Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 *
4 * Bluetooth HCI Three-wire UART driver
5 *
6 * Copyright (C) 2012 Intel Corporation
7 */
8
9#include <linux/acpi.h>
10#include <linux/errno.h>
11#include <linux/gpio/consumer.h>
12#include <linux/kernel.h>
13#include <linux/mod_devicetable.h>
14#include <linux/of.h>
15#include <linux/pm_runtime.h>
16#include <linux/serdev.h>
17#include <linux/skbuff.h>
18
19#include <net/bluetooth/bluetooth.h>
20#include <net/bluetooth/hci_core.h>
21
22#include "btrtl.h"
23#include "hci_uart.h"
24
25#define SUSPEND_TIMEOUT_MS 6000
26
27#define HCI_3WIRE_ACK_PKT 0
28#define HCI_3WIRE_LINK_PKT 15
29
30/* Sliding window size */
31#define H5_TX_WIN_MAX 4
32
33#define H5_ACK_TIMEOUT msecs_to_jiffies(250)
34#define H5_SYNC_TIMEOUT msecs_to_jiffies(100)
35
36/*
37 * Maximum Three-wire packet:
38 * 4 byte header + max value for 12-bit length + 2 bytes for CRC
39 */
40#define H5_MAX_LEN (4 + 0xfff + 2)
41
42/* Convenience macros for reading Three-wire header values */
43#define H5_HDR_SEQ(hdr) ((hdr)[0] & 0x07)
44#define H5_HDR_ACK(hdr) (((hdr)[0] >> 3) & 0x07)
45#define H5_HDR_CRC(hdr) (((hdr)[0] >> 6) & 0x01)
46#define H5_HDR_RELIABLE(hdr) (((hdr)[0] >> 7) & 0x01)
47#define H5_HDR_PKT_TYPE(hdr) ((hdr)[1] & 0x0f)
48#define H5_HDR_LEN(hdr) ((((hdr)[1] >> 4) & 0x0f) + ((hdr)[2] << 4))
49
50#define SLIP_DELIMITER 0xc0
51#define SLIP_ESC 0xdb
52#define SLIP_ESC_DELIM 0xdc
53#define SLIP_ESC_ESC 0xdd
54
55/* H5 state flags */
56enum {
57 H5_RX_ESC, /* SLIP escape mode */
58 H5_TX_ACK_REQ, /* Pending ack to send */
59 H5_WAKEUP_DISABLE, /* Device cannot wake host */
60 H5_HW_FLOW_CONTROL, /* Use HW flow control */
61};
62
63struct h5 {
64 /* Must be the first member, hci_serdev.c expects this. */
65 struct hci_uart serdev_hu;
66
67 struct sk_buff_head unack; /* Unack'ed packets queue */
68 struct sk_buff_head rel; /* Reliable packets queue */
69 struct sk_buff_head unrel; /* Unreliable packets queue */
70
71 unsigned long flags;
72
73 struct sk_buff *rx_skb; /* Receive buffer */
74 size_t rx_pending; /* Expecting more bytes */
75 u8 rx_ack; /* Last ack number received */
76
77 int (*rx_func)(struct hci_uart *hu, u8 c);
78
79 struct timer_list timer; /* Retransmission timer */
80 struct hci_uart *hu; /* Parent HCI UART */
81
82 u8 tx_seq; /* Next seq number to send */
83 u8 tx_ack; /* Next ack number to send */
84 u8 tx_win; /* Sliding window size */
85
86 enum {
87 H5_UNINITIALIZED,
88 H5_INITIALIZED,
89 H5_ACTIVE,
90 } state;
91
92 enum {
93 H5_AWAKE,
94 H5_SLEEPING,
95 H5_WAKING_UP,
96 } sleep;
97
98 const struct h5_vnd *vnd;
99 const char *id;
100
101 struct gpio_desc *enable_gpio;
102 struct gpio_desc *device_wake_gpio;
103};
104
105enum h5_driver_info {
106 H5_INFO_WAKEUP_DISABLE = BIT(0),
107};
108
109struct h5_vnd {
110 int (*setup)(struct h5 *h5);
111 void (*open)(struct h5 *h5);
112 void (*close)(struct h5 *h5);
113 int (*suspend)(struct h5 *h5);
114 int (*resume)(struct h5 *h5);
115 const struct acpi_gpio_mapping *acpi_gpio_map;
116 int sizeof_priv;
117};
118
119struct h5_device_data {
120 uint32_t driver_info;
121 struct h5_vnd *vnd;
122};
123
124static void h5_reset_rx(struct h5 *h5);
125
126static void h5_link_control(struct hci_uart *hu, const void *data, size_t len)
127{
128 struct h5 *h5 = hu->priv;
129 struct sk_buff *nskb;
130
131 nskb = alloc_skb(3, GFP_ATOMIC);
132 if (!nskb)
133 return;
134
135 hci_skb_pkt_type(nskb) = HCI_3WIRE_LINK_PKT;
136
137 skb_put_data(nskb, data, len);
138
139 skb_queue_tail(&h5->unrel, nskb);
140}
141
142static u8 h5_cfg_field(struct h5 *h5)
143{
144 /* Sliding window size (first 3 bits) */
145 return h5->tx_win & 0x07;
146}
147
148static void h5_timed_event(struct timer_list *t)
149{
150 const unsigned char sync_req[] = { 0x01, 0x7e };
151 unsigned char conf_req[3] = { 0x03, 0xfc };
152 struct h5 *h5 = from_timer(h5, t, timer);
153 struct hci_uart *hu = h5->hu;
154 struct sk_buff *skb;
155 unsigned long flags;
156
157 BT_DBG("%s", hu->hdev->name);
158
159 if (h5->state == H5_UNINITIALIZED)
160 h5_link_control(hu, sync_req, sizeof(sync_req));
161
162 if (h5->state == H5_INITIALIZED) {
163 conf_req[2] = h5_cfg_field(h5);
164 h5_link_control(hu, conf_req, sizeof(conf_req));
165 }
166
167 if (h5->state != H5_ACTIVE) {
168 mod_timer(&h5->timer, jiffies + H5_SYNC_TIMEOUT);
169 goto wakeup;
170 }
171
172 if (h5->sleep != H5_AWAKE) {
173 h5->sleep = H5_SLEEPING;
174 goto wakeup;
175 }
176
177 BT_DBG("hu %p retransmitting %u pkts", hu, h5->unack.qlen);
178
179 spin_lock_irqsave_nested(&h5->unack.lock, flags, SINGLE_DEPTH_NESTING);
180
181 while ((skb = __skb_dequeue_tail(&h5->unack)) != NULL) {
182 h5->tx_seq = (h5->tx_seq - 1) & 0x07;
183 skb_queue_head(&h5->rel, skb);
184 }
185
186 spin_unlock_irqrestore(&h5->unack.lock, flags);
187
188wakeup:
189 hci_uart_tx_wakeup(hu);
190}
191
192static void h5_peer_reset(struct hci_uart *hu)
193{
194 struct h5 *h5 = hu->priv;
195
196 bt_dev_err(hu->hdev, "Peer device has reset");
197
198 h5->state = H5_UNINITIALIZED;
199
200 del_timer(&h5->timer);
201
202 skb_queue_purge(&h5->rel);
203 skb_queue_purge(&h5->unrel);
204 skb_queue_purge(&h5->unack);
205
206 h5->tx_seq = 0;
207 h5->tx_ack = 0;
208
209 /* Send reset request to upper stack */
210 hci_reset_dev(hu->hdev);
211}
212
213static int h5_open(struct hci_uart *hu)
214{
215 struct h5 *h5;
216 const unsigned char sync[] = { 0x01, 0x7e };
217
218 BT_DBG("hu %p", hu);
219
220 if (hu->serdev) {
221 h5 = serdev_device_get_drvdata(hu->serdev);
222 } else {
223 h5 = kzalloc(sizeof(*h5), GFP_KERNEL);
224 if (!h5)
