Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 *
4 * Bluetooth HCI UART driver
5 *
6 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
7 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
8 */
9
10#include <linux/module.h>
11
12#include <linux/kernel.h>
13#include <linux/init.h>
14#include <linux/types.h>
15#include <linux/fcntl.h>
16#include <linux/interrupt.h>
17#include <linux/ptrace.h>
18#include <linux/poll.h>
19
20#include <linux/slab.h>
21#include <linux/tty.h>
22#include <linux/errno.h>
23#include <linux/string.h>
24#include <linux/signal.h>
25#include <linux/ioctl.h>
26#include <linux/skbuff.h>
27#include <linux/bitrev.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32
33#include "hci_uart.h"
34
35static bool txcrc = true;
36static bool hciextn = true;
37
38#define BCSP_TXWINSIZE 4
39
40#define BCSP_ACK_PKT 0x05
41#define BCSP_LE_PKT 0x06
42
43struct bcsp_struct {
44 struct sk_buff_head unack; /* Unack'ed packets queue */
45 struct sk_buff_head rel; /* Reliable packets queue */
46 struct sk_buff_head unrel; /* Unreliable packets queue */
47
48 unsigned long rx_count;
49 struct sk_buff *rx_skb;
50 u8 rxseq_txack; /* rxseq == txack. */
51 u8 rxack; /* Last packet sent by us that the peer ack'ed */
52 struct timer_list tbcsp;
53 struct hci_uart *hu;
54
55 enum {
56 BCSP_W4_PKT_DELIMITER,
57 BCSP_W4_PKT_START,
58 BCSP_W4_BCSP_HDR,
59 BCSP_W4_DATA,
60 BCSP_W4_CRC
61 } rx_state;
62
63 enum {
64 BCSP_ESCSTATE_NOESC,
65 BCSP_ESCSTATE_ESC
66 } rx_esc_state;
67
68 u8 use_crc;
69 u16 message_crc;
70 u8 txack_req; /* Do we need to send ack's to the peer? */
71
72 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
73 u8 msgq_txseq;
74};
75
76/* ---- BCSP CRC calculation ---- */
77
78/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
79 * initial value 0xffff, bits shifted in reverse order.
80 */
81
82static const u16 crc_table[] = {
83 0x0000, 0x1081, 0x2102, 0x3183,
84 0x4204, 0x5285, 0x6306, 0x7387,
85 0x8408, 0x9489, 0xa50a, 0xb58b,
86 0xc60c, 0xd68d, 0xe70e, 0xf78f
87};
88
89/* Initialise the crc calculator */
90#define BCSP_CRC_INIT(x) x = 0xffff
91
92/* Update crc with next data byte
93 *
94 * Implementation note
95 * The data byte is treated as two nibbles. The crc is generated
96 * in reverse, i.e., bits are fed into the register from the top.
97 */
98static void bcsp_crc_update(u16 *crc, u8 d)
99{
100 u16 reg = *crc;
101
102 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
103 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
104
105 *crc = reg;
106}
107
108/* ---- BCSP core ---- */
109
110static void bcsp_slip_msgdelim(struct sk_buff *skb)
111{
112 const char pkt_delim = 0xc0;
113
114 skb_put_data(skb, &pkt_delim, 1);
115}
116
117static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
118{
119 const char esc_c0[2] = { 0xdb, 0xdc };
120 const char esc_db[2] = { 0xdb, 0xdd };
121
122 switch (c) {
123 case 0xc0:
124 skb_put_data(skb, &esc_c0, 2);
125 break;
126 case 0xdb:
127 skb_put_data(skb, &esc_db, 2);
128 break;
129 default:
130 skb_put_data(skb, &c, 1);
131 }
132}
133
134static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
135{
136 struct bcsp_struct *bcsp = hu->priv;
137
138 if (skb->len > 0xFFF) {
139 BT_ERR("Packet too long");
140 kfree_skb(skb);
141 return 0;
142 }
143
144 switch (hci_skb_pkt_type(skb)) {
145 case HCI_ACLDATA_PKT:
146 case HCI_COMMAND_PKT:
147 skb_queue_tail(&bcsp->rel, skb);
148 break;
149
150 case HCI_SCODATA_PKT:
151 skb_queue_tail(&bcsp->unrel, skb);
152 break;
153
154 default:
155 BT_ERR("Unknown packet type");
156 kfree_skb(skb);
157 break;
158 }
159
160 return 0;
161}
162
163static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
164 int len, int pkt_type)
165{
166 struct sk_buff *nskb;
167 u8 hdr[4], chan;
168 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
169 int rel, i;
170
171 switch (pkt_type) {
172 case HCI_ACLDATA_PKT:
173 chan = 6; /* BCSP ACL channel */
174 rel = 1; /* reliable channel */
175 break;
176 case HCI_COMMAND_PKT:
177 chan = 5; /* BCSP cmd/evt channel */
178 rel = 1; /* reliable channel */
179 break;
180 case HCI_SCODATA_PKT:
181 chan = 7; /* BCSP SCO channel */
182 rel = 0; /* unreliable channel */
183 break;
184 case BCSP_LE_PKT:
185 chan = 1; /* BCSP LE channel */
186 rel = 0; /* unreliable channel */
187 break;
188 case BCSP_ACK_PKT:
189 chan = 0; /* BCSP internal channel */
190 rel = 0; /* unreliable channel */
191 break;
192 default:
193 BT_ERR("Unknown packet type");
194 return NULL;
195 }
196
197 if (hciextn && chan == 5) {
198 __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
199
200 /* Vendor specific commands */
201 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
202 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
203
204 if ((desc & 0xf0) == 0xc0) {
205 data += HCI_COMMAND_HDR_SIZE + 1;
206 len -= HCI_COMMAND_HDR_SIZE + 1;
207 chan = desc & 0x0f;
208 }
209 }
210 }
211
212 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
213 * (because bytes 0xc0 and 0xdb are escaped, worst case is
214 * when the packet is all made of 0xc0 and 0xdb :) )
215 * + 2 (0xc0 delimiters at start and end).
