Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 *
4 * Bluetooth HCI Three-wire UART driver
5 *
6 * Copyright (C) 2012 Intel Corporation
7 */
8
9#include <linux/acpi.h>
10#include <linux/errno.h>
11#include <linux/gpio/consumer.h>
12#include <linux/kernel.h>
13#include <linux/mod_devicetable.h>
14#include <linux/of.h>
15#include <linux/pm_runtime.h>
16#include <linux/serdev.h>
17#include <linux/skbuff.h>
18
19#include <net/bluetooth/bluetooth.h>
20#include <net/bluetooth/hci_core.h>
21
22#include "btrtl.h"
23#include "hci_uart.h"
24
25#define SUSPEND_TIMEOUT_MS 6000
26
27#define HCI_3WIRE_ACK_PKT 0
28#define HCI_3WIRE_LINK_PKT 15
29
30/* Sliding window size */
31#define H5_TX_WIN_MAX 4
32
33#define H5_ACK_TIMEOUT msecs_to_jiffies(250)
34#define H5_SYNC_TIMEOUT msecs_to_jiffies(100)
35
36/*
37 * Maximum Three-wire packet:
38 * 4 byte header + max value for 12-bit length + 2 bytes for CRC
39 */
40#define H5_MAX_LEN (4 + 0xfff + 2)
41
42/* Convenience macros for reading Three-wire header values */
43#define H5_HDR_SEQ(hdr) ((hdr)[0] & 0x07)
44#define H5_HDR_ACK(hdr) (((hdr)[0] >> 3) & 0x07)
45#define H5_HDR_CRC(hdr) (((hdr)[0] >> 6) & 0x01)
46#define H5_HDR_RELIABLE(hdr) (((hdr)[0] >> 7) & 0x01)
47#define H5_HDR_PKT_TYPE(hdr) ((hdr)[1] & 0x0f)
48#define H5_HDR_LEN(hdr) ((((hdr)[1] >> 4) & 0x0f) + ((hdr)[2] << 4))
49
50#define SLIP_DELIMITER 0xc0
51#define SLIP_ESC 0xdb
52#define SLIP_ESC_DELIM 0xdc
53#define SLIP_ESC_ESC 0xdd
54
55/* H5 state flags */
56enum {
57 H5_RX_ESC, /* SLIP escape mode */
58 H5_TX_ACK_REQ, /* Pending ack to send */
59 H5_WAKEUP_DISABLE, /* Device cannot wake host */
60 H5_HW_FLOW_CONTROL, /* Use HW flow control */
61};
62
63struct h5 {
64 /* Must be the first member, hci_serdev.c expects this. */
65 struct hci_uart serdev_hu;
66
67 struct sk_buff_head unack; /* Unack'ed packets queue */
68 struct sk_buff_head rel; /* Reliable packets queue */
69 struct sk_buff_head unrel; /* Unreliable packets queue */
70
71 unsigned long flags;
72
73 struct sk_buff *rx_skb; /* Receive buffer */
74 size_t rx_pending; /* Expecting more bytes */
75 u8 rx_ack; /* Last ack number received */
76
77 int (*rx_func)(struct hci_uart *hu, u8 c);
78
79 struct timer_list timer; /* Retransmission timer */
80 struct hci_uart *hu; /* Parent HCI UART */
81
82 u8 tx_seq; /* Next seq number to send */
83 u8 tx_ack; /* Next ack number to send */
84 u8 tx_win; /* Sliding window size */
85
86 enum {
87 H5_UNINITIALIZED,
88 H5_INITIALIZED,
89 H5_ACTIVE,
90 } state;
91
92 enum {
93 H5_AWAKE,
94 H5_SLEEPING,
95 H5_WAKING_UP,
96 } sleep;
97
98 const struct h5_vnd *vnd;
99 const char *id;
100
101 struct gpio_desc *enable_gpio;
102 struct gpio_desc *device_wake_gpio;
103};
104
105enum h5_driver_info {
106 H5_INFO_WAKEUP_DISABLE = BIT(0),
107};
108
109struct h5_vnd {
110 int (*setup)(struct h5 *h5);
111 void (*open)(struct h5 *h5);
112 void (*close)(struct h5 *h5);
113 int (*suspend)(struct h5 *h5);
114 int (*resume)(struct h5 *h5);
115 const struct acpi_gpio_mapping *acpi_gpio_map;
116 int sizeof_priv;
117};
118
119struct h5_device_data {
120 uint32_t driver_info;
121 struct h5_vnd *vnd;
122};
123
124static void h5_reset_rx(struct h5 *h5);
125
126static void h5_link_control(struct hci_uart *hu, const void *data, size_t len)
127{
128 struct h5 *h5 = hu->priv;
129 struct sk_buff *nskb;
130
131 nskb = alloc_skb(3, GFP_ATOMIC);
132 if (!nskb)
133 return;
134
135 hci_skb_pkt_type(nskb) = HCI_3WIRE_LINK_PKT;
136
137 skb_put_data(nskb, data, len);
138
139 skb_queue_tail(&h5->unrel, nskb);
140}
141
142static u8 h5_cfg_field(struct h5 *h5)
143{
144 /* Sliding window size (first 3 bits) */
145 return h5->tx_win & 0x07;
146}
147
148static void h5_timed_event(struct timer_list *t)
149{
150 const unsigned char sync_req[] = { 0x01, 0x7e };
151 unsigned char conf_req[3] = { 0x03, 0xfc };
152 struct h5 *h5 = from_timer(h5, t, timer);
153 struct hci_uart *hu = h5->hu;
154 struct sk_buff *skb;
155 unsigned long flags;
156
157 BT_DBG("%s", hu->hdev->name);
158
159 if (h5->state == H5_UNINITIALIZED)
160 h5_link_control(hu, sync_req, sizeof(sync_req));
161
162 if (h5->state == H5_INITIALIZED) {
163 conf_req[2] = h5_cfg_field(h5);
164 h5_link_control(hu, conf_req, sizeof(conf_req));
165 }
166
167 if (h5->state != H5_ACTIVE) {
168 mod_timer(&h5->timer, jiffies + H5_SYNC_TIMEOUT);
169 goto wakeup;
170 }
171
172 if (h5->sleep != H5_AWAKE) {
173 h5->sleep = H5_SLEEPING;
174 goto wakeup;
175 }
176
177 BT_DBG("hu %p retransmitting %u pkts", hu, h5->unack.qlen);
178
179 spin_lock_irqsave_nested(&h5->unack.lock, flags, SINGLE_DEPTH_NESTING);
180
181 while ((skb = __skb_dequeue_tail(&h5->unack)) != NULL) {
182 h5->tx_seq = (h5->tx_seq - 1) & 0x07;
183 skb_queue_head(&h5->rel, skb);
184 }
185
186 spin_unlock_irqrestore(&h5->unack.lock, flags);
187
188wakeup:
189 hci_uart_tx_wakeup(hu);
190}
191
192static void h5_peer_reset(struct hci_uart *hu)
193{
194 struct h5 *h5 = hu->priv;
195
196 bt_dev_err(hu->hdev, "Peer device has reset");
197
198 h5->state = H5_UNINITIALIZED;
199
200 del_timer(&h5->timer);
201
202 skb_queue_purge(&h5->rel);
203 skb_queue_purge(&h5->unrel);
204 skb_queue_purge(&h5->unack);
205
206 h5->tx_seq = 0;
207 h5->tx_ack = 0;
208
209 /* Send reset request to upper stack */
210 hci_reset_dev(hu->hdev);
211}
212
213static int h5_open(struct hci_uart *hu)
214{
215 struct h5 *h5;
216 const unsigned char sync[] = { 0x01, 0x7e };
217
218 BT_DBG("hu %p", hu);
219
220 if (hu->serdev) {
221 h5 = serdev_device_get_drvdata(hu->serdev);
222 } else {
223 h5 = kzalloc(sizeof(*h5), GFP_KERNEL);
224 if (!h5)
