsp->rx_skb);
471 bcsp->rx_skb = NULL;
472 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
473 bcsp->rx_count = 0;
474 }
475 }
476}
477
478static void bcsp_complete_rx_pkt(struct hci_uart *hu)
479{
480 struct bcsp_struct *bcsp = hu->priv;
481 int pass_up;
482
483 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
484 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
485 bcsp->rxseq_txack++;
486 bcsp->rxseq_txack %= 0x8;
487 bcsp->txack_req = 1;
488
489 /* If needed, transmit an ack pkt */
490 hci_uart_tx_wakeup(hu);
491 }
492
493 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
494 BT_DBG("Request for pkt %u from card", bcsp->rxack);
495
496 bcsp_pkt_cull(bcsp);
497 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
498 bcsp->rx_skb->data[0] & 0x80) {
499 bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT;
500 pass_up = 1;
501 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
502 bcsp->rx_skb->data[0] & 0x80) {
503 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
504 pass_up = 1;
505 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
506 bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT;
507 pass_up = 1;
508 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
509 !(bcsp->rx_skb->data[0] & 0x80)) {
510 bcsp_handle_le_pkt(hu);
511 pass_up = 0;
512 } else
513 pass_up = 0;
514
515 if (!pass_up) {
516 struct hci_event_hdr hdr;
517 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
518
519 if (desc != 0 && desc != 1) {
520 if (hciextn) {
521 desc |= 0xc0;
522 skb_pull(bcsp->rx_skb, 4);
523 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
524
525 hdr.evt = 0xff;
526 hdr.plen = bcsp->rx_skb->len;
527 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
528 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
529
530 hci_recv_frame(hu->hdev, bcsp->rx_skb);
531 } else {
532 BT_ERR ("Packet for unknown channel (%u %s)",
533 bcsp->rx_skb->data[1] & 0x0f,
534 bcsp->rx_skb->data[0] & 0x80 ?
535 "reliable" : "unreliable");
536 kfree_skb(bcsp->rx_skb);
537 }
538 } else
539 kfree_skb(bcsp->rx_skb);
540 } else {
541 /* Pull out BCSP hdr */
542 skb_pull(bcsp->rx_skb, 4);
543
544 hci_recv_frame(hu->hdev, bcsp->rx_skb);
545 }
546
547 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
548 bcsp->rx_skb = NULL;
549}
550
551static u16 bscp_get_crc(struct bcsp_struct *bcsp)
552{
553 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
554}
555
556/* Recv data */
557static int bcsp_recv(struct hci_uart *hu, void *data, int count)
558{
559 struct bcsp_struct *bcsp = hu->priv;
560 unsigned char *ptr;
561
562 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
563 hu, count, bcsp->rx_state, bcsp->rx_count);
564
565 ptr = data;
566 while (count) {
567 if (bcsp->rx_count) {
568 if (*ptr == 0xc0) {
569 BT_ERR("Short BCSP packet");
570 kfree_skb(bcsp->rx_skb);
571 bcsp->rx_state = BCSP_W4_PKT_START;
572 bcsp->rx_count = 0;
573 } else
574 bcsp_unslip_one_byte(bcsp, *ptr);
575
576 ptr++; count--;
577 continue;
578 }
579
580 switch (bcsp->rx_state) {
581 case BCSP_W4_BCSP_HDR:
582 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
583 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
584 BT_ERR("Error in BCSP hdr checksum");
585 kfree_skb(bcsp->rx_skb);
586 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
587 bcsp->rx_count = 0;
588 continue;
589 }
590 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */
591 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
592 BT_ERR ("Out-of-order packet arrived, got %u expected %u",
593 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
594
595 kfree_skb(bcsp->rx_skb);
596 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
597 bcsp->rx_count = 0;
598 continue;
599 }
600 bcsp->rx_state = BCSP_W4_DATA;
601 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
602 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
603 continue;
604