216 */
217
218 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
219 if (!nskb)
220 return NULL;
221
222 hci_skb_pkt_type(nskb) = pkt_type;
223
224 bcsp_slip_msgdelim(nskb);
225
226 hdr[0] = bcsp->rxseq_txack << 3;
227 bcsp->txack_req = 0;
228 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
229
230 if (rel) {
231 hdr[0] |= 0x80 + bcsp->msgq_txseq;
232 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
233 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
234 }
235
236 if (bcsp->use_crc)
237 hdr[0] |= 0x40;
238
239 hdr[1] = ((len << 4) & 0xff) | chan;
240 hdr[2] = len >> 4;
241 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
242
243 /* Put BCSP header */
244 for (i = 0; i < 4; i++) {
245 bcsp_slip_one_byte(nskb, hdr[i]);
246
247 if (bcsp->use_crc)
248 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
249 }
250
251 /* Put payload */
252 for (i = 0; i < len; i++) {
253 bcsp_slip_one_byte(nskb, data[i]);
254
255 if (bcsp->use_crc)
256 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
257 }
258
259 /* Put CRC */
260 if (bcsp->use_crc) {
261 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
262 bcsp_slip_one_byte(nskb, (u8)((bcsp_txmsg_crc >> 8) & 0x00ff));
263 bcsp_slip_one_byte(nskb, (u8)(bcsp_txmsg_crc & 0x00ff));
264 }
265
266 bcsp_slip_msgdelim(nskb);
267 return nskb;
268}
269
270/* This is a rewrite of pkt_avail in ABCSP */
271static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
272{
273 struct bcsp_struct *bcsp = hu->priv;
274 unsigned long flags;
275 struct sk_buff *skb;
276
277 /* First of all, check for unreliable messages in the queue,
278 * since they have priority
279 */
280
281 skb = skb_dequeue(&bcsp->unrel);
282 if (skb != NULL) {
283 struct sk_buff *nskb;
284
285 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
286 hci_skb_pkt_type(skb));
287 if (nskb) {
288 kfree_skb(skb);
289 return nskb;
290 } else {
291 skb_queue_head(&bcsp->unrel, skb);
292 BT_ERR("Could not dequeue pkt because alloc_skb failed");
293 }
294 }
295
296 /* Now, try to send a reliable pkt. We can only send a
297 * reliable packet if the number of packets sent but not yet ack'ed
298 * is < than the winsize
299 */
300
301 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
302
303 if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
304 skb = skb_dequeue(&bcsp->rel);
305 if (skb != NULL) {
306 struct sk_buff *nskb;
307
308 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
309 hci_skb_pkt_type(skb));
310 if (nskb) {
311 __skb_queue_tail(&bcsp->unack, skb);
312 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
313 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
314 return nskb;
315 } else {
316 skb_queue_head(&bcsp->rel, skb);
317 BT_ERR("Could not dequeue pkt because alloc_skb failed");
318 }
319 }
320 }
321
322 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
323
324 /* We could not send a reliable packet, either because there are
325 * none or because there are too many unack'ed pkts. Did we receive
326 * any packets we have not acknowledged yet ?