225 return -ENOMEM;
226 }
227
228 hu->priv = h5;
229 h5->hu = hu;
230
231 skb_queue_head_init(&h5->unack);
232 skb_queue_head_init(&h5->rel);
233 skb_queue_head_init(&h5->unrel);
234
235 h5_reset_rx(h5);
236
237 timer_setup(&h5->timer, h5_timed_event, 0);
238
239 h5->tx_win = H5_TX_WIN_MAX;
240
241 if (h5->vnd && h5->vnd->open)
242 h5->vnd->open(h5);
243
244 set_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags);
245
246 /* Send initial sync request */
247 h5_link_control(hu, sync, sizeof(sync));
248 mod_timer(&h5->timer, jiffies + H5_SYNC_TIMEOUT);
249
250 return 0;
251}
252
253static int h5_close(struct hci_uart *hu)
254{
255 struct h5 *h5 = hu->priv;
256
257 del_timer_sync(&h5->timer);
258
259 skb_queue_purge(&h5->unack);
260 skb_queue_purge(&h5->rel);
261 skb_queue_purge(&h5->unrel);
262
263 kfree_skb(h5->rx_skb);
264 h5->rx_skb = NULL;
265
266 if (h5->vnd && h5->vnd->close)
267 h5->vnd->close(h5);
268
269 if (!hu->serdev)
270 kfree(h5);
271
272 return 0;
273}
274
275static int h5_setup(struct hci_uart *hu)
276{
277 struct h5 *h5 = hu->priv;
278
279 if (h5->vnd && h5->vnd->setup)
280 return h5->vnd->setup(h5);
281
282 return 0;
283}
284
285static void h5_pkt_cull(struct h5 *h5)
286{
287 struct sk_buff *skb, *tmp;
288 unsigned long flags;
289 int i, to_remove;
290 u8 seq;
291
292 spin_lock_irqsave(&h5->unack.lock, flags);
293
294 to_remove = skb_queue_len(&h5->unack);
295 if (to_remove == 0)
296 goto unlock;
297
298 seq = h5->tx_seq;
299
300 while (to_remove > 0) {
301 if (h5->rx_ack == seq)
302 break;
303
304 to_remove--;
305 seq = (seq - 1) & 0x07;
306 }
307
308 if (seq != h5->rx_ack)
309 BT_ERR("Controller acked invalid packet");
310
311 i = 0;
312 skb_queue_walk_safe(&h5->unack, skb, tmp) {
313 if (i++ >= to_remove)
314 break;
315
316 __skb_unlink(skb, &h5->unack);
317 dev_kfree_skb_irq(skb);
318 }
319
320 if (skb_queue_empty(&h5->unack))
321 del_timer(&h5->timer);
322
323unlock:
324 spin_unlock_irqrestore(&h5->unack.lock, flags);
325}
326
327static void h5_handle_internal_rx(struct hci_uart *hu)
328{
329 struct h5 *h5 = hu->priv;
330 const unsigned char sync_req[] = { 0x01, 0x7e };
331 const unsigned char sync_rsp[] = { 0x02, 0x7d };
332 unsigned char conf_req[3] = { 0x03, 0xfc };
333 const unsigned char conf_rsp[] = { 0x04, 0x7b };
334 const unsigned char wakeup_req[] = { 0x05, 0xfa };
335 const unsigned char woken_req[] = { 0x06, 0xf9 };
336 const unsigned char sleep_req[] = { 0x07, 0x78 };
337 const unsigned char *hdr = h5->rx_skb->data;
338 const unsigned char *data = &h5->rx_skb->data[4];
339
340 BT_DBG("%s", hu->hdev->name);
341
342 if (H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT)
343 return;
344
345 if (H5_HDR_LEN(hdr) < 2)
346 return;
347
348 conf_req[2] = h5_cfg_field(h5);
349
350 if (memcmp(data, sync_req, 2) == 0) {
351 if (h5->state == H5_ACTIVE)
352 h5_peer_reset(hu);
353 h5_link_control(hu, sync_rsp, 2);
354 } else if (memcmp(data, sync_rsp, 2) == 0) {
355 if (h5->state == H5_ACTIVE)
356 h5_peer_reset(hu);
357 h5->state = H5_INITIALIZED;
358 h5_link_control(hu, conf_req, 3);
359 } else if (memcmp(data, conf_req, 2) == 0) {
360 h5_link_control(hu, conf_rsp, 2);
361 h5_link_control(hu, conf_req, 3);
362 } else if (memcmp(data, conf_rsp, 2) == 0) {
363 if (H5_HDR_LEN(hdr) > 2)
364 h5->tx_win = (data[2] & 0x07);
365 BT_DBG("Three-wire init complete. tx_win %u", h5->tx_win);
366 h5->state = H5_ACTIVE;
367 hci_uart_init_ready(hu);
368 return;
369 } else if (memcmp(data, sleep_req, 2) == 0) {
370 BT_DBG("Peer went to sleep");
371 h5->sleep = H5_SLEEPING;
372 return;
373 } else if (memcmp(data, woken_req, 2) == 0) {
374 BT_DBG("Peer woke up");
375 h5->sleep = H5_AWAKE;
376 } else if (memcmp(data, wakeup_req, 2) == 0) {
377 BT_DBG("Peer requested wakeup");
378 h5_link_control(hu, woken_req, 2);
379 h5->sleep = H5_AWAKE;
380 } else {
381 BT_DBG("Link Control: 0x%02hhx 0x%02hhx", data[0], data[1]);
382 return;
383 }
384
385 hci_uart_tx_wakeup(hu);
386}
387
388static void h5_complete_rx_pkt(struct hci_uart *hu)
389{
390 struct h5 *h5 = hu->priv;
391 const unsigned char *hdr = h5->rx_skb->data;
392
393 if (H5_HDR_RELIABLE(hdr)) {
394 h5->tx_ack = (h5->tx_ack + 1) % 8;
395 set_bit(H5_TX_ACK_REQ, &h5->flags);
396 hci_uart_tx_wakeup(hu);
397 }
398
399 h5->rx_ack = H5_HDR_ACK(hdr);
400
401 h5_pkt_cull(h5);
402
403 switch (H5_HDR_PKT_TYPE(hdr)) {
404 case HCI_EVENT_PKT:
405 case HCI_ACLDATA_PKT:
406 case HCI_SCODATA_PKT:
407 case HCI_ISODATA_PKT:
408 hci_skb_pkt_type(h5->rx_skb) = H5_HDR_PKT_TYPE(hdr);
409
410 /* Remove Three-wire header */
411 skb_pull(h5->rx_skb, 4);
412
413 hci_recv_frame(hu->hdev, h5->rx_skb);
414 h5->rx_skb = NULL;
415
416 break;
417
418 default:
419 h5_handle_internal_rx(hu);
420 break;
421 }
422
423 h5_reset_rx(h5);
424}
425
426static int h5_rx_crc(struct hci_uart *hu, unsigned char c)
427{
428 h5_complete_rx_pkt(hu);
429
430 return 0;
431}
432
433static int h5_rx_payload(struct hci_uart *hu, unsigned char c)
434{
435 struct h5 *h5 = hu->priv;
436 const unsigned char *hdr = h5->rx_skb->data;
437
438 if (H5_HDR_CRC(hdr)) {
439 h5->rx_func = h5_rx_crc;
440 h5->rx_pending = 2;
441 } else {
442 h5_complete_rx_pkt(hu);
443 }
444
445 return 0;
446}
447
448static int h5_rx_3wire_hdr(struct hci_uart *hu, unsigned char c)
449{
450 struct h5 *h5 = hu->priv;
451 const unsigned char *hdr = h5->rx_skb->data;
452
453 BT_DBG("%s rx: seq %u ack %u crc %u rel %u type %u len %u",
454 hu->hdev->name, H5_HDR_SEQ(hdr), H5_HDR_ACK(hdr),
455 H5_HDR_CRC(hdr), H5_HDR_RELIABLE(hdr), H5_HDR_PKT_TYPE(hdr),
456 H5_HDR_LEN(hdr));
457