225 return -ENOMEM;
226 }
227
228 hu->priv = h5;
229 h5->hu = hu;
230
231 skb_queue_head_init(&h5->unack);
232 skb_queue_head_init(&h5->rel);
233 skb_queue_head_init(&h5->unrel);
234
235 h5_reset_rx(h5);
236
237 timer_setup(&h5->timer, h5_timed_event, 0);
238
239 h5->tx_win = H5_TX_WIN_MAX;
240
241 if (h5->vnd && h5->vnd->open)
242 h5->vnd->open(h5);
243
244 set_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags);
245
246 /* Send initial sync request */
247 h5_link_control(hu, sync, sizeof(sync));
248 mod_timer(&h5->timer, jiffies + H5_SYNC_TIMEOUT);
249
250 return 0;
251}
252
253static int h5_close(struct hci_uart *hu)
254{
255 struct h5 *h5 = hu->priv;
256
257 del_timer_sync(&h5->timer);
258
259 skb_queue_purge(&h5->unack);
260 skb_queue_purge(&h5->rel);
261 skb_queue_purge(&h5->unrel);
262
263 kfree_skb(h5->rx_skb);
264 h5->rx_skb = NULL;
265
266 if (h5->vnd && h5->vnd->close)
267 h5->vnd->close(h5);
268
269 if (!hu->serdev)
270 kfree(h5);
271
272 return 0;
273}
274
275static int h5_setup(struct hci_uart *hu)
276{
277 struct h5 *h5 = hu->priv;
278
279 if (h5->vnd && h5->vnd->setup)
280 return h5->vnd->setup(h5);
281
282 return 0;
283}
284
285static void h5_pkt_cull(struct h5 *h5)
286{
287 struct sk_buff *skb, *tmp;
288 unsigned long flags;
289 int i, to_remove;
290 u8 seq;
291
292 spin_lock_irqsave(&h5->unack.lock, flags);
293
294 to_remove = skb_queue_len(&h5->unack);
295 if (to_remove == 0)
296 goto unlock;
297
298 seq = h5->tx_seq;
299
300 while (to_remove > 0) {
301 if (h5->rx_ack == seq)
302 break;
303
304 to_remove--;
305 seq = (seq - 1) & 0x07;
306 }
307
308 if (seq != h5->rx_ack)
309 BT_ERR("Controller acked invalid packet");
310
311 i = 0;
312 skb_queue_walk_safe(&h5->unack, skb, tmp) {
313 if (i++ >= to_remove)
314 break;
315
316 __skb_unlink(skb, &h5->unack);
317 dev_kfree_skb_irq(skb);
318 }
319
320 if (skb_queue_empty(&h5->unack))
321 del_timer(&h5->timer);
322
323unlock:
324 spin_unlock_irqrestore(&h5->unack.lock, flags);
325}
326
327static void h5_handle_internal_rx(struct hci_uart *hu)
328{
329 struct h5 *h5 = hu->priv;
330 const unsigned char sync_req[] = { 0x01, 0x7e };
331 const unsigned char sync_rsp[] = { 0x02, 0x7d };
332 unsigned char conf_req[3] = { 0x03, 0xfc };
333 const unsigned char conf_rsp[] = { 0x04, 0x7b };
334 const unsigned char wakeup_req[] = { 0x05, 0xfa };
335 const unsigned char woken_req[] = { 0x06, 0xf9 };
336 const unsigned char sleep_req[] = { 0x07, 0x78 };
337 const unsigned char *hdr = h5->rx_skb->data;
338 const unsigned char *data = &h5->rx_skb->data[4];
339
340 BT_DBG("%s", hu->hdev->name);
341
342 if (H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT)
343 return;
344
345 if (H5_HDR_LEN(hdr) < 2)
346 return;
347
348 conf_req[2] = h5_cfg_field(h5);
349
350 if (memcmp(data, sync_req, 2) == 0) {
351 if (h5->state == H5_ACTIVE)
352 h5_peer_reset(hu);
353 h5_link_control(hu, sync_rsp, 2);
354 } else if (memcmp(data, sync_rsp, 2) == 0) {
355 if (h5->state == H5_ACTIVE)
356 h5_peer_reset(hu);
357 h5->state = H5_INITIALIZED;
358 h5_link_control(hu, conf_req, 3);
359 } else if (memcmp(data, conf_req, 2) == 0) {
360 h5_link_control(hu, conf_rsp, 2);
361 h5_link_control(hu, conf_req, 3);
362 } else if (memcmp(data, conf_rsp, 2) == 0) {
363 if (H5_HDR_LEN(hdr) > 2)
364 h5->tx_win = (data[2] & 0x07);
365 BT_DBG("Three-wire init complete. tx_win %u", h5->tx_win);
366 h5->state = H5_ACTIVE;
367 hci_uart_init_ready(hu);
368 return;
369 } else if (memcmp(data, sleep_req, 2) == 0) {
370 BT_DBG("Peer went to sleep");
371 h5->sleep = H5_SLEEPING;
372 return;
373 } else if (memcmp(data, woken_req, 2) == 0) {
374 BT_DBG("Peer woke up");
375 h5->sleep = H5_AWAKE;
376 } else if (memcmp(data, wakeup_req, 2) == 0) {
377 BT_DBG("Peer requested wakeup");
378 h5_link_control(hu, woken_req, 2);
379 h5->sleep = H5_AWAKE;
380 } else {
381 BT_DBG("Link Control: 0x%02hhx 0x%02hhx", data[0], data[1]);
382 return;
383 }
384
385 hci_uart_tx_wakeup(hu);
386}
387
388static void h5_complete_rx_pkt(struct hci_uart *hu)
389{
390 struct h5 *h5 = hu->priv;
391 const unsigned char *hdr = h5->rx_skb->data;
392
393 if (H5_HDR_RELIABLE(hdr)) {
394 h5->tx_ack = (h5->tx_ack + 1) % 8;
395 set_bit(H5_TX_ACK_REQ, &h5->flags);
396 hci_uart_tx_wakeup(hu);
397 }
398
399 h5->rx_ack = H5_HDR_ACK(hdr);
400
401 h5_pkt_cull(h5);
402
403 switch (H5_HDR_PKT_TYPE(hdr)) {
404 case HCI_EVENT_PKT:
405 case HCI_ACLDATA_PKT:
406 case HCI_SCODATA_PKT:
407 case HCI_ISODATA_PKT:
408 hci_skb_pkt_type(h5->rx_skb) = H5_HDR_PKT_TYPE(hdr);
409
410 /* Remove Three-wire header */
411 skb_pull(h5->rx_skb, 4);
412
413 hci_recv_frame(hu->hdev, h5->rx_skb);
414 h5->rx_skb = NULL;
415
416 break;
417
418 default:
419 h5_handle_internal_rx(hu);
420 break;
421 }
422
423 h5_reset_rx(h5);
424}
425
426static int h5_rx_crc(struct hci_uart *hu, unsigned char c)
427{
428 h5_complete_rx_pkt(hu);
429
430 return 0;
431}
432
433static int h5_rx_payload(struct hci_uart *hu, unsigned char c)
434{
435 struct h5 *h5 = hu->priv;
436 const unsigned char *hdr = h5->rx_skb->data;
437
438 if (H5_HDR_CRC(hdr)) {
439 h5->rx_func = h5_rx_crc;
440 h5->rx_pending = 2;
441 } else {
442 h5_complete_rx_pkt(hu);
443 }
444
445 return 0;
446}
447
448static int h5_rx_3wire_hdr(struct hci_uart *hu, unsigned char c)
449{
450 struct h5 *h5 = hu->priv;
451 const unsigned char *hdr = h5->rx_skb->data;
452
453 BT_DBG("%s rx: seq %u ack %u crc %u rel %u type %u len %u",
454 hu->hdev->name, H5_HDR_SEQ(hdr), H5_HDR_ACK(hdr),
455 H5_HDR_CRC(hdr), H5_HDR_RELIABLE(hdr), H5_HDR_PKT_TYPE(hdr),
456 H5_HDR_LEN(hdr));
457