327 */
328
329 if (bcsp->txack_req) {
330 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
331 * channel 0
332 */
333 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
334 return nskb;
335 }
336
337 /* We have nothing to send */
338 return NULL;
339}
340
341static int bcsp_flush(struct hci_uart *hu)
342{
343 BT_DBG("hu %p", hu);
344 return 0;
345}
346
347/* Remove ack'ed packets */
348static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
349{
350 struct sk_buff *skb, *tmp;
351 unsigned long flags;
352 int i, pkts_to_be_removed;
353 u8 seqno;
354
355 spin_lock_irqsave(&bcsp->unack.lock, flags);
356
357 pkts_to_be_removed = skb_queue_len(&bcsp->unack);
358 seqno = bcsp->msgq_txseq;
359
360 while (pkts_to_be_removed) {
361 if (bcsp->rxack == seqno)
362 break;
363 pkts_to_be_removed--;
364 seqno = (seqno - 1) & 0x07;
365 }
366
367 if (bcsp->rxack != seqno)
368 BT_ERR("Peer acked invalid packet");
369
370 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
371 pkts_to_be_removed, skb_queue_len(&bcsp->unack),
372 (seqno - 1) & 0x07);
373
374 i = 0;
375 skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
376 if (i >= pkts_to_be_removed)
377 break;
378 i++;
379
380 __skb_unlink(skb, &bcsp->unack);
381 dev_kfree_skb_irq(skb);
382 }
383
384 if (skb_queue_empty(&bcsp->unack))
385 del_timer(&bcsp->tbcsp);
386
387 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
388
389 if (i != pkts_to_be_removed)
390 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
391}
392
393/* Handle BCSP link-establishment packets. When we
394 * detect a "sync" packet, symptom that the BT module has reset,
395 * we do nothing :) (yet)
396 */
397static void bcsp_handle_le_pkt(struct hci_uart *hu)
398{
399 struct bcsp_struct *bcsp = hu->priv;
400 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
401 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
402 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
403
404 /* spot "conf" pkts and reply with a "conf rsp" pkt */
405 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
406 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
407 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
408
409 BT_DBG("Found a LE conf pkt");
410 if (!nskb)
411 return;
412 skb_put_data(nskb, conf_rsp_pkt, 4);
413 hci_skb_pkt_type(nskb) = BCSP_LE_PKT;
414
415 skb_queue_head(&bcsp->unrel, nskb);
416 hci_uart_tx_wakeup(hu);
417 }
418 /* Spot "sync" pkts. If we find one...disaster! */
419 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
420 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
421 BT_ERR("Found a LE sync pkt, card has reset");
422 }
423}
424
425static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
426{
427 const u8 c0 = 0xc0, db = 0xdb;
428
429 switch (bcsp->rx_esc_state) {
430 case BCSP_ESCSTATE_NOESC:
431 switch (byte) {
432 case 0xdb:
433 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
434 break;
435 default:
436 skb_put_data(bcsp->rx_skb, &byte, 1);
437 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
438 bcsp->rx_state != BCSP_W4_CRC)
439 bcsp_crc_update(&bcsp->message_crc, byte);
440 bcsp->rx_count--;
441 }
442 break;
443
444 case BCSP_ESCSTATE_ESC:
445 switch (byte) {
446 case 0xdc:
447 skb_put_data(bcsp->rx_skb, &c0, 1);
448 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
449 bcsp->rx_state != BCSP_W4_CRC)
450 bcsp_crc_update(&bcsp->message_crc, 0xc0);
451 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
452 bcsp->rx_count--;
453 break;
454
455 case 0xdd:
456 skb_put_data(bcsp->rx_skb, &db, 1);
457 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
458 bcsp->rx_state != BCSP_W4_CRC)
459 bcsp_crc_update(&bcsp->message_crc, 0xdb);
460 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
461 bcsp->rx_count--;
462 break;
463
464 default:
465 BT_ERR("Invalid byte %02x after esc byte", byte);
466 kfree_skb(bcsp->rx_skb);
467 bcsp->rx_skb = NULL;
468 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
469 bcsp->rx_count = 0;
470 }
471 }
472}
473
474static void bcsp_complete_rx_pkt(struct hci_uart *hu)
475{
476 struct bcsp_struct *bcsp = hu->priv;
477 int pass_up = 0;
478
479 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
480 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
481
482 /* check the rx sequence number is as expected */
483 if ((bcsp->rx_skb->data[0] & 0x07) == bcsp->rxseq_txack) {
484 bcsp->rxseq_txack++;
485 bcsp->rxseq_txack %= 0x8;
486 } else {
487 /* handle re-transmitted packet or
488 * when packet was missed
489 */
490 BT_ERR("Out-of-order packet arrived, got %u expected %u",
491 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
492
493 /* do not process out-of-order packet payload */
494 pass_up = 2;
495 }
496
497 /* send current txack value to all received reliable packets */
498 bcsp->txack_req = 1;
499
500 /* If needed, transmit an ack pkt */
501 hci_uart_tx_wakeup(hu);
502 }
503
504 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
505 BT_DBG("Request for pkt %u from card", bcsp->rxack);
506
507 /* handle received ACK indications,
508 * including those from out-of-order packets
509 */
510 bcsp_pkt_cull(bcsp);
511
512 if (pass_up != 2) {
513 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
514 (bcsp->rx_skb->data[0] & 0x80)) {
515 hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT;
516 pass_up = 1;
517 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
518 (bcsp->rx_skb->data[0] & 0x80)) {
519 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
520 pass_up = 1;
521 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
522 hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT;
523 pass_up = 1;
524 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
525 !(bcsp->rx_skb->data[0] & 0x80)) {
526 bcsp_handle_le_pkt(hu);
527 pass_up = 0;
528 } else {
529 pass_up = 0;
530 }
531 }
532
533 if (pass_up == 0) {
534 struct hci_event_hdr hdr;
535 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
536
537 if (desc != 0 && desc != 1) {
538 if (hciextn) {
539 desc |= 0xc0;
540 skb_pull(bcsp->rx_skb, 4);
541 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
542
543 hdr.evt = 0xff;
544 hdr.plen = bcsp->rx_skb->len;
545 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
546 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
547
548 hci_recv_frame(hu->hdev, bcsp->rx_skb);
549 } else {
550 BT_ERR("Packet for unknown channel (%u %s)",
551 bcsp->rx_skb->data[1] & 0x0f,
552 bcsp->rx_skb->data[0] & 0x80 ?