458 if (((hdr[0] + hdr[1] + hdr[2] + hdr[3]) & 0xff) != 0xff) {
459 bt_dev_err(hu->hdev, "Invalid header checksum");
460 h5_reset_rx(h5);
461 return 0;
462 }
463
464 if (H5_HDR_RELIABLE(hdr) && H5_HDR_SEQ(hdr) != h5->tx_ack) {
465 bt_dev_err(hu->hdev, "Out-of-order packet arrived (%u != %u)",
466 H5_HDR_SEQ(hdr), h5->tx_ack);
467 set_bit(H5_TX_ACK_REQ, &h5->flags);
468 hci_uart_tx_wakeup(hu);
469 h5_reset_rx(h5);
470 return 0;
471 }
472
473 if (h5->state != H5_ACTIVE &&
474 H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT) {
475 bt_dev_err(hu->hdev, "Non-link packet received in non-active state");
476 h5_reset_rx(h5);
477 return 0;
478 }
479
480 h5->rx_func = h5_rx_payload;
481 h5->rx_pending = H5_HDR_LEN(hdr);
482
483 return 0;
484}
485
486static int h5_rx_pkt_start(struct hci_uart *hu, unsigned char c)
487{
488 struct h5 *h5 = hu->priv;
489
490 if (c == SLIP_DELIMITER)
491 return 1;
492
493 h5->rx_func = h5_rx_3wire_hdr;
494 h5->rx_pending = 4;
495
496 h5->rx_skb = bt_skb_alloc(H5_MAX_LEN, GFP_ATOMIC);
497 if (!h5->rx_skb) {
498 bt_dev_err(hu->hdev, "Can't allocate mem for new packet");
499 h5_reset_rx(h5);
500 return -ENOMEM;
501 }
502
503 h5->rx_skb->dev = (void *)hu->hdev;
504
505 return 0;
506}
507
508static int h5_rx_delimiter(struct hci_uart *hu, unsigned char c)
509{
510 struct h5 *h5 = hu->priv;
511
512 if (c == SLIP_DELIMITER)
513 h5->rx_func = h5_rx_pkt_start;
514
515 return 1;
516}
517
518static void h5_unslip_one_byte(struct h5 *h5, unsigned char c)
519{
520 const u8 delim = SLIP_DELIMITER, esc = SLIP_ESC;
521 const u8 *byte = &c;
522
523 if (!test_bit(H5_RX_ESC, &h5->flags) && c == SLIP_ESC) {
524 set_bit(H5_RX_ESC, &h5->flags);
525 return;
526 }
527
528 if (test_and_clear_bit(H5_RX_ESC, &h5->flags)) {
529 switch (c) {
530 case SLIP_ESC_DELIM:
531 byte = &delim;
532 break;
533 case SLIP_ESC_ESC:
534 byte = &esc;
535 break;
536 default:
537 BT_ERR("Invalid esc byte 0x%02hhx", c);
538 h5_reset_rx(h5);
539 return;
540 }
541 }
542
543 skb_put_data(h5->rx_skb, byte, 1);
544 h5->rx_pending--;
545
546 BT_DBG("unslipped 0x%02hhx, rx_pending %zu", *byte, h5->rx_pending);
547}
548
549static void h5_reset_rx(struct h5 *h5)
550{
551 if (h5->rx_skb) {
552 kfree_skb(h5->rx_skb);
553 h5->rx_skb = NULL;
554 }
555
556 h5->rx_func = h5_rx_delimiter;
557 h5->rx_pending = 0;
558 clear_bit(H5_RX_ESC, &h5->flags);
559}
560
561static int h5_recv(struct hci_uart *hu, const void *data, int count)
562{
563 struct h5 *h5 = hu->priv;
564 const unsigned char *ptr = data;
565
566 BT_DBG("%s pending %zu count %d", hu->hdev->name, h5->rx_pending,
567 count);
568
569 while (count > 0) {
570 int processed;
571
572 if (h5->rx_pending > 0) {
573 if (*ptr == SLIP_DELIMITER) {
574 bt_dev_err(hu->hdev, "Too short H5 packet");
575 h5_reset_rx(h5);
576 continue;
577 }
578
579 h5_unslip_one_byte(h5, *ptr);
580
581 ptr++; count--;
582 continue;
583 }
584
585 processed = h5->rx_func(hu, *ptr);
586 if (processed < 0)
587 return processed;
588
589 ptr += processed;
590 count -= processed;
591 }
592
593 if (hu->serdev) {
594 pm_runtime_get(&hu->serdev->dev);
595 pm_runtime_mark_last_busy(&hu->serdev->dev);
596 pm_runtime_put_autosuspend(&hu->serdev->dev);
597 }
598
599 return 0;
600}
601
602static int h5_enqueue(struct hci_uart *hu, struct sk_buff *skb)
603{
604 struct h5 *h5 = hu->priv;
605
606 if (skb->len > 0xfff) {
607 bt_dev_err(hu->hdev, "Packet too long (%u bytes)", skb->len);
608 kfree_skb(skb);
609 return 0;
610 }
611
612 if (h5->state != H5_ACTIVE) {
613 bt_dev_err(hu->hdev, "Ignoring HCI data in non-active state");
614 kfree_skb(skb);
615 return 0;
616 }
617
618 switch (hci_skb_pkt_type(skb)) {
619 case HCI_ACLDATA_PKT:
620 case HCI_COMMAND_PKT:
621 skb_queue_tail(&h5->rel, skb);
622 break;
623
624 case HCI_SCODATA_PKT:
625 case HCI_ISODATA_PKT:
626 skb_queue_tail(&h5->unrel, skb);
627 break;
628
629 default:
630 bt_dev_err(hu->hdev, "Unknown packet type %u", hci_skb_pkt_type(skb));
631 kfree_skb(skb);
632 break;
633 }
634
635 if (hu->serdev) {
636 pm_runtime_get_sync(&hu->serdev->dev);
637 pm_runtime_mark_last_busy(&hu->serdev->dev);
638 pm_runtime_put_autosuspend(&hu->serdev->dev);
639 }
640
641 return 0;
642}
643
644static void h5_slip_delim(struct sk_buff *skb)
645{
646 const char delim = SLIP_DELIMITER;
647
648 skb_put_data(skb, &delim, 1);
649}
650
651static void h5_slip_one_byte(struct sk_buff *skb, u8 c)
652{
653 const char esc_delim[2] = { SLIP_ESC, SLIP_ESC_DELIM };
654 const char esc_esc[2] = { SLIP_ESC, SLIP_ESC_ESC };
655
656 switch (c) {
657 case SLIP_DELIMITER:
658 skb_put_data(skb, &esc_delim, 2);
659 break;
660 case SLIP_ESC:
661 skb_put_data(skb, &esc_esc, 2);
662 break;
663 default:
664 skb_put_data(skb, &c, 1);
665 }
666}
667
668static bool valid_packet_type(u8 type)
669{
670 switch (type) {
671 case HCI_ACLDATA_PKT:
672 case HCI_COMMAND_PKT:
673 case HCI_SCODATA_PKT:
674 case HCI_ISODATA_PKT:
675 case HCI_3WIRE_LINK_PKT:
676 case HCI_3WIRE_ACK_PKT:
677 return true;
678 default:
679 return false;
680 }
681}
682
683static struct sk_buff *h5_prepare_pkt(struct hci_uart *hu, u8 pkt_type,
684 const u8 *data, size_t len)
685{
686 struct h5 *h5 = hu->priv;
687 struct sk_buff *nskb;
688 u8 hdr[4];
689 int i;
690
691 if (!valid_packet_type(pkt_type)) {
692 bt_dev_err(hu->hdev, "Unknown packet type %u", pkt_type);
693 return NULL;
694 }
695
696 /*
697 * Max len of packet: (original len + 4 (H5 hdr) + 2 (crc)) * 2
698 * (because bytes 0xc0 and 0xdb are escaped, worst case is when
699 * the packet is all made of 0xc0 and 0xdb) + 2 (0xc0
700 * delimiters at start and end).