458 if (((hdr[0] + hdr[1] + hdr[2] + hdr[3]) & 0xff) != 0xff) {
459 bt_dev_err(hu->hdev, "Invalid header checksum");
460 h5_reset_rx(h5);
461 return 0;
462 }
463
464 if (H5_HDR_RELIABLE(hdr) && H5_HDR_SEQ(hdr) != h5->tx_ack) {
465 bt_dev_err(hu->hdev, "Out-of-order packet arrived (%u != %u)",
466 H5_HDR_SEQ(hdr), h5->tx_ack);
467 set_bit(H5_TX_ACK_REQ, &h5->flags);
468 hci_uart_tx_wakeup(hu);
469 h5_reset_rx(h5);
470 return 0;
471 }
472
473 if (h5->state != H5_ACTIVE &&
474 H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT) {
475 bt_dev_err(hu->hdev, "Non-link packet received in non-active state");
476 h5_reset_rx(h5);
477 return 0;
478 }
479
480 h5->rx_func = h5_rx_payload;
481 h5->rx_pending = H5_HDR_LEN(hdr);
482
483 return 0;
484}
485
486static int h5_rx_pkt_start(struct hci_uart *hu, unsigned char c)
487{
488 struct h5 *h5 = hu->priv;
489
490 if (c == SLIP_DELIMITER)
491 return 1;
492
493 h5->rx_func = h5_rx_3wire_hdr;
494 h5->rx_pending = 4;
495
496 h5->rx_skb = bt_skb_alloc(H5_MAX_LEN, GFP_ATOMIC);
497 if (!h5->rx_skb) {
498 bt_dev_err(hu->hdev, "Can't allocate mem for new packet");
499 h5_reset_rx(h5);
500 return -ENOMEM;
501 }
502
503 h5->rx_skb->dev = (void *)hu->hdev;
504
505 return 0;
506}
507
508static int h5_rx_delimiter(struct hci_uart *hu, unsigned char c)
509{
510 struct h5 *h5 = hu->priv;
511
512 if (c == SLIP_DELIMITER)
513 h5->rx_func = h5_rx_pkt_start;
514
515 return 1;
516}
517
518static void h5_unslip_one_byte(struct h5 *h5, unsigned char c)
519{
520 const u8 delim = SLIP_DELIMITER, esc = SLIP_ESC;
521 const u8 *byte = &c;
522
523 if (!test_bit(H5_RX_ESC, &h5->flags) && c == SLIP_ESC) {
524 set_bit(H5_RX_ESC, &h5->flags);
525 return;
526 }
527
528 if (test_and_clear_bit(H5_RX_ESC, &h5->flags)) {
529 switch (c) {
530 case SLIP_ESC_DELIM:
531 byte = &delim;
532 break;
533 case SLIP_ESC_ESC:
534 byte = &esc;
535 break;
536 default:
537 BT_ERR("Invalid esc byte 0x%02hhx", c);
538 h5_reset_rx(h5);
539 return;
540 }
541 }
542
543 skb_put_data(h5->rx_skb, byte, 1);
544 h5->rx_pending--;
545
546 BT_DBG("unslipped 0x%02hhx, rx_pending %zu", *byte, h5->rx_pending);
547}
548
549static void h5_reset_rx(struct h5 *h5)
550{
551 if (h5->rx_skb) {
552 kfree_skb(h5->rx_skb);
553 h5->rx_skb = NULL;
554 }
555
556 h5->rx_func = h5_rx_delimiter;
557 h5->rx_pending = 0;
558 clear_bit(H5_RX_ESC, &h5->flags);
559}
560
561static int h5_recv(struct hci_uart *hu, const void *data, int count)
562{
563 struct h5 *h5 = hu->priv;
564 const unsigned char *ptr = data;
565
566 BT_DBG("%s pending %zu count %d", hu->hdev->name, h5->rx_pending,
567 count);
568
569 while (count > 0) {
570 int processed;
571
572 if (h5->rx_pending > 0) {
573 if (*ptr == SLIP_DELIMITER) {
574 bt_dev_err(hu->hdev, "Too short H5 packet");
575 h5_reset_rx(h5);
576 continue;
577 }
578
579 h5_unslip_one_byte(h5, *ptr);
580
581 ptr++; count--;
582 continue;
583 }
584
585 processed = h5->rx_func(hu, *ptr);
586 if (processed < 0)
587 return processed;
588
589 ptr += processed;
590 count -= processed;
591 }
592
593 if (hu->serdev) {
594 pm_runtime_get(&hu->serdev->dev);
595 pm_runtime_mark_last_busy(&hu->serdev->dev);
596 pm_runtime_put_autosuspend(&hu->serdev->dev);
597 }
598
599 return 0;
600}
601
602static int h5_enqueue(struct hci_uart *hu, struct sk_buff *skb)
603{
604 struct h5 *h5 = hu->priv;
605
606 if (skb->len > 0xfff) {
607 bt_dev_err(hu->hdev, "Packet too long (%u bytes)", skb->len);
608 kfree_skb(skb);
609 return 0;
610 }
611
612 if (h5->state != H5_ACTIVE) {
613 bt_dev_err(hu->hdev, "Ignoring HCI data in non-active state");
614 kfree_skb(skb);
615 return 0;
616 }
617
618 switch (hci_skb_pkt_type(skb)) {
619 case HCI_ACLDATA_PKT:
620 case HCI_COMMAND_PKT:
621 skb_queue_tail(&h5->rel, skb);
622 break;
623
624 case HCI_SCODATA_PKT:
625 case HCI_ISODATA_PKT:
626 skb_queue_tail(&h5->unrel, skb);
627 break;
628
629 default:
630 bt_dev_err(hu->hdev, "Unknown packet type %u", hci_skb_pkt_type(skb));
631 kfree_skb(skb);
632 break;
633 }
634
635 if (hu->serdev) {
636 pm_runtime_get_sync(&hu->serdev->dev);
637 pm_runtime_mark_last_busy(&hu->serdev->dev);
638 pm_runtime_put_autosuspend(&hu->serdev->dev);
639 }
640
641 return 0;
642}
643
644static void h5_slip_delim(struct sk_buff *skb)
645{
646 const char delim = SLIP_DELIMITER;
647
648 skb_put_data(skb, &delim, 1);
649}
650
651static void h5_slip_one_byte(struct sk_buff *skb, u8 c)
652{
653 const char esc_delim[2] = { SLIP_ESC, SLIP_ESC_DELIM };
654 const char esc_esc[2] = { SLIP_ESC, SLIP_ESC_ESC };
655
656 switch (c) {
657 case SLIP_DELIMITER:
658 skb_put_data(skb, &esc_delim, 2);
659 break;
660 case SLIP_ESC:
661 skb_put_data(skb, &esc_esc, 2);
662 break;
663 default:
664 skb_put_data(skb, &c, 1);
665 }
666}
667
668static bool valid_packet_type(u8 type)
669{
670 switch (type) {
671 case HCI_ACLDATA_PKT:
672 case HCI_COMMAND_PKT:
673 case HCI_SCODATA_PKT:
674 case HCI_ISODATA_PKT:
675 case HCI_3WIRE_LINK_PKT:
676 case HCI_3WIRE_ACK_PKT:
677 return true;
678 default:
679 return false;
680 }
681}
682
683static struct sk_buff *h5_prepare_pkt(struct hci_uart *hu, u8 pkt_type,
684 const u8 *data, size_t len)
685{
686 struct h5 *h5 = hu->priv;
687 struct sk_buff *nskb;
688 u8 hdr[4];
689 int i;
690
691 if (!valid_packet_type(pkt_type)) {
692 bt_dev_err(hu->hdev, "Unknown packet type %u", pkt_type);
693 return NULL;
694 }
695
696 /*
697 * Max len of packet: (original len + 4 (H5 hdr) + 2 (crc)) * 2
698 * (because bytes 0xc0 and 0xdb are escaped, worst case is when
699 * the packet is all made of 0xc0 and 0xdb) + 2 (0xc0
700 * delimiters at start and end).