605 case BCSP_W4_DATA:
606 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
607 bcsp->rx_state = BCSP_W4_CRC;
608 bcsp->rx_count = 2;
609 } else
610 bcsp_complete_rx_pkt(hu);
611 continue;
612
613 case BCSP_W4_CRC:
614 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
615 BT_ERR ("Checksum failed: computed %04x received %04x",
616 bitrev16(bcsp->message_crc),
617 bscp_get_crc(bcsp));
618
619 kfree_skb(bcsp->rx_skb);
620 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
621 bcsp->rx_count = 0;
622 continue;
623 }
624 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
625 bcsp_complete_rx_pkt(hu);
626 continue;
627
628 case BCSP_W4_PKT_DELIMITER:
629 switch (*ptr) {
630 case 0xc0:
631 bcsp->rx_state = BCSP_W4_PKT_START;
632 break;
633 default:
634 /*BT_ERR("Ignoring byte %02x", *ptr);*/
635 break;
636 }
637 ptr++; count--;
638 break;
639
640 case BCSP_W4_PKT_START:
641 switch (*ptr) {
642 case 0xc0:
643 ptr++; count--;
644 break;
645
646 default:
647 bcsp->rx_state = BCSP_W4_BCSP_HDR;
648 bcsp->rx_count = 4;
649 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
650 BCSP_CRC_INIT(bcsp->message_crc);
651
652 /* Do not increment ptr or decrement count
653 * Allocate packet. Max len of a BCSP pkt=
654 * 0xFFF (payload) +4 (header) +2 (crc) */
655
656 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
657 if (!bcsp->rx_skb) {
658 BT_ERR("Can't allocate mem for new packet");
659 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
660 bcsp->rx_count = 0;
661 return 0;
662 }
663 break;
664 }
665 break;
666 }
667 }
668 return count;
669}
670
671 /* Arrange to retransmit all messages in the relq. */
672static void bcsp_timed_event(unsigned long arg)
673{
674 struct hci_uart *hu = (struct hci_uart *) arg;
675 struct bcsp_struct *bcsp = hu->priv;
676 struct sk_buff *skb;
677 unsigned long flags;
678
679 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
680
681 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
682
683 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
684 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
685 skb_queue_head(&bcsp->rel, skb);
686 }
687
688 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
689
690 hci_uart_tx_wakeup(hu);
691}
692
693static int bcsp_open(struct hci_uart *hu)
694{
695 struct bcsp_struct *bcsp;
696
697 BT_DBG("hu %p", hu);
698
699 bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
700 if (!bcsp)
701 return -ENOMEM;
702
703 hu->priv = bcsp;
704 skb_queue_head_init(&bcsp->unack);
705 skb_queue_head_init(&bcsp->rel);
706 skb_queue_head_init(&bcsp->unrel);
707
708 init_timer(&bcsp->tbcsp);
709 bcsp->tbcsp.function = bcsp_timed_event;
710 bcsp->tbcsp.data = (u_long) hu;
711
712 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
713
714 if (txcrc)
715 bcsp->use_crc = 1;
716
717 return 0;
718}
719
720static int bcsp_close(struct hci_uart *hu)
721{
722 struct bcsp_struct *bcsp = hu->priv;
723
724 del_timer_sync(&bcsp->tbcsp);
725
726 hu->priv = NULL;
727
728 BT_DBG("hu %p", hu);
729
730 skb_queue_purge(&bcsp->unack);
731 skb_queue_purge(&bcsp->rel);
732 skb_queue_purge(&bcsp->unrel);
733
734 kfree(bcsp);
735 return 0;
736}
737
738static struct hci_uart_proto bcsp = {
739 .id = HCI_UART_BCSP,
740 .open = bcsp_open,
741 .close = bcsp_close,
742 .enqueue = bcsp_enqueue,
743 .dequeue = bcsp_dequeue,
744 .recv = bcsp_recv,
745 .flush = bcsp_flush
746};
747
748int __init bcsp_init(void)
749{
750 int err = hci_uart_register_proto(&bcsp);
751
752 if (!err)
753 BT_INFO("HCI BCSP protocol initialized");
754 else
755 BT_ERR("HCI BCSP protocol registration failed");
756
757 return err;
758}
759
760int __exit bcsp_deinit(void)
761{
762 return hci_uart_unregister_proto(&bcsp);
763}
764
765module_param(txcrc, bool, 0644);
766MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
767
768module_param(hciextn, bool, 0644);
769MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");