701 */
702 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
703 if (!nskb)
704 return NULL;
705
706 hci_skb_pkt_type(nskb) = pkt_type;
707
708 h5_slip_delim(nskb);
709
710 hdr[0] = h5->tx_ack << 3;
711 clear_bit(H5_TX_ACK_REQ, &h5->flags);
712
713 /* Reliable packet? */
714 if (pkt_type == HCI_ACLDATA_PKT || pkt_type == HCI_COMMAND_PKT) {
715 hdr[0] |= 1 << 7;
716 hdr[0] |= h5->tx_seq;
717 h5->tx_seq = (h5->tx_seq + 1) % 8;
718 }
719
720 hdr[1] = pkt_type | ((len & 0x0f) << 4);
721 hdr[2] = len >> 4;
722 hdr[3] = ~((hdr[0] + hdr[1] + hdr[2]) & 0xff);
723
724 BT_DBG("%s tx: seq %u ack %u crc %u rel %u type %u len %u",
725 hu->hdev->name, H5_HDR_SEQ(hdr), H5_HDR_ACK(hdr),
726 H5_HDR_CRC(hdr), H5_HDR_RELIABLE(hdr), H5_HDR_PKT_TYPE(hdr),
727 H5_HDR_LEN(hdr));
728
729 for (i = 0; i < 4; i++)
730 h5_slip_one_byte(nskb, hdr[i]);
731
732 for (i = 0; i < len; i++)
733 h5_slip_one_byte(nskb, data[i]);
734
735 h5_slip_delim(nskb);
736
737 return nskb;
738}
739
740static struct sk_buff *h5_dequeue(struct hci_uart *hu)
741{
742 struct h5 *h5 = hu->priv;
743 unsigned long flags;
744 struct sk_buff *skb, *nskb;
745
746 if (h5->sleep != H5_AWAKE) {
747 const unsigned char wakeup_req[] = { 0x05, 0xfa };
748
749 if (h5->sleep == H5_WAKING_UP)
750 return NULL;
751
752 h5->sleep = H5_WAKING_UP;
753 BT_DBG("Sending wakeup request");
754
755 mod_timer(&h5->timer, jiffies + HZ / 100);
756 return h5_prepare_pkt(hu, HCI_3WIRE_LINK_PKT, wakeup_req, 2);
757 }
758
759 skb = skb_dequeue(&h5->unrel);
760 if (skb) {
761 nskb = h5_prepare_pkt(hu, hci_skb_pkt_type(skb),
762 skb->data, skb->len);
763 if (nskb) {
764 kfree_skb(skb);
765 return nskb;
766 }
767
768 skb_queue_head(&h5->unrel, skb);
769 bt_dev_err(hu->hdev, "Could not dequeue pkt because alloc_skb failed");
770 }
771
772 spin_lock_irqsave_nested(&h5->unack.lock, flags, SINGLE_DEPTH_NESTING);
773
774 if (h5->unack.qlen >= h5->tx_win)
775 goto unlock;
776
777 skb = skb_dequeue(&h5->rel);
778 if (skb) {
779 nskb = h5_prepare_pkt(hu, hci_skb_pkt_type(skb),
780 skb->data, skb->len);
781 if (nskb) {
782 __skb_queue_tail(&h5->unack, skb);
783 mod_timer(&h5->timer, jiffies + H5_ACK_TIMEOUT);
784 spin_unlock_irqrestore(&h5->unack.lock, flags);
785 return nskb;
786 }
787
788 skb_queue_head(&h5->rel, skb);
789 bt_dev_err(hu->hdev, "Could not dequeue pkt because alloc_skb failed");
790 }
791
792unlock:
793 spin_unlock_irqrestore(&h5->unack.lock, flags);
794
795 if (test_bit(H5_TX_ACK_REQ, &h5->flags))
796 return h5_prepare_pkt(hu, HCI_3WIRE_ACK_PKT, NULL, 0);
797
798 return NULL;
799}
800
801static int h5_flush(struct hci_uart *hu)
802{
803 BT_DBG("hu %p", hu);
804 return 0;
805}
806
807static const struct hci_uart_proto h5p = {
808 .id = HCI_UART_3WIRE,
809 .name = "Three-wire (H5)",
810 .open = h5_open,
811 .close = h5_close,
812 .setup = h5_setup,
813 .recv = h5_recv,
814 .enqueue = h5_enqueue,
815 .dequeue = h5_dequeue,
816 .flush = h5_flush,
817};
818
819static int h5_serdev_probe(struct serdev_device *serdev)
820{
821 struct device *dev = &serdev->dev;
822 struct h5 *h5;
823 const struct h5_device_data *data;
824
825 h5 = devm_kzalloc(dev, sizeof(*h5), GFP_KERNEL);
826 if (!h5)
827 return -ENOMEM;
828
829 h5->hu = &h5->serdev_hu;
830 h5->serdev_hu.serdev = serdev;
831 serdev_device_set_drvdata(serdev, h5);
832
833 if (has_acpi_companion(dev)) {
834 const struct acpi_device_id *match;
835
836 match = acpi_match_device(dev->driver->acpi_match_table, dev);
837 if (!match)
838 return -ENODEV;
839
840 data = (const struct h5_device_data *)match->driver_data;
841 h5->vnd = data->vnd;
842 h5->id = (char *)match->id;
843
844 if (h5->vnd->acpi_gpio_map)
845 devm_acpi_dev_add_driver_gpios(dev,
846 h5->vnd->acpi_gpio_map);
847 } else {
848 data = of_device_get_match_data(dev);
849 if (!data)
850 return -ENODEV;
851
852 h5->vnd = data->vnd;
853 }
854
855 if (data->driver_info & H5_INFO_WAKEUP_DISABLE)
856 set_bit(H5_WAKEUP_DISABLE, &h5->flags);
857
858 h5->enable_gpio = devm_gpiod_get_optional(dev, "enable", GPIOD_OUT_LOW);
859 if (IS_ERR(h5->enable_gpio))
860 return PTR_ERR(h5->enable_gpio);
861
862 h5->device_wake_gpio = devm_gpiod_get_optional(dev, "device-wake",
863 GPIOD_OUT_LOW);
864 if (IS_ERR(h5->device_wake_gpio))
865 return PTR_ERR(h5->device_wake_gpio);
866
867 return hci_uart_register_device_priv(&h5->serdev_hu, &h5p,
868 h5->vnd->sizeof_priv);
869}
870
871static void h5_serdev_remove(struct serdev_device *serdev)
872{
873 struct h5 *h5 = serdev_device_get_drvdata(serdev);
874
875 hci_uart_unregister_device(&h5->serdev_hu);
876}
877
878static int __maybe_unused h5_serdev_suspend(struct device *dev)
879{
880 struct h5 *h5 = dev_get_drvdata(dev);
881 int ret = 0;
882
883 if (h5->vnd && h5->vnd->suspend)
884 ret = h5->vnd->suspend(h5);
885
886 return ret;
887}
888
889static int __maybe_unused h5_serdev_resume(struct device *dev)
890{
891 struct h5 *h5 = dev_get_drvdata(dev);
892 int ret = 0;
893
894 if (h5->vnd && h5->vnd->resume)
895 ret = h5->vnd->resume(h5);
896
897 return ret;
898}
899
900#ifdef CONFIG_BT_HCIUART_RTL
901static int h5_btrtl_setup(struct h5 *h5)
902{
903 struct btrtl_device_info *btrtl_dev;
904 struct sk_buff *skb;
905 __le32 baudrate_data;
906 u32 device_baudrate;
907 unsigned int controller_baudrate;
908 bool flow_control;
909 int err;
910
911 btrtl_dev = btrtl_initialize(h5->hu->hdev, h5->id);
912 if (IS_ERR(btrtl_dev))
913 return PTR_ERR(btrtl_dev);
914
915 err = btrtl_get_uart_settings(h5->hu->hdev, btrtl_dev,
916 &controller_baudrate, &device_baudrate,
917 &flow_control);
918 if (err)
919 goto out_free;
920
921 baudrate_data = cpu_to_le32(device_baudrate);
922 skb = __hci_cmd_sync(h5->hu->hdev, 0xfc17, sizeof(baudrate_data),
923 &baudrate_data, HCI_INIT_TIMEOUT);
924 if (IS_ERR(skb)) {
925 rtl_dev_err(h5->hu->hdev, "set baud rate command failed\n");
926 err = PTR_ERR(skb);
927 goto out_free;
928 } else {
929 kfree_skb(skb);
930 }
931 /* Give the device some time to set up the new baudrate. */
932 usleep_range(10000, 20000);
933
934 serdev_device_set_baudrate(h5->hu->serdev, controller_baudrate);
935 serdev_device_set_flow_control(h5->hu->serdev, flow_control);
936
937 if (flow_control)
938 set_bit(H5_HW_FLOW_CONTROL, &h5->flags);
939
940 err = btrtl_download_firmware(h5->hu->hdev, btrtl_dev);
941 /* Give the device some time before the hci-core sends it a reset */
942 usleep_range(10000, 20000);
943 if (err)
944 goto out_free;
945
946 btrtl_set_quirks(h5->hu->hdev, btrtl_dev);
947
948out_free:
949 btrtl_free(btrtl_dev);
950
951 return err;
952}
953
954static void h5_btrtl_open(struct h5 *h5)
955{
956 /*
957 * Since h5_btrtl_resume() does a device_reprobe() the suspend handling
958 * done by the hci_suspend_notifier is not necessary; it actually causes
959 * delays and a bunch of errors to get logged, so disable it.