553 "reliable" : "unreliable");
554 kfree_skb(bcsp->rx_skb);
555 }
556 } else
557 kfree_skb(bcsp->rx_skb);
558 } else if (pass_up == 1) {
559 /* Pull out BCSP hdr */
560 skb_pull(bcsp->rx_skb, 4);
561
562 hci_recv_frame(hu->hdev, bcsp->rx_skb);
563 } else {
564 /* ignore packet payload of already ACKed re-transmitted
565 * packets or when a packet was missed in the BCSP window
566 */
567 kfree_skb(bcsp->rx_skb);
568 }
569
570 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
571 bcsp->rx_skb = NULL;
572}
573
574static u16 bscp_get_crc(struct bcsp_struct *bcsp)
575{
576 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
577}
578
579/* Recv data */
580static int bcsp_recv(struct hci_uart *hu, const void *data, int count)
581{
582 struct bcsp_struct *bcsp = hu->priv;
583 const unsigned char *ptr;
584
585 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
586 hu, count, bcsp->rx_state, bcsp->rx_count);
587
588 ptr = data;
589 while (count) {
590 if (bcsp->rx_count) {
591 if (*ptr == 0xc0) {
592 BT_ERR("Short BCSP packet");
593 kfree_skb(bcsp->rx_skb);
594 bcsp->rx_skb = NULL;
595 bcsp->rx_state = BCSP_W4_PKT_START;
596 bcsp->rx_count = 0;
597 } else
598 bcsp_unslip_one_byte(bcsp, *ptr);
599
600 ptr++; count--;
601 continue;
602 }
603
604 switch (bcsp->rx_state) {
605 case BCSP_W4_BCSP_HDR:
606 if ((0xff & (u8)~(bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
607 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
608 BT_ERR("Error in BCSP hdr checksum");
609 kfree_skb(bcsp->rx_skb);
610 bcsp->rx_skb = NULL;
611 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
612 bcsp->rx_count = 0;
613 continue;
614 }
615 bcsp->rx_state = BCSP_W4_DATA;
616 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
617 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
618 continue;
619
620 case BCSP_W4_DATA:
621 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
622 bcsp->rx_state = BCSP_W4_CRC;
623 bcsp->rx_count = 2;
624 } else
625 bcsp_complete_rx_pkt(hu);
626 continue;
627
628 case BCSP_W4_CRC:
629 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
630 BT_ERR("Checksum failed: computed %04x received %04x",
631 bitrev16(bcsp->message_crc),
632 bscp_get_crc(bcsp));
633
634 kfree_skb(bcsp->rx_skb);
635 bcsp->rx_skb = NULL;
636 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
637 bcsp->rx_count = 0;
638 continue;
639 }
640 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
641 bcsp_complete_rx_pkt(hu);
642 continue;
643
644 case BCSP_W4_PKT_DELIMITER:
645 switch (*ptr) {
646 case 0xc0:
647 bcsp->rx_state = BCSP_W4_PKT_START;
648 break;
649 default:
650 /*BT_ERR("Ignoring byte %02x", *ptr);*/
651 break;
652 }
653 ptr++; count--;
654 break;
655
656 case BCSP_W4_PKT_START:
657 switch (*ptr) {
658 case 0xc0:
659 ptr++; count--;
660 break;
661
662 default:
663 bcsp->rx_state = BCSP_W4_BCSP_HDR;
664 bcsp->rx_count = 4;
665 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
666 BCSP_CRC_INIT(bcsp->message_crc);
667
668 /* Do not increment ptr or decrement count
669 * Allocate packet. Max len of a BCSP pkt=
670 * 0xFFF (payload) +4 (header) +2 (crc)
671 */
672
673 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
674 if (!bcsp->rx_skb) {
675 BT_ERR("Can't allocate mem for new packet");
676 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
677 bcsp->rx_count = 0;
678 return 0;
679 }
680 break;
681 }
682 break;
683 }
684 }
685 return count;
686}
687
688 /* Arrange to retransmit all messages in the relq. */
689static void bcsp_timed_event(struct timer_list *t)
690{
691 struct bcsp_struct *bcsp = from_timer(bcsp, t, tbcsp);
692 struct hci_uart *hu = bcsp->hu;
693 struct sk_buff *skb;
694 unsigned long flags;
695
696 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
697
698 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
699
700 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
701 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