701 */
702 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
703 if (!nskb)
704 return NULL;
705
706 hci_skb_pkt_type(nskb) = pkt_type;
707
708 h5_slip_delim(nskb);
709
710 hdr[0] = h5->tx_ack << 3;
711 clear_bit(H5_TX_ACK_REQ, &h5->flags);
712
713 /* Reliable packet? */
714 if (pkt_type == HCI_ACLDATA_PKT || pkt_type == HCI_COMMAND_PKT) {
715 hdr[0] |= 1 << 7;
716 hdr[0] |= h5->tx_seq;
717 h5->tx_seq = (h5->tx_seq + 1) % 8;
718 }
719
720 hdr[1] = pkt_type | ((len & 0x0f) << 4);
721 hdr[2] = len >> 4;
722 hdr[3] = ~((hdr[0] + hdr[1] + hdr[2]) & 0xff);
723
724 BT_DBG("%s tx: seq %u ack %u crc %u rel %u type %u len %u",
725 hu->hdev->name, H5_HDR_SEQ(hdr), H5_HDR_ACK(hdr),
726 H5_HDR_CRC(hdr), H5_HDR_RELIABLE(hdr), H5_HDR_PKT_TYPE(hdr),
727 H5_HDR_LEN(hdr));
728
729 for (i = 0; i < 4; i++)
730 h5_slip_one_byte(nskb, hdr[i]);
731
732 for (i = 0; i < len; i++)
733 h5_slip_one_byte(nskb, data[i]);
734
735 h5_slip_delim(nskb);
736
737 return nskb;
738}
739
740static struct sk_buff *h5_dequeue(struct hci_uart *hu)
741{
742 struct h5 *h5 = hu->priv;
743 unsigned long flags;
744 struct sk_buff *skb, *nskb;
745
746 if (h5->sleep != H5_AWAKE) {
747 const unsigned char wakeup_req[] = { 0x05, 0xfa };
748
749 if (h5->sleep == H5_WAKING_UP)
750 return NULL;
751
752 h5->sleep = H5_WAKING_UP;
753 BT_DBG("Sending wakeup request");
754
755 mod_timer(&h5->timer, jiffies + HZ / 100);
756 return h5_prepare_pkt(hu, HCI_3WIRE_LINK_PKT, wakeup_req, 2);
757 }
758
759 skb = skb_dequeue(&h5->unrel);
760 if (skb) {
761 nskb = h5_prepare_pkt(hu, hci_skb_pkt_type(skb),
762 skb->data, skb->len);
763 if (nskb) {
764 kfree_skb(skb);
765 return nskb;
766 }
767
768 skb_queue_head(&h5->unrel, skb);
769 bt_dev_err(hu->hdev, "Could not dequeue pkt because alloc_skb failed");
770 }
771
772 spin_lock_irqsave_nested(&h5->unack.lock, flags, SINGLE_DEPTH_NESTING);
773
774 if (h5->unack.qlen >= h5->tx_win)
775 goto unlock;
776
777 skb = skb_dequeue(&h5->rel);
778 if (skb) {
779 nskb = h5_prepare_pkt(hu, hci_skb_pkt_type(skb),
780 skb->data, skb->len);
781 if (nskb) {
782 __skb_queue_tail(&h5->unack, skb);
783 mod_timer(&h5->timer, jiffies + H5_ACK_TIMEOUT);
784 spin_unlock_irqrestore(&h5->unack.lock, flags);
785 return nskb;
786 }
787
788 skb_queue_head(&h5->rel, skb);
789 bt_dev_err(hu->hdev, "Could not dequeue pkt because alloc_skb failed");
790 }
791
792unlock:
793 spin_unlock_irqrestore(&h5->unack.lock, flags);
794
795 if (test_bit(H5_TX_ACK_REQ, &h5->flags))
796 return h5_prepare_pkt(hu, HCI_3WIRE_ACK_PKT, NULL, 0);
797
798 return NULL;
799}
800
801static int h5_flush(struct hci_uart *hu)
802{
803 BT_DBG("hu %p", hu);
804 return 0;
805}
806
807static const struct hci_uart_proto h5p = {
808 .id = HCI_UART_3WIRE,
809 .name = "Three-wire (H5)",
810 .open = h5_open,
811 .close = h5_close,
812 .setup = h5_setup,
813 .recv = h5_recv,
814 .enqueue = h5_enqueue,
815 .dequeue = h5_dequeue,
816 .flush = h5_flush,
817};
818
819static int h5_serdev_probe(struct serdev_device *serdev)
820{
821 struct device *dev = &serdev->dev;
822 struct h5 *h5;
823 const struct h5_device_data *data;
824
825 h5 = devm_kzalloc(dev, sizeof(*h5), GFP_KERNEL);
826 if (!h5)
827 return -ENOMEM;
828
829 h5->hu = &h5->serdev_hu;
830 h5->serdev_hu.serdev = serdev;
831 serdev_device_set_drvdata(serdev, h5);
832
833 if (has_acpi_companion(dev)) {
834 const struct acpi_device_id *match;
835
836 match = acpi_match_device(dev->driver->acpi_match_table, dev);
837 if (!match)
838 return -ENODEV;
839
840 data = (const struct h5_device_data *)match->driver_data;
841 h5->vnd = data->vnd;
842 h5->id = (char *)match->id;
843
844 if (h5->vnd->acpi_gpio_map)
845 devm_acpi_dev_add_driver_gpios(dev,
846 h5->vnd->acpi_gpio_map);
847 } else {
848 data = of_device_get_match_data(dev);
849 if (!data)
850 return -ENODEV;
851
852 h5->vnd = data->vnd;
853 }
854
855 if (data->driver_info & H5_INFO_WAKEUP_DISABLE)
856 set_bit(H5_WAKEUP_DISABLE, &h5->flags);
857
858 h5->enable_gpio = devm_gpiod_get_optional(dev, "enable", GPIOD_OUT_LOW);
859 if (IS_ERR(h5->enable_gpio))
860 return PTR_ERR(h5->enable_gpio);
861
862 h5->device_wake_gpio = devm_gpiod_get_optional(dev, "device-wake",
863 GPIOD_OUT_LOW);
864 if (IS_ERR(h5->device_wake_gpio))
865 return PTR_ERR(h5->device_wake_gpio);
866
867 return hci_uart_register_device_priv(&h5->serdev_hu, &h5p,
868 h5->vnd->sizeof_priv);
869}
870
871static void h5_serdev_remove(struct serdev_device *serdev)
872{
873 struct h5 *h5 = serdev_device_get_drvdata(serdev);
874
875 hci_uart_unregister_device(&h5->serdev_hu);
876}
877
878static int __maybe_unused h5_serdev_suspend(struct device *dev)
879{
880 struct h5 *h5 = dev_get_drvdata(dev);
881 int ret = 0;
882
883 if (h5->vnd && h5->vnd->suspend)
884 ret = h5->vnd->suspend(h5);
885
886 return ret;
887}
888
889static int __maybe_unused h5_serdev_resume(struct device *dev)
890{
891 struct h5 *h5 = dev_get_drvdata(dev);
892 int ret = 0;
893
894 if (h5->vnd && h5->vnd->resume)
895 ret = h5->vnd->resume(h5);
896
897 return ret;
898}
899
900#ifdef CONFIG_BT_HCIUART_RTL
901static int h5_btrtl_setup(struct h5 *h5)
902{
903 struct btrtl_device_info *btrtl_dev;
904 struct sk_buff *skb;
905 __le32 baudrate_data;
906 u32 device_baudrate;
907 unsigned int controller_baudrate;
908 bool flow_control;
909 int err;
910
911 btrtl_dev = btrtl_initialize(h5->hu->hdev, h5->id);
912 if (IS_ERR(btrtl_dev))
913 return PTR_ERR(btrtl_dev);
914
915 err = btrtl_get_uart_settings(h5->hu->hdev, btrtl_dev,
916 &controller_baudrate, &device_baudrate,
917 &flow_control);
918 if (err)
919 goto out_free;
920
921 baudrate_data = cpu_to_le32(device_baudrate);
922 skb = __hci_cmd_sync(h5->hu->hdev, 0xfc17, sizeof(baudrate_data),
923 &baudrate_data, HCI_INIT_TIMEOUT);
924 if (IS_ERR(skb)) {
925 rtl_dev_err(h5->hu->hdev, "set baud rate command failed\n");
926 err = PTR_ERR(skb);
927 goto out_free;
928 } else {
929 kfree_skb(skb);
930 }
931 /* Give the device some time to set up the new baudrate. */
932 usleep_range(10000, 20000);
933
934 serdev_device_set_baudrate(h5->hu->serdev, controller_baudrate);
935 serdev_device_set_flow_control(h5->hu->serdev, flow_control);
936
937 if (flow_control)
938 set_bit(H5_HW_FLOW_CONTROL, &h5->flags);
939
940 err = btrtl_download_firmware(h5->hu->hdev, btrtl_dev);
941 /* Give the device some time before the hci-core sends it a reset */
942 usleep_range(10000, 20000);
943 if (err)
944 goto out_free;
945
946 btrtl_set_quirks(h5->hu->hdev, btrtl_dev);
947
948out_free:
949 btrtl_free(btrtl_dev);
950
951 return err;
952}
953
954static void h5_btrtl_open(struct h5 *h5)
955{
956 /*
957 * Since h5_btrtl_resume() does a device_reprobe() the suspend handling
958 * done by the hci_suspend_notifier is not necessary; it actually causes
959 * delays and a bunch of errors to get logged, so disable it.