960 */
961 if (test_bit(H5_WAKEUP_DISABLE, &h5->flags))
962 set_bit(HCI_UART_NO_SUSPEND_NOTIFIER, &h5->hu->flags);
963
964 /* Devices always start with these fixed parameters */
965 serdev_device_set_flow_control(h5->hu->serdev, false);
966 serdev_device_set_parity(h5->hu->serdev, SERDEV_PARITY_EVEN);
967 serdev_device_set_baudrate(h5->hu->serdev, 115200);
968
969 if (!test_bit(H5_WAKEUP_DISABLE, &h5->flags)) {
970 pm_runtime_set_active(&h5->hu->serdev->dev);
971 pm_runtime_use_autosuspend(&h5->hu->serdev->dev);
972 pm_runtime_set_autosuspend_delay(&h5->hu->serdev->dev,
973 SUSPEND_TIMEOUT_MS);
974 pm_runtime_enable(&h5->hu->serdev->dev);
975 }
976
977 /* The controller needs reset to startup */
978 gpiod_set_value_cansleep(h5->enable_gpio, 0);
979 gpiod_set_value_cansleep(h5->device_wake_gpio, 0);
980 msleep(100);
981
982 /* The controller needs up to 500ms to wakeup */
983 gpiod_set_value_cansleep(h5->enable_gpio, 1);
984 gpiod_set_value_cansleep(h5->device_wake_gpio, 1);
985 msleep(500);
986}
987
988static void h5_btrtl_close(struct h5 *h5)
989{
990 if (!test_bit(H5_WAKEUP_DISABLE, &h5->flags))
991 pm_runtime_disable(&h5->hu->serdev->dev);
992
993 gpiod_set_value_cansleep(h5->device_wake_gpio, 0);
994 gpiod_set_value_cansleep(h5->enable_gpio, 0);
995}
996
997/* Suspend/resume support. On many devices the RTL BT device loses power during
998 * suspend/resume, causing it to lose its firmware and all state. So we simply
999 * turn it off on suspend and reprobe on resume. This mirrors how RTL devices
1000 * are handled in the USB driver, where the BTUSB_WAKEUP_DISABLE is used which
1001 * also causes a reprobe on resume.
1002 */
1003static int h5_btrtl_suspend(struct h5 *h5)
1004{
1005 serdev_device_set_flow_control(h5->hu->serdev, false);
1006 gpiod_set_value_cansleep(h5->device_wake_gpio, 0);
1007
1008 if (test_bit(H5_WAKEUP_DISABLE, &h5->flags))
1009 gpiod_set_value_cansleep(h5->enable_gpio, 0);
1010
1011 return 0;
1012}
1013
1014struct h5_btrtl_reprobe {
1015 struct device *dev;
1016 struct work_struct work;
1017};
1018
1019static void h5_btrtl_reprobe_worker(struct work_struct *work)
1020{
1021 struct h5_btrtl_reprobe *reprobe =
1022 container_of(work, struct h5_btrtl_reprobe, work);
1023 int ret;
1024
1025 ret = device_reprobe(reprobe->dev);
1026 if (ret && ret != -EPROBE_DEFER)
1027 dev_err(reprobe->dev, "Reprobe error %d\n", ret);
1028
1029 put_device(reprobe->dev);
1030 kfree(reprobe);
1031 module_put(THIS_MODULE);
1032}
1033
1034static int h5_btrtl_resume(struct h5 *h5)
1035{
1036 if (test_bit(H5_WAKEUP_DISABLE, &h5->flags)) {
1037 struct h5_btrtl_reprobe *reprobe;
1038
1039 reprobe = kzalloc(sizeof(*reprobe), GFP_KERNEL);
1040 if (!reprobe)
1041 return -ENOMEM;
1042
1043 __module_get(THIS_MODULE);
1044
1045 INIT_WORK(&reprobe->work, h5_btrtl_reprobe_worker);
1046 reprobe->dev = get_device(&h5->hu->serdev->dev);
1047 queue_work(system_long_wq, &reprobe->work);
1048 } else {
1049 gpiod_set_value_cansleep(h5->device_wake_gpio, 1);
1050
1051 if (test_bit(H5_HW_FLOW_CONTROL, &h5->flags))
1052 serdev_device_set_flow_control(h5->hu->serdev, true);
1053 }
1054
1055 return 0;
1056}
1057
1058static const struct acpi_gpio_params btrtl_device_wake_gpios = { 0, 0, false };
1059static const struct acpi_gpio_params btrtl_enable_gpios = { 1, 0, false };
1060static const struct acpi_gpio_params btrtl_host_wake_gpios = { 2, 0, false };
1061static const struct acpi_gpio_mapping acpi_btrtl_gpios[] = {
1062 { "device-wake-gpios", &btrtl_device_wake_gpios, 1 },
1063 { "enable-gpios", &btrtl_enable_gpios, 1 },
1064 { "host-wake-gpios", &btrtl_host_wake_gpios, 1 },
1065 {},
1066};
1067
1068static struct h5_vnd rtl_vnd = {
1069 .setup = h5_btrtl_setup,
1070 .open = h5_btrtl_open,
1071 .close = h5_btrtl_close,
1072 .suspend = h5_btrtl_suspend,
1073 .resume = h5_btrtl_resume,
1074 .acpi_gpio_map = acpi_btrtl_gpios,
1075 .sizeof_priv = sizeof(struct btrealtek_data),
1076};
1077
1078static const struct h5_device_data h5_data_rtl8822cs = {
1079 .vnd = &rtl_vnd,
1080};
1081
1082static const struct h5_device_data h5_data_rtl8723bs = {
1083 .driver_info = H5_INFO_WAKEUP_DISABLE,
1084 .vnd = &rtl_vnd,
1085};
1086#endif
1087
1088#ifdef CONFIG_ACPI
1089static const struct acpi_device_id h5_acpi_match[] = {
1090#ifdef CONFIG_BT_HCIUART_RTL
1091 { "OBDA0623", (kernel_ulong_t)&h5_data_rtl8723bs },
1092 { "OBDA8723", (kernel_ulong_t)&h5_data_rtl8723bs },
1093#endif
1094 { },
1095};
1096MODULE_DEVICE_TABLE(acpi, h5_acpi_match);
1097#endif
1098
1099static const struct dev_pm_ops h5_serdev_pm_ops = {
1100 SET_SYSTEM_SLEEP_PM_OPS(h5_serdev_suspend, h5_serdev_resume)
1101 SET_RUNTIME_PM_OPS(h5_serdev_suspend, h5_serdev_resume, NULL)
1102};
1103
1104static const struct of_device_id rtl_bluetooth_of_match[] = {
1105#ifdef CONFIG_BT_HCIUART_RTL
1106 { .compatible = "realtek,rtl8822cs-bt",
1107 .data = (const void *)&h5_data_rtl8822cs },
1108 { .compatible = "realtek,rtl8723bs-bt",
1109 .data = (const void *)&h5_data_rtl8723bs },
1110 { .compatible = "realtek,rtl8723cs-bt",
1111 .data = (const void *)&h5_data_rtl8723bs },
1112 { .compatible = "realtek,rtl8723ds-bt",
1113 .data = (const void *)&h5_data_rtl8723bs },
1114#endif
1115 { },
1116};
1117MODULE_DEVICE_TABLE(of, rtl_bluetooth_of_match);
1118
1119static struct serdev_device_driver h5_serdev_driver = {
1120 .probe = h5_serdev_probe,
1121 .remove = h5_serdev_remove,
1122 .driver = {
1123 .name = "hci_uart_h5",
1124 .acpi_match_table = ACPI_PTR(h5_acpi_match),
1125 .pm = &h5_serdev_pm_ops,
1126 .of_match_table = rtl_bluetooth_of_match,
1127 },
1128};
1129
1130int __init h5_init(void)
1131{
1132 serdev_device_driver_register(&h5_serdev_driver);
1133 return hci_uart_register_proto(&h5p);
1134}
1135
1136int __exit h5_deinit(void)
1137{
1138 serdev_device_driver_unregister(&h5_serdev_driver);
1139 return hci_uart_unregister_proto(&h5p);
1140}
1/*