702 skb_queue_head(&bcsp->rel, skb);
703 }
704
705 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
706
707 hci_uart_tx_wakeup(hu);
708}
709
710static int bcsp_open(struct hci_uart *hu)
711{
712 struct bcsp_struct *bcsp;
713
714 BT_DBG("hu %p", hu);
715
716 bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
717 if (!bcsp)
718 return -ENOMEM;
719
720 hu->priv = bcsp;
721 bcsp->hu = hu;
722 skb_queue_head_init(&bcsp->unack);
723 skb_queue_head_init(&bcsp->rel);
724 skb_queue_head_init(&bcsp->unrel);
725
726 timer_setup(&bcsp->tbcsp, bcsp_timed_event, 0);
727
728 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
729
730 if (txcrc)
731 bcsp->use_crc = 1;
732
733 return 0;
734}
735
736static int bcsp_close(struct hci_uart *hu)
737{
738 struct bcsp_struct *bcsp = hu->priv;
739
740 timer_shutdown_sync(&bcsp->tbcsp);
741
742 hu->priv = NULL;
743
744 BT_DBG("hu %p", hu);
745
746 skb_queue_purge(&bcsp->unack);
747 skb_queue_purge(&bcsp->rel);
748 skb_queue_purge(&bcsp->unrel);
749
750 if (bcsp->rx_skb) {
751 kfree_skb(bcsp->rx_skb);
752 bcsp->rx_skb = NULL;
753 }
754
755 kfree(bcsp);
756 return 0;
757}
758
759static const struct hci_uart_proto bcsp = {
760 .id = HCI_UART_BCSP,
761 .name = "BCSP",
762 .open = bcsp_open,
763 .close = bcsp_close,
764 .enqueue = bcsp_enqueue,
765 .dequeue = bcsp_dequeue,
766 .recv = bcsp_recv,
767 .flush = bcsp_flush
768};
769
770int __init bcsp_init(void)
771{
772 return hci_uart_register_proto(&bcsp);
773}
774
775int __exit bcsp_deinit(void)
776{
777 return hci_uart_unregister_proto(&bcsp);
778}
779
780module_param(txcrc, bool, 0644);
781MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
782
783module_param(hciextn, bool, 0644);
784MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");
1/*
2 *
3 * Bluetooth HCI UART driver
4 *
5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 *
23 */
24
25#include <linux/module.h>
26
27#include <linux/kernel.h>
28#include <linux/init.h>
29#include <linux/types.h>
30#include <linux/fcntl.h>
31#include <linux/interrupt.h>
32#include <linux/ptrace.h>
33#include <linux/poll.h>
34
35#include <linux/slab.h>
36#include <linux/tty.h>
37#include <linux/errno.h>
38#include <linux/string.h>
39#include <linux/signal.h>
40#include <linux/ioctl.h>
41#include <linux/skbuff.h>
42#include <linux/bitrev.h>
43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
48#include "hci_uart.h"
49
50static bool txcrc = true;
51static bool hciextn = true;
52
53#define BCSP_TXWINSIZE 4
54
55#define BCSP_ACK_PKT 0x05
56#define BCSP_LE_PKT 0x06
57
58struct bcsp_struct {
59 struct sk_buff_head unack; /* Unack'ed packets queue */
60 struct sk_buff_head rel; /* Reliable packets queue */
61 struct sk_buff_head unrel; /* Unreliable packets queue */
62
63 unsigned long rx_count;
64 struct sk_buff *rx_skb;
65 u8 rxseq_txack; /* rxseq == txack. */
66 u8 rxack; /* Last packet sent by us that the peer ack'ed */
67 struct timer_list tbcsp;
68
69 enum {
70 BCSP_W4_PKT_DELIMITER,
71 BCSP_W4_PKT_START,
72 BCSP_W4_BCSP_HDR,
73 BCSP_W4_DATA,
74 BCSP_W4_CRC
75 } rx_state;
76
77 enum {
78 BCSP_ESCSTATE_NOESC,
79 BCSP_ESCSTATE_ESC
80 } rx_esc_state;
81
82 u8 use_crc;
83 u16 message_crc;
84 u8 txack_req; /* Do we need to send ack's to the peer? */
85
86 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
87 u8 msgq_txseq;
88};
89
90/* ---- BCSP CRC calculation ---- */
91
92/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
93 * initial value 0xffff, bits shifted in reverse order.
94 */
95
96static const u16 crc_table[] = {
97 0x0000, 0x1081, 0x2102, 0x3183,
98 0x4204, 0x5285, 0x6306, 0x7387,
99 0x8408, 0x9489, 0xa50a, 0xb58b,
100 0xc60c, 0xd68d, 0xe70e, 0xf78f
101};
102
103/* Initialise the crc calculator */
104#define BCSP_CRC_INIT(x) x = 0xffff
105
106/* Update crc with next data byte
107 *
108 * Implementation note
109 * The data byte is treated as two nibbles. The crc is generated
110 * in reverse, i.e., bits are fed into the register from the top.