960 */
961 if (test_bit(H5_WAKEUP_DISABLE, &h5->flags))
962 set_bit(HCI_UART_NO_SUSPEND_NOTIFIER, &h5->hu->flags);
963
964 /* Devices always start with these fixed parameters */
965 serdev_device_set_flow_control(h5->hu->serdev, false);
966 serdev_device_set_parity(h5->hu->serdev, SERDEV_PARITY_EVEN);
967 serdev_device_set_baudrate(h5->hu->serdev, 115200);
968
969 if (!test_bit(H5_WAKEUP_DISABLE, &h5->flags)) {
970 pm_runtime_set_active(&h5->hu->serdev->dev);
971 pm_runtime_use_autosuspend(&h5->hu->serdev->dev);
972 pm_runtime_set_autosuspend_delay(&h5->hu->serdev->dev,
973 SUSPEND_TIMEOUT_MS);
974 pm_runtime_enable(&h5->hu->serdev->dev);
975 }
976
977 /* The controller needs reset to startup */
978 gpiod_set_value_cansleep(h5->enable_gpio, 0);
979 gpiod_set_value_cansleep(h5->device_wake_gpio, 0);
980 msleep(100);
981
982 /* The controller needs up to 500ms to wakeup */
983 gpiod_set_value_cansleep(h5->enable_gpio, 1);
984 gpiod_set_value_cansleep(h5->device_wake_gpio, 1);
985 msleep(500);
986}
987
988static void h5_btrtl_close(struct h5 *h5)
989{
990 if (!test_bit(H5_WAKEUP_DISABLE, &h5->flags))
991 pm_runtime_disable(&h5->hu->serdev->dev);
992
993 gpiod_set_value_cansleep(h5->device_wake_gpio, 0);
994 gpiod_set_value_cansleep(h5->enable_gpio, 0);
995}
996
997/* Suspend/resume support. On many devices the RTL BT device loses power during
998 * suspend/resume, causing it to lose its firmware and all state. So we simply
999 * turn it off on suspend and reprobe on resume. This mirrors how RTL devices
1000 * are handled in the USB driver, where the BTUSB_WAKEUP_DISABLE is used which
1001 * also causes a reprobe on resume.
1002 */
1003static int h5_btrtl_suspend(struct h5 *h5)
1004{
1005 serdev_device_set_flow_control(h5->hu->serdev, false);
1006 gpiod_set_value_cansleep(h5->device_wake_gpio, 0);
1007
1008 if (test_bit(H5_WAKEUP_DISABLE, &h5->flags))
1009 gpiod_set_value_cansleep(h5->enable_gpio, 0);
1010
1011 return 0;
1012}
1013
1014struct h5_btrtl_reprobe {
1015 struct device *dev;
1016 struct work_struct work;
1017};
1018
1019static void h5_btrtl_reprobe_worker(struct work_struct *work)
1020{
1021 struct h5_btrtl_reprobe *reprobe =
1022 container_of(work, struct h5_btrtl_reprobe, work);
1023 int ret;
1024
1025 ret = device_reprobe(reprobe->dev);
1026 if (ret && ret != -EPROBE_DEFER)
1027 dev_err(reprobe->dev, "Reprobe error %d\n", ret);
1028
1029 put_device(reprobe->dev);
1030 kfree(reprobe);
1031 module_put(THIS_MODULE);
1032}
1033
1034static int h5_btrtl_resume(struct h5 *h5)
1035{
1036 if (test_bit(H5_WAKEUP_DISABLE, &h5->flags)) {
1037 struct h5_btrtl_reprobe *reprobe;
1038
1039 reprobe = kzalloc(sizeof(*reprobe), GFP_KERNEL);
1040 if (!reprobe)
1041 return -ENOMEM;
1042
1043 __module_get(THIS_MODULE);
1044
1045 INIT_WORK(&reprobe->work, h5_btrtl_reprobe_worker);
1046 reprobe->dev = get_device(&h5->hu->serdev->dev);
1047 queue_work(system_long_wq, &reprobe->work);
1048 } else {
1049 gpiod_set_value_cansleep(h5->device_wake_gpio, 1);
1050
1051 if (test_bit(H5_HW_FLOW_CONTROL, &h5->flags))
1052 serdev_device_set_flow_control(h5->hu->serdev, true);
1053 }
1054
1055 return 0;
1056}
1057
1058static const struct acpi_gpio_params btrtl_device_wake_gpios = { 0, 0, false };
1059static const struct acpi_gpio_params btrtl_enable_gpios = { 1, 0, false };
1060static const struct acpi_gpio_params btrtl_host_wake_gpios = { 2, 0, false };
1061static const struct acpi_gpio_mapping acpi_btrtl_gpios[] = {
1062 { "device-wake-gpios", &btrtl_device_wake_gpios, 1 },
1063 { "enable-gpios", &btrtl_enable_gpios, 1 },
1064 { "host-wake-gpios", &btrtl_host_wake_gpios, 1 },
1065 {},
1066};
1067
1068static struct h5_vnd rtl_vnd = {
1069 .setup = h5_btrtl_setup,
1070 .open = h5_btrtl_open,
1071 .close = h5_btrtl_close,
1072 .suspend = h5_btrtl_suspend,
1073 .resume = h5_btrtl_resume,
1074 .acpi_gpio_map = acpi_btrtl_gpios,
1075 .sizeof_priv = sizeof(struct btrealtek_data),
1076};
1077
1078static const struct h5_device_data h5_data_rtl8822cs = {
1079 .vnd = &rtl_vnd,
1080};
1081
1082static const struct h5_device_data h5_data_rtl8723bs = {
1083 .driver_info = H5_INFO_WAKEUP_DISABLE,
1084 .vnd = &rtl_vnd,
1085};
1086#endif
1087
1088#ifdef CONFIG_ACPI
1089static const struct acpi_device_id h5_acpi_match[] = {
1090#ifdef CONFIG_BT_HCIUART_RTL
1091 { "OBDA0623", (kernel_ulong_t)&h5_data_rtl8723bs },
1092 { "OBDA8723", (kernel_ulong_t)&h5_data_rtl8723bs },
1093#endif
1094 { },
1095};
1096MODULE_DEVICE_TABLE(acpi, h5_acpi_match);
1097#endif
1098
1099static const struct dev_pm_ops h5_serdev_pm_ops = {
1100 SET_SYSTEM_SLEEP_PM_OPS(h5_serdev_suspend, h5_serdev_resume)
1101 SET_RUNTIME_PM_OPS(h5_serdev_suspend, h5_serdev_resume, NULL)
1102};
1103
1104static const struct of_device_id rtl_bluetooth_of_match[] = {
1105#ifdef CONFIG_BT_HCIUART_RTL
1106 { .compatible = "realtek,rtl8822cs-bt",
1107 .data = (const void *)&h5_data_rtl8822cs },
1108 { .compatible = "realtek,rtl8723bs-bt",
1109 .data = (const void *)&h5_data_rtl8723bs },
1110 { .compatible = "realtek,rtl8723cs-bt",
1111 .data = (const void *)&h5_data_rtl8723bs },
1112 { .compatible = "realtek,rtl8723ds-bt",
1113 .data = (const void *)&h5_data_rtl8723bs },
1114#endif
1115 { },
1116};
1117MODULE_DEVICE_TABLE(of, rtl_bluetooth_of_match);
1118
1119static struct serdev_device_driver h5_serdev_driver = {
1120 .probe = h5_serdev_probe,
1121 .remove = h5_serdev_remove,
1122 .driver = {
1123 .name = "hci_uart_h5",
1124 .acpi_match_table = ACPI_PTR(h5_acpi_match),
1125 .pm = &h5_serdev_pm_ops,
1126 .of_match_table = rtl_bluetooth_of_match,
1127 },
1128};
1129
1130int __init h5_init(void)
1131{
1132 serdev_device_driver_register(&h5_serdev_driver);
1133 return hci_uart_register_proto(&h5p);
1134}
1135
1136int __exit h5_deinit(void)
1137{
1138 serdev_device_driver_unregister(&h5_serdev_driver);