2 *
3 * Bluetooth HCI Three-wire UART driver
4 *
5 * Copyright (C) 2012 Intel Corporation
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24#include <linux/kernel.h>
25#include <linux/errno.h>
26#include <linux/skbuff.h>
27
28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30
31#include "hci_uart.h"
32
33#define HCI_3WIRE_ACK_PKT 0
34#define HCI_3WIRE_LINK_PKT 15
35
36/* Sliding window size */
37#define H5_TX_WIN_MAX 4
38
39#define H5_ACK_TIMEOUT msecs_to_jiffies(250)
40#define H5_SYNC_TIMEOUT msecs_to_jiffies(100)
41
42/*
43 * Maximum Three-wire packet:
44 * 4 byte header + max value for 12-bit length + 2 bytes for CRC
45 */
46#define H5_MAX_LEN (4 + 0xfff + 2)
47
48/* Convenience macros for reading Three-wire header values */
49#define H5_HDR_SEQ(hdr) ((hdr)[0] & 0x07)
50#define H5_HDR_ACK(hdr) (((hdr)[0] >> 3) & 0x07)
51#define H5_HDR_CRC(hdr) (((hdr)[0] >> 6) & 0x01)
52#define H5_HDR_RELIABLE(hdr) (((hdr)[0] >> 7) & 0x01)
53#define H5_HDR_PKT_TYPE(hdr) ((hdr)[1] & 0x0f)
54#define H5_HDR_LEN(hdr) ((((hdr)[1] >> 4) & 0x0f) + ((hdr)[2] << 4))
55
56#define SLIP_DELIMITER 0xc0
57#define SLIP_ESC 0xdb
58#define SLIP_ESC_DELIM 0xdc
59#define SLIP_ESC_ESC 0xdd
60
61/* H5 state flags */
62enum {
63 H5_RX_ESC, /* SLIP escape mode */
64 H5_TX_ACK_REQ, /* Pending ack to send */
65};
66
67struct h5 {
68 struct sk_buff_head unack; /* Unack'ed packets queue */
69 struct sk_buff_head rel; /* Reliable packets queue */
70 struct sk_buff_head unrel; /* Unreliable packets queue */
71
72 unsigned long flags;
73
74 struct sk_buff *rx_skb; /* Receive buffer */
75 size_t rx_pending; /* Expecting more bytes */
76 u8 rx_ack; /* Last ack number received */
77
78 int (*rx_func)(struct hci_uart *hu, u8 c);
79
80 struct timer_list timer; /* Retransmission timer */
81
82 u8 tx_seq; /* Next seq number to send */
83 u8 tx_ack; /* Next ack number to send */
84 u8 tx_win; /* Sliding window size */
85
86 enum {
87 H5_UNINITIALIZED,
88 H5_INITIALIZED,
89 H5_ACTIVE,
90 } state;
91
92 enum {
93 H5_AWAKE,
94 H5_SLEEPING,
95 H5_WAKING_UP,
96 } sleep;
97};
98
99static void h5_reset_rx(struct h5 *h5);
100
101static void h5_link_control(struct hci_uart *hu, const void *data, size_t len)
102{
103 struct h5 *h5 = hu->priv;
104 struct sk_buff *nskb;
105
106 nskb = alloc_skb(3, GFP_ATOMIC);
107 if (!nskb)
108 return;
109
110 hci_skb_pkt_type(nskb) = HCI_3WIRE_LINK_PKT;
111
112 memcpy(skb_put(nskb, len), data, len);
113
114 skb_queue_tail(&h5->unrel, nskb);
115}
116
117static u8 h5_cfg_field(struct h5 *h5)
118{
119 /* Sliding window size (first 3 bits) */
120 return h5->tx_win & 0x07;
121}
122
123static void h5_timed_event(unsigned long arg)
124{
125 const unsigned char sync_req[] = { 0x01, 0x7e };
126 unsigned char conf_req[3] = { 0x03, 0xfc };
127 struct hci_uart *hu = (struct hci_uart *)arg;
128 struct h5 *h5 = hu->priv;
129 struct sk_buff *skb;
130 unsigned long flags;
131
132 BT_DBG("%s", hu->hdev->name);
133
134 if (h5->state == H5_UNINITIALIZED)
135 h5_link_control(hu, sync_req, sizeof(sync_req));
136
137 if (h5->state == H5_INITIALIZED) {
138 conf_req[2] = h5_cfg_field(h5);
139 h5_link_control(hu, conf_req, sizeof(conf_req));
140 }
141
142 if (h5->state != H5_ACTIVE) {
143 mod_timer(&h5->timer, jiffies + H5_SYNC_TIMEOUT);
144 goto wakeup;
145 }
146
147 if (h5->sleep != H5_AWAKE) {
148 h5->sleep = H5_SLEEPING;
149 goto wakeup;
150 }
151
152 BT_DBG("hu %p retransmitting %u pkts", hu, h5->unack.qlen);
153
154 spin_lock_irqsave_nested(&h5->unack.lock, flags, SINGLE_DEPTH_NESTING);
155
156 while ((skb = __skb_dequeue_tail(&h5->unack)) != NULL) {
157 h5->tx_seq = (h5->tx_seq - 1) & 0x07;
158 skb_queue_head(&h5->rel, skb);
159 }
160
161 spin_unlock_irqrestore(&h5->unack.lock, flags);
162
163wakeup:
164 hci_uart_tx_wakeup(hu);
165}
166
167static void h5_peer_reset(struct hci_uart *hu)
168{
169 struct h5 *h5 = hu->priv;
170
171 BT_ERR("Peer device has reset");
172
173 h5->state = H5_UNINITIALIZED;
174
175 del_timer(&h5->timer);
176
177 skb_queue_purge(&h5->rel);
178 skb_queue_purge(&h5->unrel);
179 skb_queue_purge(&h5->unack);
180
181 h5->tx_seq = 0;
182 h5->tx_ack = 0;
183
184 /* Send reset request to upper stack */
185 hci_reset_dev(hu->hdev);
186}
187
188static int h5_open(struct hci_uart *hu)
189{
190 struct h5 *h5;
191 const unsigned char sync[] = { 0x01, 0x7e };
192
193 BT_DBG("hu %p", hu);
194
195 h5 = kzalloc(sizeof(*h5), GFP_KERNEL);
196 if (!h5)
197 return -ENOMEM;
198
199 hu->priv = h5;
200
201 skb_queue_head_init(&h5->unack);
202 skb_queue_head_init(&h5->rel);
203 skb_queue_head_init(&h5->unrel);
204
205 h5_reset_rx(h5);
206
207 setup_timer(&h5->timer, h5_timed_event, (unsigned long)hu);
208
209 h5->tx_win = H5_TX_WIN_MAX;
210
211 set_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags);
212
213 /* Send initial sync request */
214 h5_link_control(hu, sync, sizeof(sync));
215 mod_timer(&h5->timer, jiffies + H5_SYNC_TIMEOUT);
216
217 return 0;
218}
219
220static int h5_close(struct hci_uart *hu)
221{
222 struct h5 *h5 = hu->priv;
223
224 del_timer_sync(&h5->timer);
225
226 skb_queue_purge(&h5->unack);
227 skb_queue_purge(&h5->rel);
228 skb_queue_purge(&h5->unrel);
229
230 kfree(h5);
231
232 return 0;
233}
234
235static void h5_pkt_cull(struct h5 *h5)
236{
237 struct sk_buff *skb, *tmp;
238 unsigned long flags;
239 int i, to_remove;
240 u8 seq;
241
242 spin_lock_irqsave(&h5->unack.lock, flags);
243
244 to_remove = skb_queue_len(&h5->unack);
245 if (to_remove == 0)
246 goto unlock;
247
248 seq = h5->tx_seq;
249
250 while (to_remove > 0) {
251 if (h5->rx_ack == seq)
252 break;
253
254 to_remove--;
255 seq = (seq - 1) & 0x07;
256 }
257
258 if (seq != h5->rx_ack)
259 BT_ERR("Controller acked invalid packet");
260
261 i = 0;
262 skb_queue_walk_safe(&h5->unack, skb, tmp) {
263 if (i++ >= to_remove)
264 break;
265
266 __skb_unlink(skb, &h5->unack);
267 kfree_skb(skb);
268 }
269