111 */
112static void bcsp_crc_update(u16 *crc, u8 d)
113{
114 u16 reg = *crc;
115
116 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
117 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
118
119 *crc = reg;
120}
121
122/* ---- BCSP core ---- */
123
124static void bcsp_slip_msgdelim(struct sk_buff *skb)
125{
126 const char pkt_delim = 0xc0;
127
128 memcpy(skb_put(skb, 1), &pkt_delim, 1);
129}
130
131static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
132{
133 const char esc_c0[2] = { 0xdb, 0xdc };
134 const char esc_db[2] = { 0xdb, 0xdd };
135
136 switch (c) {
137 case 0xc0:
138 memcpy(skb_put(skb, 2), &esc_c0, 2);
139 break;
140 case 0xdb:
141 memcpy(skb_put(skb, 2), &esc_db, 2);
142 break;
143 default:
144 memcpy(skb_put(skb, 1), &c, 1);
145 }
146}
147
148static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
149{
150 struct bcsp_struct *bcsp = hu->priv;
151
152 if (skb->len > 0xFFF) {
153 BT_ERR("Packet too long");
154 kfree_skb(skb);
155 return 0;
156 }
157
158 switch (hci_skb_pkt_type(skb)) {
159 case HCI_ACLDATA_PKT:
160 case HCI_COMMAND_PKT:
161 skb_queue_tail(&bcsp->rel, skb);
162 break;
163
164 case HCI_SCODATA_PKT:
165 skb_queue_tail(&bcsp->unrel, skb);
166 break;
167
168 default:
169 BT_ERR("Unknown packet type");
170 kfree_skb(skb);
171 break;
172 }
173
174 return 0;
175}
176
177static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
178 int len, int pkt_type)
179{
180 struct sk_buff *nskb;
181 u8 hdr[4], chan;
182 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
183 int rel, i;
184
185 switch (pkt_type) {
186 case HCI_ACLDATA_PKT:
187 chan = 6; /* BCSP ACL channel */
188 rel = 1; /* reliable channel */
189 break;
190 case HCI_COMMAND_PKT:
191 chan = 5; /* BCSP cmd/evt channel */
192 rel = 1; /* reliable channel */
193 break;
194 case HCI_SCODATA_PKT:
195 chan = 7; /* BCSP SCO channel */
196 rel = 0; /* unreliable channel */
197 break;
198 case BCSP_LE_PKT:
199 chan = 1; /* BCSP LE channel */
200 rel = 0; /* unreliable channel */
201 break;
202 case BCSP_ACK_PKT:
203 chan = 0; /* BCSP internal channel */
204 rel = 0; /* unreliable channel */
205 break;
206 default:
207 BT_ERR("Unknown packet type");
208 return NULL;
209 }
210
211 if (hciextn && chan == 5) {
212 __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
213
214 /* Vendor specific commands */
215 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
216 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
217
218 if ((desc & 0xf0) == 0xc0) {
219 data += HCI_COMMAND_HDR_SIZE + 1;
220 len -= HCI_COMMAND_HDR_SIZE + 1;
221 chan = desc & 0x0f;
222 }
223 }
224 }
225
226 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
227 * (because bytes 0xc0 and 0xdb are escaped, worst case is
228 * when the packet is all made of 0xc0 and 0xdb :) )
229 * + 2 (0xc0 delimiters at start and end).
230 */
231
232 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
233 if (!nskb)
234 return NULL;
235
236 hci_skb_pkt_type(nskb) = pkt_type;
237
238 bcsp_slip_msgdelim(nskb);
239
240 hdr[0] = bcsp->rxseq_txack << 3;
241 bcsp->txack_req = 0;
242 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
243
244 if (rel) {
245 hdr[0] |= 0x80 + bcsp->msgq_txseq;
246 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
247 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
248 }
249
250 if (bcsp->use_crc)
251 hdr[0] |= 0x40;
252
253 hdr[1] = ((len << 4) & 0xff) | chan;
254 hdr[2] = len >> 4;
255 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
256
257 /* Put BCSP header */
258 for (i = 0; i < 4; i++) {
259 bcsp_slip_one_byte(nskb, hdr[i]);
260
261 if (bcsp->use_crc)
262 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
263 }
264
265 /* Put payload */
266 for (i = 0; i < len; i++) {
267 bcsp_slip_one_byte(nskb, data[i]);
268
269 if (bcsp->use_crc)
270 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
271 }
272
273 /* Put CRC */
274 if (bcsp->use_crc) {
275 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
276 bcsp_slip_one_byte(nskb, (u8)((bcsp_txmsg_crc >> 8) & 0x00ff));
277 bcsp_slip_one_byte(nskb, (u8)(bcsp_txmsg_crc & 0x00ff));
278 }
279
280 bcsp_slip_msgdelim(nskb);
281 return nskb;
282}
283
284/* This is a rewrite of pkt_avail in ABCSP */
285static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
286{
287 struct bcsp_struct *bcsp = hu->priv;
288 unsigned long flags;
289 struct sk_buff *skb;
290
291 /* First of all, check for unreliable messages in the queue,
292 * since they have priority
293 */
294
295 skb = skb_dequeue(&bcsp->unrel);
296 if (skb != NULL) {
297 struct sk_buff *nskb;
298
299 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
300 hci_skb_pkt_type(skb));
301 if (nskb) {
302 kfree_skb(skb);
303 return nskb;
304 } else {
305 skb_queue_head(&bcsp->unrel, skb);
306 BT_ERR("Could not dequeue pkt because alloc_skb failed");
307 }
308 }
309
310 /* Now, try to send a reliable pkt. We can only send a
311 * reliable packet if the number of packets sent but not yet ack'ed
312 * is < than the winsize
313 */
314
315 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
316
317 if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
318 skb = skb_dequeue(&bcsp->rel);
319 if (skb != NULL) {
320 struct sk_buff *nskb;
321
322 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
323 hci_skb_pkt_type(skb));
324 if (nskb) {
325 __skb_queue_tail(&bcsp->unack, skb);
326 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
327 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
328 return nskb;
329 } else {
330 skb_queue_head(&bcsp->rel, skb);
331 BT_ERR("Could not dequeue pkt because alloc_skb failed");
332 }
333 }
334 }
335
336 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
337
338 /* We could not send a reliable packet, either because there are
339 * none or because there are too many unack'ed pkts. Did we receive
340 * any packets we have not acknowledged yet ?