1139 return hci_uart_unregister_proto(&h5p);
1140}
1/*
2 *
3 * Bluetooth HCI Three-wire UART driver
4 *
5 * Copyright (C) 2012 Intel Corporation
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24#include <linux/kernel.h>
25#include <linux/errno.h>
26#include <linux/skbuff.h>
27
28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30
31#include "hci_uart.h"
32
33#define HCI_3WIRE_ACK_PKT 0
34#define HCI_3WIRE_LINK_PKT 15
35
36/* Sliding window size */
37#define H5_TX_WIN_MAX 4
38
39#define H5_ACK_TIMEOUT msecs_to_jiffies(250)
40#define H5_SYNC_TIMEOUT msecs_to_jiffies(100)
41
42/*
43 * Maximum Three-wire packet:
44 * 4 byte header + max value for 12-bit length + 2 bytes for CRC
45 */
46#define H5_MAX_LEN (4 + 0xfff + 2)
47
48/* Convenience macros for reading Three-wire header values */
49#define H5_HDR_SEQ(hdr) ((hdr)[0] & 0x07)
50#define H5_HDR_ACK(hdr) (((hdr)[0] >> 3) & 0x07)
51#define H5_HDR_CRC(hdr) (((hdr)[0] >> 6) & 0x01)
52#define H5_HDR_RELIABLE(hdr) (((hdr)[0] >> 7) & 0x01)
53#define H5_HDR_PKT_TYPE(hdr) ((hdr)[1] & 0x0f)
54#define H5_HDR_LEN(hdr) ((((hdr)[1] >> 4) & 0xff) + ((hdr)[2] << 4))
55
56#define SLIP_DELIMITER 0xc0
57#define SLIP_ESC 0xdb
58#define SLIP_ESC_DELIM 0xdc
59#define SLIP_ESC_ESC 0xdd
60
61/* H5 state flags */
62enum {
63 H5_RX_ESC, /* SLIP escape mode */
64 H5_TX_ACK_REQ, /* Pending ack to send */
65};
66
67struct h5 {
68 struct sk_buff_head unack; /* Unack'ed packets queue */
69 struct sk_buff_head rel; /* Reliable packets queue */
70 struct sk_buff_head unrel; /* Unreliable packets queue */
71
72 unsigned long flags;
73
74 struct sk_buff *rx_skb; /* Receive buffer */
75 size_t rx_pending; /* Expecting more bytes */
76 u8 rx_ack; /* Last ack number received */
77
78 int (*rx_func) (struct hci_uart *hu, u8 c);
79
80 struct timer_list timer; /* Retransmission timer */
81
82 u8 tx_seq; /* Next seq number to send */
83 u8 tx_ack; /* Next ack number to send */
84 u8 tx_win; /* Sliding window size */
85
86 enum {
87 H5_UNINITIALIZED,
88 H5_INITIALIZED,
89 H5_ACTIVE,
90 } state;
91
92 enum {
93 H5_AWAKE,
94 H5_SLEEPING,
95 H5_WAKING_UP,
96 } sleep;
97};
98
99static void h5_reset_rx(struct h5 *h5);
100
101static void h5_link_control(struct hci_uart *hu, const void *data, size_t len)
102{
103 struct h5 *h5 = hu->priv;
104 struct sk_buff *nskb;
105
106 nskb = alloc_skb(3, GFP_ATOMIC);
107 if (!nskb)
108 return;
109
110 bt_cb(nskb)->pkt_type = HCI_3WIRE_LINK_PKT;
111
112 memcpy(skb_put(nskb, len), data, len);
113
114 skb_queue_tail(&h5->unrel, nskb);
115}
116
117static u8 h5_cfg_field(struct h5 *h5)
118{
119 u8 field = 0;
120
121 /* Sliding window size (first 3 bits) */
122 field |= (h5->tx_win & 7);
123
124 return field;
125}
126
127static void h5_timed_event(unsigned long arg)
128{
129 const unsigned char sync_req[] = { 0x01, 0x7e };
130 unsigned char conf_req[] = { 0x03, 0xfc, 0x01 };
131 struct hci_uart *hu = (struct hci_uart *) arg;
132 struct h5 *h5 = hu->priv;
133 struct sk_buff *skb;
134 unsigned long flags;
135
136 BT_DBG("%s", hu->hdev->name);
137
138 if (h5->state == H5_UNINITIALIZED)
139 h5_link_control(hu, sync_req, sizeof(sync_req));
140
141 if (h5->state == H5_INITIALIZED) {
142 conf_req[2] = h5_cfg_field(h5);
143 h5_link_control(hu, conf_req, sizeof(conf_req));
144 }
145
146 if (h5->state != H5_ACTIVE) {
147 mod_timer(&h5->timer, jiffies + H5_SYNC_TIMEOUT);
148 goto wakeup;
149 }
150
151 if (h5->sleep != H5_AWAKE) {
152 h5->sleep = H5_SLEEPING;
153 goto wakeup;
154 }
155
156 BT_DBG("hu %p retransmitting %u pkts", hu, h5->unack.qlen);
157
158 spin_lock_irqsave_nested(&h5->unack.lock, flags, SINGLE_DEPTH_NESTING);
159
160 while ((skb = __skb_dequeue_tail(&h5->unack)) != NULL) {
161 h5->tx_seq = (h5->tx_seq - 1) & 0x07;
162 skb_queue_head(&h5->rel, skb);
163 }
164
165 spin_unlock_irqrestore(&h5->unack.lock, flags);
166
167wakeup:
168 hci_uart_tx_wakeup(hu);
169}
170
171static int h5_open(struct hci_uart *hu)
172{
173 struct h5 *h5;
174 const unsigned char sync[] = { 0x01, 0x7e };
175
176 BT_DBG("hu %p", hu);
177
178 h5 = kzalloc(sizeof(*h5), GFP_KERNEL);
179 if (!h5)
180 return -ENOMEM;
181
182 hu->priv = h5;
183
184 skb_queue_head_init(&h5->unack);
185 skb_queue_head_init(&h5->rel);
186 skb_queue_head_init(&h5->unrel);
187
188 h5_reset_rx(h5);
189
190 init_timer(&h5->timer);
191 h5->timer.function = h5_timed_event;
192 h5->timer.data = (unsigned long) hu;
193
194 h5->tx_win = H5_TX_WIN_MAX;
195
196 set_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags);
197
198 /* Send initial sync request */
199 h5_link_control(hu, sync, sizeof(sync));
200 mod_timer(&h5->timer, jiffies + H5_SYNC_TIMEOUT);
201
202 return 0;
203}
204
205static int h5_close(struct hci_uart *hu)
206{
207 struct h5 *h5 = hu->priv;
208
209 del_timer_sync(&h5->timer);
210
211 skb_queue_purge(&h5->unack);
212 skb_queue_purge(&h5->rel);
213 skb_queue_purge(&h5->unrel);
214
215 kfree(h5);
216
217 return 0;
218}
219
220static void h5_pkt_cull(struct h5 *h5)
221{
222 struct sk_buff *skb, *tmp;
223 unsigned long flags;
224 int i, to_remove;
225 u8 seq;
226
227 spin_lock_irqsave(&h5->unack.lock, flags);
228
229 to_remove = skb_queue_len(&h5->unack);
230 if (to_remove == 0)
231 goto unlock;
232
233 seq = h5->tx_seq;
234
235 while (to_remove > 0) {
236 if (h5->rx_ack == seq)
237 break;
238
239 to_remove--;
240 seq = (seq - 1) % 8;
241 }
242
243 if (seq != h5->rx_ack)
244 BT_ERR("Controller acked invalid packet");
245
246 i = 0;
247 skb_queue_walk_safe(&h5->unack, skb, tmp) {
248 if (i++ >= to_remove)
249 break;
250
251 __skb_unlink(skb, &h5->unack);
252 kfree_skb(skb);
253 }
254
255 if (skb_queue_empty(&h5->unack))
256 del_timer(&h5->timer);
257
258unlock:
259 spin_unlock_irqrestore(&h5->unack.lock, flags);
260}
261
262static void h5_handle_internal_rx(struct hci_uart *hu)
263{