270 if (skb_queue_empty(&h5->unack))
271 del_timer(&h5->timer);
272
273unlock:
274 spin_unlock_irqrestore(&h5->unack.lock, flags);
275}
276
277static void h5_handle_internal_rx(struct hci_uart *hu)
278{
279 struct h5 *h5 = hu->priv;
280 const unsigned char sync_req[] = { 0x01, 0x7e };
281 const unsigned char sync_rsp[] = { 0x02, 0x7d };
282 unsigned char conf_req[3] = { 0x03, 0xfc };
283 const unsigned char conf_rsp[] = { 0x04, 0x7b };
284 const unsigned char wakeup_req[] = { 0x05, 0xfa };
285 const unsigned char woken_req[] = { 0x06, 0xf9 };
286 const unsigned char sleep_req[] = { 0x07, 0x78 };
287 const unsigned char *hdr = h5->rx_skb->data;
288 const unsigned char *data = &h5->rx_skb->data[4];
289
290 BT_DBG("%s", hu->hdev->name);
291
292 if (H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT)
293 return;
294
295 if (H5_HDR_LEN(hdr) < 2)
296 return;
297
298 conf_req[2] = h5_cfg_field(h5);
299
300 if (memcmp(data, sync_req, 2) == 0) {
301 if (h5->state == H5_ACTIVE)
302 h5_peer_reset(hu);
303 h5_link_control(hu, sync_rsp, 2);
304 } else if (memcmp(data, sync_rsp, 2) == 0) {
305 if (h5->state == H5_ACTIVE)
306 h5_peer_reset(hu);
307 h5->state = H5_INITIALIZED;
308 h5_link_control(hu, conf_req, 3);
309 } else if (memcmp(data, conf_req, 2) == 0) {
310 h5_link_control(hu, conf_rsp, 2);
311 h5_link_control(hu, conf_req, 3);
312 } else if (memcmp(data, conf_rsp, 2) == 0) {
313 if (H5_HDR_LEN(hdr) > 2)
314 h5->tx_win = (data[2] & 0x07);
315 BT_DBG("Three-wire init complete. tx_win %u", h5->tx_win);
316 h5->state = H5_ACTIVE;
317 hci_uart_init_ready(hu);
318 return;
319 } else if (memcmp(data, sleep_req, 2) == 0) {
320 BT_DBG("Peer went to sleep");
321 h5->sleep = H5_SLEEPING;
322 return;
323 } else if (memcmp(data, woken_req, 2) == 0) {
324 BT_DBG("Peer woke up");
325 h5->sleep = H5_AWAKE;
326 } else if (memcmp(data, wakeup_req, 2) == 0) {
327 BT_DBG("Peer requested wakeup");
328 h5_link_control(hu, woken_req, 2);
329 h5->sleep = H5_AWAKE;
330 } else {
331 BT_DBG("Link Control: 0x%02hhx 0x%02hhx", data[0], data[1]);
332 return;
333 }
334
335 hci_uart_tx_wakeup(hu);
336}
337
338static void h5_complete_rx_pkt(struct hci_uart *hu)
339{
340 struct h5 *h5 = hu->priv;
341 const unsigned char *hdr = h5->rx_skb->data;
342
343 if (H5_HDR_RELIABLE(hdr)) {
344 h5->tx_ack = (h5->tx_ack + 1) % 8;
345 set_bit(H5_TX_ACK_REQ, &h5->flags);
346 hci_uart_tx_wakeup(hu);
347 }
348
349 h5->rx_ack = H5_HDR_ACK(hdr);
350
351 h5_pkt_cull(h5);
352
353 switch (H5_HDR_PKT_TYPE(hdr)) {
354 case HCI_EVENT_PKT:
355 case HCI_ACLDATA_PKT:
356 case HCI_SCODATA_PKT:
357 hci_skb_pkt_type(h5->rx_skb) = H5_HDR_PKT_TYPE(hdr);
358
359 /* Remove Three-wire header */
360 skb_pull(h5->rx_skb, 4);
361
362 hci_recv_frame(hu->hdev, h5->rx_skb);
363 h5->rx_skb = NULL;
364
365 break;
366
367 default:
368 h5_handle_internal_rx(hu);
369 break;
370 }
371
372 h5_reset_rx(h5);
373}
374
375static int h5_rx_crc(struct hci_uart *hu, unsigned char c)
376{
377 h5_complete_rx_pkt(hu);
378
379 return 0;
380}
381
382static int h5_rx_payload(struct hci_uart *hu, unsigned char c)
383{
384 struct h5 *h5 = hu->priv;
385 const unsigned char *hdr = h5->rx_skb->data;
386
387 if (H5_HDR_CRC(hdr)) {
388 h5->rx_func = h5_rx_crc;
389 h5->rx_pending = 2;
390 } else {
391 h5_complete_rx_pkt(hu);
392 }
393
394 return 0;
395}
396
397static int h5_rx_3wire_hdr(struct hci_uart *hu, unsigned char c)
398{
399 struct h5 *h5 = hu->priv;
400 const unsigned char *hdr = h5->rx_skb->data;
401
402 BT_DBG("%s rx: seq %u ack %u crc %u rel %u type %u len %u",
403 hu->hdev->name, H5_HDR_SEQ(hdr), H5_HDR_ACK(hdr),
404 H5_HDR_CRC(hdr), H5_HDR_RELIABLE(hdr), H5_HDR_PKT_TYPE(hdr),
405 H5_HDR_LEN(hdr));
406
407 if (((hdr[0] + hdr[1] + hdr[2] + hdr[3]) & 0xff) != 0xff) {
408 BT_ERR("Invalid header checksum");
409 h5_reset_rx(h5);
410 return 0;
411 }
412
413 if (H5_HDR_RELIABLE(hdr) && H5_HDR_SEQ(hdr) != h5->tx_ack) {
414 BT_ERR("Out-of-order packet arrived (%u != %u)",
415 H5_HDR_SEQ(hdr), h5->tx_ack);
416 h5_reset_rx(h5);
417 return 0;
418 }
419
420 if (h5->state != H5_ACTIVE &&
421 H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT) {
422 BT_ERR("Non-link packet received in non-active state");
423 h5_reset_rx(h5);
424 return 0;
425 }
426
427 h5->rx_func = h5_rx_payload;
428 h5->rx_pending = H5_HDR_LEN(hdr);
429
430 return 0;
431}
432
433static int h5_rx_pkt_start(struct hci_uart *hu, unsigned char c)
434{
435 struct h5 *h5 = hu->priv;
436
437 if (c == SLIP_DELIMITER)
438 return 1;
439
440 h5->rx_func = h5_rx_3wire_hdr;
441 h5->rx_pending = 4;
442
443 h5->rx_skb = bt_skb_alloc(H5_MAX_LEN, GFP_ATOMIC);
444 if (!h5->rx_skb) {
445 BT_ERR("Can't allocate mem for new packet");
446 h5_reset_rx(h5);
447 return -ENOMEM;
448 }
449
450 h5->rx_skb->dev = (void *)hu->hdev;
451
452 return 0;
453}
454
455static int h5_rx_delimiter(struct hci_uart *hu, unsigned char c)
456{
457 struct h5 *h5 = hu->priv;
458
459 if (c == SLIP_DELIMITER)
460 h5->rx_func = h5_rx_pkt_start;
461
462 return 1;
463}
464
465static void h5_unslip_one_byte(struct h5 *h5, unsigned char c)
466{
467 const u8 delim = SLIP_DELIMITER, esc = SLIP_ESC;
468 const u8 *byte = &c;
469
470 if (!test_bit(H5_RX_ESC, &h5->flags) && c == SLIP_ESC) {
471 set_bit(H5_RX_ESC, &h5->flags);
472 return;
473 }
474
475 if (test_and_clear_bit(H5_RX_ESC, &h5->flags)) {
476 switch (c) {
477 case SLIP_ESC_DELIM:
478 byte = &delim;
479 break;
480 case SLIP_ESC_ESC:
481 byte = &esc;
482 break;
483 default:
484 BT_ERR("Invalid esc byte 0x%02hhx", c);
485 h5_reset_rx(h5);
486 return;
487 }
488 }
489
490 memcpy(skb_put(h5->rx_skb, 1), byte, 1);
491 h5->rx_pending--;
492
493 BT_DBG("unsliped 0x%02hhx, rx_pending %zu", *byte, h5->rx_pending);
494}
495
496static void h5_reset_rx(struct h5 *h5)
497{
498 if (h5->rx_skb) {
499 kfree_skb(h5->rx_skb);
500 h5->rx_skb = NULL;
501 }
502
503 h5->rx_func = h5_rx_delimiter;
504 h5->rx_pending = 0;