341 */
342
343 if (bcsp->txack_req) {
344 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
345 * channel 0
346 */
347 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
348 return nskb;
349 }
350
351 /* We have nothing to send */
352 return NULL;
353}
354
355static int bcsp_flush(struct hci_uart *hu)
356{
357 BT_DBG("hu %p", hu);
358 return 0;
359}
360
361/* Remove ack'ed packets */
362static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
363{
364 struct sk_buff *skb, *tmp;
365 unsigned long flags;
366 int i, pkts_to_be_removed;
367 u8 seqno;
368
369 spin_lock_irqsave(&bcsp->unack.lock, flags);
370
371 pkts_to_be_removed = skb_queue_len(&bcsp->unack);
372 seqno = bcsp->msgq_txseq;
373
374 while (pkts_to_be_removed) {
375 if (bcsp->rxack == seqno)
376 break;
377 pkts_to_be_removed--;
378 seqno = (seqno - 1) & 0x07;
379 }
380
381 if (bcsp->rxack != seqno)
382 BT_ERR("Peer acked invalid packet");
383
384 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
385 pkts_to_be_removed, skb_queue_len(&bcsp->unack),
386 (seqno - 1) & 0x07);
387
388 i = 0;
389 skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
390 if (i >= pkts_to_be_removed)
391 break;
392 i++;
393
394 __skb_unlink(skb, &bcsp->unack);
395 kfree_skb(skb);
396 }
397
398 if (skb_queue_empty(&bcsp->unack))
399 del_timer(&bcsp->tbcsp);
400
401 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
402
403 if (i != pkts_to_be_removed)
404 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
405}
406
407/* Handle BCSP link-establishment packets. When we
408 * detect a "sync" packet, symptom that the BT module has reset,
409 * we do nothing :) (yet)
410 */
411static void bcsp_handle_le_pkt(struct hci_uart *hu)
412{
413 struct bcsp_struct *bcsp = hu->priv;
414 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
415 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
416 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
417
418 /* spot "conf" pkts and reply with a "conf rsp" pkt */
419 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
420 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
421 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
422
423 BT_DBG("Found a LE conf pkt");
424 if (!nskb)
425 return;
426 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
427 hci_skb_pkt_type(nskb) = BCSP_LE_PKT;
428
429 skb_queue_head(&bcsp->unrel, nskb);
430 hci_uart_tx_wakeup(hu);
431 }
432 /* Spot "sync" pkts. If we find one...disaster! */
433 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
434 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
435 BT_ERR("Found a LE sync pkt, card has reset");
436 }
437}
438
439static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
440{
441 const u8 c0 = 0xc0, db = 0xdb;
442
443 switch (bcsp->rx_esc_state) {
444 case BCSP_ESCSTATE_NOESC:
445 switch (byte) {
446 case 0xdb:
447 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
448 break;
449 default:
450 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
451 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
452 bcsp->rx_state != BCSP_W4_CRC)
453 bcsp_crc_update(&bcsp->message_crc, byte);
454 bcsp->rx_count--;
455 }
456 break;
457
458 case BCSP_ESCSTATE_ESC:
459 switch (byte) {
460 case 0xdc:
461 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
462 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
463 bcsp->rx_state != BCSP_W4_CRC)
464 bcsp_crc_update(&bcsp->message_crc, 0xc0);
465 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
466 bcsp->rx_count--;
467 break;
468
469 case 0xdd:
470 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
471 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
472 bcsp->rx_state != BCSP_W4_CRC)
473 bcsp_crc_update(&bcsp->message_crc, 0xdb);
474 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
475 bcsp->rx_count--;
476 break;
477
478 default:
479 BT_ERR("Invalid byte %02x after esc byte", byte);
480 kfree_skb(bcsp->rx_skb);
481 bcsp->rx_skb = NULL;
482 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
483 bcsp->rx_count = 0;
484 }
485 }
486}
487
488static void bcsp_complete_rx_pkt(struct hci_uart *hu)
489{
490 struct bcsp_struct *bcsp = hu->priv;
491 int pass_up = 0;
492
493 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
494 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
495
496 /* check the rx sequence number is as expected */
497 if ((bcsp->rx_skb->data[0] & 0x07) == bcsp->rxseq_txack) {
498 bcsp->rxseq_txack++;
499 bcsp->rxseq_txack %= 0x8;
500 } else {
501 /* handle re-transmitted packet or
502 * when packet was missed
503 */
504 BT_ERR("Out-of-order packet arrived, got %u expected %u",
505 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
506
507 /* do not process out-of-order packet payload */
508 pass_up = 2;
509 }
510
511 /* send current txack value to all received reliable packets */
512 bcsp->txack_req = 1;
513
514 /* If needed, transmit an ack pkt */
515 hci_uart_tx_wakeup(hu);
516 }
517
518 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
519 BT_DBG("Request for pkt %u from card", bcsp->rxack);
520
521 /* handle received ACK indications,
522 * including those from out-of-order packets
523 */
524 bcsp_pkt_cull(bcsp);
525
526 if (pass_up != 2) {
527 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
528 (bcsp->rx_skb->data[0] & 0x80)) {
529 hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT;
530 pass_up = 1;
531 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
532 (bcsp->rx_skb->data[0] & 0x80)) {
533 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
534 pass_up = 1;
535 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
536 hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT;
537 pass_up = 1;
538 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
539 !(bcsp->rx_skb->data[0] & 0x80)) {
540 bcsp_handle_le_pkt(hu);
541 pass_up = 0;
542 } else {
543 pass_up = 0;
544 }
545 }
546
547 if (pass_up == 0) {
548 struct hci_event_hdr hdr;
549 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
550
551 if (desc != 0 && desc != 1) {
552 if (hciextn) {
553 desc |= 0xc0;
554 skb_pull(bcsp->rx_skb, 4);
555 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
556
557 hdr.evt = 0xff;
558 hdr.plen = bcsp->rx_skb->len;
559 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
560 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
561
562 hci_recv_frame(hu->hdev, bcsp->rx_skb);
563 } else {
564 BT_ERR("Packet for unknown channel (%u %s)",
565 bcsp->rx_skb->data[1] & 0x0f,
566 bcsp->rx_skb->data[0] & 0x80 ?