264 struct h5 *h5 = hu->priv;
265 const unsigned char sync_req[] = { 0x01, 0x7e };
266 const unsigned char sync_rsp[] = { 0x02, 0x7d };
267 unsigned char conf_req[] = { 0x03, 0xfc, 0x01 };
268 const unsigned char conf_rsp[] = { 0x04, 0x7b };
269 const unsigned char wakeup_req[] = { 0x05, 0xfa };
270 const unsigned char woken_req[] = { 0x06, 0xf9 };
271 const unsigned char sleep_req[] = { 0x07, 0x78 };
272 const unsigned char *hdr = h5->rx_skb->data;
273 const unsigned char *data = &h5->rx_skb->data[4];
274
275 BT_DBG("%s", hu->hdev->name);
276
277 if (H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT)
278 return;
279
280 if (H5_HDR_LEN(hdr) < 2)
281 return;
282
283 conf_req[2] = h5_cfg_field(h5);
284
285 if (memcmp(data, sync_req, 2) == 0) {
286 h5_link_control(hu, sync_rsp, 2);
287 } else if (memcmp(data, sync_rsp, 2) == 0) {
288 h5->state = H5_INITIALIZED;
289 h5_link_control(hu, conf_req, 3);
290 } else if (memcmp(data, conf_req, 2) == 0) {
291 h5_link_control(hu, conf_rsp, 2);
292 h5_link_control(hu, conf_req, 3);
293 } else if (memcmp(data, conf_rsp, 2) == 0) {
294 if (H5_HDR_LEN(hdr) > 2)
295 h5->tx_win = (data[2] & 7);
296 BT_DBG("Three-wire init complete. tx_win %u", h5->tx_win);
297 h5->state = H5_ACTIVE;
298 hci_uart_init_ready(hu);
299 return;
300 } else if (memcmp(data, sleep_req, 2) == 0) {
301 BT_DBG("Peer went to sleep");
302 h5->sleep = H5_SLEEPING;
303 return;
304 } else if (memcmp(data, woken_req, 2) == 0) {
305 BT_DBG("Peer woke up");
306 h5->sleep = H5_AWAKE;
307 } else if (memcmp(data, wakeup_req, 2) == 0) {
308 BT_DBG("Peer requested wakeup");
309 h5_link_control(hu, woken_req, 2);
310 h5->sleep = H5_AWAKE;
311 } else {
312 BT_DBG("Link Control: 0x%02hhx 0x%02hhx", data[0], data[1]);
313 return;
314 }
315
316 hci_uart_tx_wakeup(hu);
317}
318
319static void h5_complete_rx_pkt(struct hci_uart *hu)
320{
321 struct h5 *h5 = hu->priv;
322 const unsigned char *hdr = h5->rx_skb->data;
323
324 if (H5_HDR_RELIABLE(hdr)) {
325 h5->tx_ack = (h5->tx_ack + 1) % 8;
326 set_bit(H5_TX_ACK_REQ, &h5->flags);
327 hci_uart_tx_wakeup(hu);
328 }
329
330 h5->rx_ack = H5_HDR_ACK(hdr);
331
332 h5_pkt_cull(h5);
333
334 switch (H5_HDR_PKT_TYPE(hdr)) {
335 case HCI_EVENT_PKT:
336 case HCI_ACLDATA_PKT:
337 case HCI_SCODATA_PKT:
338 bt_cb(h5->rx_skb)->pkt_type = H5_HDR_PKT_TYPE(hdr);
339
340 /* Remove Three-wire header */
341 skb_pull(h5->rx_skb, 4);
342
343 hci_recv_frame(hu->hdev, h5->rx_skb);
344 h5->rx_skb = NULL;
345
346 break;
347
348 default:
349 h5_handle_internal_rx(hu);
350 break;
351 }
352
353 h5_reset_rx(h5);
354}
355
356static int h5_rx_crc(struct hci_uart *hu, unsigned char c)
357{
358 struct h5 *h5 = hu->priv;
359
360 h5_complete_rx_pkt(hu);
361 h5_reset_rx(h5);
362
363 return 0;
364}
365
366static int h5_rx_payload(struct hci_uart *hu, unsigned char c)
367{
368 struct h5 *h5 = hu->priv;
369 const unsigned char *hdr = h5->rx_skb->data;
370
371 if (H5_HDR_CRC(hdr)) {
372 h5->rx_func = h5_rx_crc;
373 h5->rx_pending = 2;
374 } else {
375 h5_complete_rx_pkt(hu);
376 h5_reset_rx(h5);
377 }
378
379 return 0;
380}
381
382static int h5_rx_3wire_hdr(struct hci_uart *hu, unsigned char c)
383{
384 struct h5 *h5 = hu->priv;
385 const unsigned char *hdr = h5->rx_skb->data;
386
387 BT_DBG("%s rx: seq %u ack %u crc %u rel %u type %u len %u",
388 hu->hdev->name, H5_HDR_SEQ(hdr), H5_HDR_ACK(hdr),
389 H5_HDR_CRC(hdr), H5_HDR_RELIABLE(hdr), H5_HDR_PKT_TYPE(hdr),
390 H5_HDR_LEN(hdr));
391
392 if (((hdr[0] + hdr[1] + hdr[2] + hdr[3]) & 0xff) != 0xff) {
393 BT_ERR("Invalid header checksum");
394 h5_reset_rx(h5);
395 return 0;
396 }
397
398 if (H5_HDR_RELIABLE(hdr) && H5_HDR_SEQ(hdr) != h5->tx_ack) {
399 BT_ERR("Out-of-order packet arrived (%u != %u)",
400 H5_HDR_SEQ(hdr), h5->tx_ack);
401 h5_reset_rx(h5);
402 return 0;
403 }
404
405 if (h5->state != H5_ACTIVE &&
406 H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT) {
407 BT_ERR("Non-link packet received in non-active state");
408 h5_reset_rx(h5);
409 }
410
411 h5->rx_func = h5_rx_payload;
412 h5->rx_pending = H5_HDR_LEN(hdr);
413
414 return 0;
415}
416
417static int h5_rx_pkt_start(struct hci_uart *hu, unsigned char c)
418{
419 struct h5 *h5 = hu->priv;
420
421 if (c == SLIP_DELIMITER)
422 return 1;
423
424 h5->rx_func = h5_rx_3wire_hdr;
425 h5->rx_pending = 4;
426
427 h5->rx_skb = bt_skb_alloc(H5_MAX_LEN, GFP_ATOMIC);
428 if (!h5->rx_skb) {
429 BT_ERR("Can't allocate mem for new packet");
430 h5_reset_rx(h5);
431 return -ENOMEM;
432 }
433
434 h5->rx_skb->dev = (void *) hu->hdev;
435
436 return 0;
437}
438
439static int h5_rx_delimiter(struct hci_uart *hu, unsigned char c)
440{
441 struct h5 *h5 = hu->priv;
442
443 if (c == SLIP_DELIMITER)
444 h5->rx_func = h5_rx_pkt_start;
445
446 return 1;
447}
448
449static void h5_unslip_one_byte(struct h5 *h5, unsigned char c)
450{
451 const u8 delim = SLIP_DELIMITER, esc = SLIP_ESC;
452 const u8 *byte = &c;
453
454 if (!test_bit(H5_RX_ESC, &h5->flags) && c == SLIP_ESC) {
455 set_bit(H5_RX_ESC, &h5->flags);
456 return;
457 }
458
459 if (test_and_clear_bit(H5_RX_ESC, &h5->flags)) {
460 switch (c) {
461 case SLIP_ESC_DELIM:
462 byte = &delim;
463 break;
464 case SLIP_ESC_ESC:
465 byte = &esc;
466 break;
467 default:
468 BT_ERR("Invalid esc byte 0x%02hhx", c);
469 h5_reset_rx(h5);
470 return;
471 }
472 }
473
474 memcpy(skb_put(h5->rx_skb, 1), byte, 1);
475 h5->rx_pending--;
476
477 BT_DBG("unsliped 0x%02hhx, rx_pending %zu", *byte, h5->rx_pending);
478}
479
480static void h5_reset_rx(struct h5 *h5)
481{
482 if (h5->rx_skb) {
483 kfree_skb(h5->rx_skb);
484 h5->rx_skb = NULL;
485 }
486
487 h5->rx_func = h5_rx_delimiter;
488 h5->rx_pending = 0;
489 clear_bit(H5_RX_ESC, &h5->flags);
490}
491
492static int h5_recv(struct hci_uart *hu, void *data, int count)
493{
494 struct h5 *h5 = hu->priv;
495 unsigned char *ptr = data;
496