505 clear_bit(H5_RX_ESC, &h5->flags);
506}
507
508static int h5_recv(struct hci_uart *hu, const void *data, int count)
509{
510 struct h5 *h5 = hu->priv;
511 const unsigned char *ptr = data;
512
513 BT_DBG("%s pending %zu count %d", hu->hdev->name, h5->rx_pending,
514 count);
515
516 while (count > 0) {
517 int processed;
518
519 if (h5->rx_pending > 0) {
520 if (*ptr == SLIP_DELIMITER) {
521 BT_ERR("Too short H5 packet");
522 h5_reset_rx(h5);
523 continue;
524 }
525
526 h5_unslip_one_byte(h5, *ptr);
527
528 ptr++; count--;
529 continue;
530 }
531
532 processed = h5->rx_func(hu, *ptr);
533 if (processed < 0)
534 return processed;
535
536 ptr += processed;
537 count -= processed;
538 }
539
540 return 0;
541}
542
543static int h5_enqueue(struct hci_uart *hu, struct sk_buff *skb)
544{
545 struct h5 *h5 = hu->priv;
546
547 if (skb->len > 0xfff) {
548 BT_ERR("Packet too long (%u bytes)", skb->len);
549 kfree_skb(skb);
550 return 0;
551 }
552
553 if (h5->state != H5_ACTIVE) {
554 BT_ERR("Ignoring HCI data in non-active state");
555 kfree_skb(skb);
556 return 0;
557 }
558
559 switch (hci_skb_pkt_type(skb)) {
560 case HCI_ACLDATA_PKT:
561 case HCI_COMMAND_PKT:
562 skb_queue_tail(&h5->rel, skb);
563 break;
564
565 case HCI_SCODATA_PKT:
566 skb_queue_tail(&h5->unrel, skb);
567 break;
568
569 default:
570 BT_ERR("Unknown packet type %u", hci_skb_pkt_type(skb));
571 kfree_skb(skb);
572 break;
573 }
574
575 return 0;
576}
577
578static void h5_slip_delim(struct sk_buff *skb)
579{
580 const char delim = SLIP_DELIMITER;
581
582 memcpy(skb_put(skb, 1), &delim, 1);
583}
584
585static void h5_slip_one_byte(struct sk_buff *skb, u8 c)
586{
587 const char esc_delim[2] = { SLIP_ESC, SLIP_ESC_DELIM };
588 const char esc_esc[2] = { SLIP_ESC, SLIP_ESC_ESC };
589
590 switch (c) {
591 case SLIP_DELIMITER:
592 memcpy(skb_put(skb, 2), &esc_delim, 2);
593 break;
594 case SLIP_ESC:
595 memcpy(skb_put(skb, 2), &esc_esc, 2);
596 break;
597 default:
598 memcpy(skb_put(skb, 1), &c, 1);
599 }
600}
601
602static bool valid_packet_type(u8 type)
603{
604 switch (type) {
605 case HCI_ACLDATA_PKT:
606 case HCI_COMMAND_PKT:
607 case HCI_SCODATA_PKT:
608 case HCI_3WIRE_LINK_PKT:
609 case HCI_3WIRE_ACK_PKT:
610 return true;
611 default:
612 return false;
613 }
614}
615
616static struct sk_buff *h5_prepare_pkt(struct hci_uart *hu, u8 pkt_type,
617 const u8 *data, size_t len)
618{
619 struct h5 *h5 = hu->priv;
620 struct sk_buff *nskb;
621 u8 hdr[4];
622 int i;
623
624 if (!valid_packet_type(pkt_type)) {
625 BT_ERR("Unknown packet type %u", pkt_type);
626 return NULL;
627 }
628
629 /*
630 * Max len of packet: (original len + 4 (H5 hdr) + 2 (crc)) * 2
631 * (because bytes 0xc0 and 0xdb are escaped, worst case is when
632 * the packet is all made of 0xc0 and 0xdb) + 2 (0xc0
633 * delimiters at start and end).
634 */
635 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
636 if (!nskb)
637 return NULL;
638
639 hci_skb_pkt_type(nskb) = pkt_type;
640
641 h5_slip_delim(nskb);
642
643 hdr[0] = h5->tx_ack << 3;
644 clear_bit(H5_TX_ACK_REQ, &h5->flags);
645
646 /* Reliable packet? */
647 if (pkt_type == HCI_ACLDATA_PKT || pkt_type == HCI_COMMAND_PKT) {
648 hdr[0] |= 1 << 7;
649 hdr[0] |= h5->tx_seq;
650 h5->tx_seq = (h5->tx_seq + 1) % 8;
651 }
652
653 hdr[1] = pkt_type | ((len & 0x0f) << 4);
654 hdr[2] = len >> 4;
655 hdr[3] = ~((hdr[0] + hdr[1] + hdr[2]) & 0xff);
656
657 BT_DBG("%s tx: seq %u ack %u crc %u rel %u type %u len %u",
658 hu->hdev->name, H5_HDR_SEQ(hdr), H5_HDR_ACK(hdr),
659 H5_HDR_CRC(hdr), H5_HDR_RELIABLE(hdr), H5_HDR_PKT_TYPE(hdr),
660 H5_HDR_LEN(hdr));
661
662 for (i = 0; i < 4; i++)
663 h5_slip_one_byte(nskb, hdr[i]);
664
665 for (i = 0; i < len; i++)
666 h5_slip_one_byte(nskb, data[i]);
667
668 h5_slip_delim(nskb);
669
670 return nskb;
671}
672
673static struct sk_buff *h5_dequeue(struct hci_uart *hu)
674{
675 struct h5 *h5 = hu->priv;
676 unsigned long flags;
677 struct sk_buff *skb, *nskb;
678
679 if (h5->sleep != H5_AWAKE) {
680 const unsigned char wakeup_req[] = { 0x05, 0xfa };
681
682 if (h5->sleep == H5_WAKING_UP)
683 return NULL;
684
685 h5->sleep = H5_WAKING_UP;
686 BT_DBG("Sending wakeup request");
687
688 mod_timer(&h5->timer, jiffies + HZ / 100);
689 return h5_prepare_pkt(hu, HCI_3WIRE_LINK_PKT, wakeup_req, 2);
690 }
691
692 skb = skb_dequeue(&h5->unrel);
693 if (skb) {
694 nskb = h5_prepare_pkt(hu, hci_skb_pkt_type(skb),
695 skb->data, skb->len);
696 if (nskb) {
697 kfree_skb(skb);
698 return nskb;
699 }
700
701 skb_queue_head(&h5->unrel, skb);
702 BT_ERR("Could not dequeue pkt because alloc_skb failed");
703 }
704
705 spin_lock_irqsave_nested(&h5->unack.lock, flags, SINGLE_DEPTH_NESTING);
706
707 if (h5->unack.qlen >= h5->tx_win)
708 goto unlock;
709
710 skb = skb_dequeue(&h5->rel);
711 if (skb) {
712 nskb = h5_prepare_pkt(hu, hci_skb_pkt_type(skb),
713 skb->data, skb->len);
714 if (nskb) {
715 __skb_queue_tail(&h5->unack, skb);
716 mod_timer(&h5->timer, jiffies + H5_ACK_TIMEOUT);
717 spin_unlock_irqrestore(&h5->unack.lock, flags);
718 return nskb;
719 }
720
721 skb_queue_head(&h5->rel, skb);
722 BT_ERR("Could not dequeue pkt because alloc_skb failed");
723 }
724
725unlock:
726 spin_unlock_irqrestore(&h5->unack.lock, flags);
727
728 if (test_bit(H5_TX_ACK_REQ, &h5->flags))
729 return h5_prepare_pkt(hu, HCI_3WIRE_ACK_PKT, NULL, 0);
730
731 return NULL;
732}
733
734static int h5_flush(struct hci_uart *hu)
735{
736 BT_DBG("hu %p", hu);
737 return 0;
738}
739
740static const struct hci_uart_proto h5p = {
741 .id = HCI_UART_3WIRE,
742 .name = "Three-wire (H5)",
743 .open = h5_open,
744 .close = h5_close,
745 .recv = h5_recv,
746 .enqueue = h5_enqueue,
747 .dequeue = h5_dequeue,
748 .flush = h5_flush,
749};
750
751int __init h5_init(void)
752{
753 return hci_uart_register_proto(&h5p);
754}
755
756int __exit h5_deinit(void)
757{
758 return hci_uart_unregister_proto(&h5p);
759}