497 BT_DBG("%s pending %zu count %d", hu->hdev->name, h5->rx_pending,
498 count);
499
500 while (count > 0) {
501 int processed;
502
503 if (h5->rx_pending > 0) {
504 if (*ptr == SLIP_DELIMITER) {
505 BT_ERR("Too short H5 packet");
506 h5_reset_rx(h5);
507 continue;
508 }
509
510 h5_unslip_one_byte(h5, *ptr);
511
512 ptr++; count--;
513 continue;
514 }
515
516 processed = h5->rx_func(hu, *ptr);
517 if (processed < 0)
518 return processed;
519
520 ptr += processed;
521 count -= processed;
522 }
523
524 return 0;
525}
526
527static int h5_enqueue(struct hci_uart *hu, struct sk_buff *skb)
528{
529 struct h5 *h5 = hu->priv;
530
531 if (skb->len > 0xfff) {
532 BT_ERR("Packet too long (%u bytes)", skb->len);
533 kfree_skb(skb);
534 return 0;
535 }
536
537 if (h5->state != H5_ACTIVE) {
538 BT_ERR("Ignoring HCI data in non-active state");
539 kfree_skb(skb);
540 return 0;
541 }
542
543 switch (bt_cb(skb)->pkt_type) {
544 case HCI_ACLDATA_PKT:
545 case HCI_COMMAND_PKT:
546 skb_queue_tail(&h5->rel, skb);
547 break;
548
549 case HCI_SCODATA_PKT:
550 skb_queue_tail(&h5->unrel, skb);
551 break;
552
553 default:
554 BT_ERR("Unknown packet type %u", bt_cb(skb)->pkt_type);
555 kfree_skb(skb);
556 break;
557 }
558
559 return 0;
560}
561
562static void h5_slip_delim(struct sk_buff *skb)
563{
564 const char delim = SLIP_DELIMITER;
565
566 memcpy(skb_put(skb, 1), &delim, 1);
567}
568
569static void h5_slip_one_byte(struct sk_buff *skb, u8 c)
570{
571 const char esc_delim[2] = { SLIP_ESC, SLIP_ESC_DELIM };
572 const char esc_esc[2] = { SLIP_ESC, SLIP_ESC_ESC };
573
574 switch (c) {
575 case SLIP_DELIMITER:
576 memcpy(skb_put(skb, 2), &esc_delim, 2);
577 break;
578 case SLIP_ESC:
579 memcpy(skb_put(skb, 2), &esc_esc, 2);
580 break;
581 default:
582 memcpy(skb_put(skb, 1), &c, 1);
583 }
584}
585
586static bool valid_packet_type(u8 type)
587{
588 switch (type) {
589 case HCI_ACLDATA_PKT:
590 case HCI_COMMAND_PKT:
591 case HCI_SCODATA_PKT:
592 case HCI_3WIRE_LINK_PKT:
593 case HCI_3WIRE_ACK_PKT:
594 return true;
595 default:
596 return false;
597 }
598}
599
600static struct sk_buff *h5_prepare_pkt(struct hci_uart *hu, u8 pkt_type,
601 const u8 *data, size_t len)
602{
603 struct h5 *h5 = hu->priv;
604 struct sk_buff *nskb;
605 u8 hdr[4];
606 int i;
607
608 if (!valid_packet_type(pkt_type)) {
609 BT_ERR("Unknown packet type %u", pkt_type);
610 return NULL;
611 }
612
613 /*
614 * Max len of packet: (original len + 4 (H5 hdr) + 2 (crc)) * 2
615 * (because bytes 0xc0 and 0xdb are escaped, worst case is when
616 * the packet is all made of 0xc0 and 0xdb) + 2 (0xc0
617 * delimiters at start and end).
618 */
619 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
620 if (!nskb)
621 return NULL;
622
623 bt_cb(nskb)->pkt_type = pkt_type;
624
625 h5_slip_delim(nskb);
626
627 hdr[0] = h5->tx_ack << 3;
628 clear_bit(H5_TX_ACK_REQ, &h5->flags);
629
630 /* Reliable packet? */
631 if (pkt_type == HCI_ACLDATA_PKT || pkt_type == HCI_COMMAND_PKT) {
632 hdr[0] |= 1 << 7;
633 hdr[0] |= h5->tx_seq;
634 h5->tx_seq = (h5->tx_seq + 1) % 8;
635 }
636
637 hdr[1] = pkt_type | ((len & 0x0f) << 4);
638 hdr[2] = len >> 4;
639 hdr[3] = ~((hdr[0] + hdr[1] + hdr[2]) & 0xff);
640
641 BT_DBG("%s tx: seq %u ack %u crc %u rel %u type %u len %u",
642 hu->hdev->name, H5_HDR_SEQ(hdr), H5_HDR_ACK(hdr),
643 H5_HDR_CRC(hdr), H5_HDR_RELIABLE(hdr), H5_HDR_PKT_TYPE(hdr),
644 H5_HDR_LEN(hdr));
645
646 for (i = 0; i < 4; i++)
647 h5_slip_one_byte(nskb, hdr[i]);
648
649 for (i = 0; i < len; i++)
650 h5_slip_one_byte(nskb, data[i]);
651
652 h5_slip_delim(nskb);
653
654 return nskb;
655}
656
657static struct sk_buff *h5_dequeue(struct hci_uart *hu)
658{
659 struct h5 *h5 = hu->priv;
660 unsigned long flags;
661 struct sk_buff *skb, *nskb;
662
663 if (h5->sleep != H5_AWAKE) {
664 const unsigned char wakeup_req[] = { 0x05, 0xfa };
665
666 if (h5->sleep == H5_WAKING_UP)
667 return NULL;
668
669 h5->sleep = H5_WAKING_UP;
670 BT_DBG("Sending wakeup request");
671
672 mod_timer(&h5->timer, jiffies + HZ / 100);
673 return h5_prepare_pkt(hu, HCI_3WIRE_LINK_PKT, wakeup_req, 2);
674 }
675
676 skb = skb_dequeue(&h5->unrel);
677 if (skb != NULL) {
678 nskb = h5_prepare_pkt(hu, bt_cb(skb)->pkt_type,
679 skb->data, skb->len);
680 if (nskb) {
681 kfree_skb(skb);
682 return nskb;
683 }
684
685 skb_queue_head(&h5->unrel, skb);
686 BT_ERR("Could not dequeue pkt because alloc_skb failed");
687 }
688
689 spin_lock_irqsave_nested(&h5->unack.lock, flags, SINGLE_DEPTH_NESTING);
690
691 if (h5->unack.qlen >= h5->tx_win)
692 goto unlock;
693
694 skb = skb_dequeue(&h5->rel);
695 if (skb != NULL) {
696 nskb = h5_prepare_pkt(hu, bt_cb(skb)->pkt_type,
697 skb->data, skb->len);
698 if (nskb) {
699 __skb_queue_tail(&h5->unack, skb);
700 mod_timer(&h5->timer, jiffies + H5_ACK_TIMEOUT);
701 spin_unlock_irqrestore(&h5->unack.lock, flags);
702 return nskb;
703 }
704
705 skb_queue_head(&h5->rel, skb);
706 BT_ERR("Could not dequeue pkt because alloc_skb failed");
707 }
708
709unlock:
710 spin_unlock_irqrestore(&h5->unack.lock, flags);
711
712 if (test_bit(H5_TX_ACK_REQ, &h5->flags))
713 return h5_prepare_pkt(hu, HCI_3WIRE_ACK_PKT, NULL, 0);
714
715 return NULL;
716}
717
718static int h5_flush(struct hci_uart *hu)
719{
720 BT_DBG("hu %p", hu);
721 return 0;
722}
723
724static struct hci_uart_proto h5p = {
725 .id = HCI_UART_3WIRE,
726 .open = h5_open,
727 .close = h5_close,
728 .recv = h5_recv,
729 .enqueue = h5_enqueue,
730 .dequeue = h5_dequeue,
731 .flush = h5_flush,
732};
733
734int __init h5_init(void)
735{
736 int err = hci_uart_register_proto(&h5p);
737
738 if (!err)
739 BT_INFO("HCI Three-wire UART (H5) protocol initialized");
740 else
741 BT_ERR("HCI Three-wire UART (H5) protocol init failed");
742
743 return err;
744}
745
746int __exit h5_deinit(void)
747{
748 return hci_uart_unregister_proto(&h5p);
749}