567 "reliable" : "unreliable");
568 kfree_skb(bcsp->rx_skb);
569 }
570 } else
571 kfree_skb(bcsp->rx_skb);
572 } else if (pass_up == 1) {
573 /* Pull out BCSP hdr */
574 skb_pull(bcsp->rx_skb, 4);
575
576 hci_recv_frame(hu->hdev, bcsp->rx_skb);
577 } else {
578 /* ignore packet payload of already ACKed re-transmitted
579 * packets or when a packet was missed in the BCSP window
580 */
581 kfree_skb(bcsp->rx_skb);
582 }
583
584 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
585 bcsp->rx_skb = NULL;
586}
587
588static u16 bscp_get_crc(struct bcsp_struct *bcsp)
589{
590 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
591}
592
593/* Recv data */
594static int bcsp_recv(struct hci_uart *hu, const void *data, int count)
595{
596 struct bcsp_struct *bcsp = hu->priv;
597 const unsigned char *ptr;
598
599 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
600 hu, count, bcsp->rx_state, bcsp->rx_count);
601
602 ptr = data;
603 while (count) {
604 if (bcsp->rx_count) {
605 if (*ptr == 0xc0) {
606 BT_ERR("Short BCSP packet");
607 kfree_skb(bcsp->rx_skb);
608 bcsp->rx_state = BCSP_W4_PKT_START;
609 bcsp->rx_count = 0;
610 } else
611 bcsp_unslip_one_byte(bcsp, *ptr);
612
613 ptr++; count--;
614 continue;
615 }
616
617 switch (bcsp->rx_state) {
618 case BCSP_W4_BCSP_HDR:
619 if ((0xff & (u8)~(bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
620 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
621 BT_ERR("Error in BCSP hdr checksum");
622 kfree_skb(bcsp->rx_skb);
623 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
624 bcsp->rx_count = 0;
625 continue;
626 }
627 bcsp->rx_state = BCSP_W4_DATA;
628 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
629 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
630 continue;
631
632 case BCSP_W4_DATA:
633 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
634 bcsp->rx_state = BCSP_W4_CRC;
635 bcsp->rx_count = 2;
636 } else
637 bcsp_complete_rx_pkt(hu);
638 continue;
639
640 case BCSP_W4_CRC:
641 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
642 BT_ERR("Checksum failed: computed %04x received %04x",
643 bitrev16(bcsp->message_crc),
644 bscp_get_crc(bcsp));
645
646 kfree_skb(bcsp->rx_skb);
647 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
648 bcsp->rx_count = 0;
649 continue;
650 }
651 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
652 bcsp_complete_rx_pkt(hu);
653 continue;
654
655 case BCSP_W4_PKT_DELIMITER:
656 switch (*ptr) {
657 case 0xc0:
658 bcsp->rx_state = BCSP_W4_PKT_START;
659 break;
660 default:
661 /*BT_ERR("Ignoring byte %02x", *ptr);*/
662 break;
663 }
664 ptr++; count--;
665 break;
666
667 case BCSP_W4_PKT_START:
668 switch (*ptr) {
669 case 0xc0:
670 ptr++; count--;
671 break;
672
673 default:
674 bcsp->rx_state = BCSP_W4_BCSP_HDR;
675 bcsp->rx_count = 4;
676 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
677 BCSP_CRC_INIT(bcsp->message_crc);
678
679 /* Do not increment ptr or decrement count
680 * Allocate packet. Max len of a BCSP pkt=
681 * 0xFFF (payload) +4 (header) +2 (crc)
682 */
683
684 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
685 if (!bcsp->rx_skb) {
686 BT_ERR("Can't allocate mem for new packet");
687 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
688 bcsp->rx_count = 0;
689 return 0;
690 }
691 break;
692 }
693 break;
694 }
695 }
696 return count;
697}
698
699 /* Arrange to retransmit all messages in the relq. */
700static void bcsp_timed_event(unsigned long arg)
701{
702 struct hci_uart *hu = (struct hci_uart *)arg;
703 struct bcsp_struct *bcsp = hu->priv;
704 struct sk_buff *skb;
705 unsigned long flags;
706
707 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
708
709 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
710
711 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
712 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
713 skb_queue_head(&bcsp->rel, skb);
714 }
715
716 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
717
718 hci_uart_tx_wakeup(hu);
719}
720
721static int bcsp_open(struct hci_uart *hu)
722{
723 struct bcsp_struct *bcsp;
724
725 BT_DBG("hu %p", hu);
726
727 bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
728 if (!bcsp)
729 return -ENOMEM;
730
731 hu->priv = bcsp;
732 skb_queue_head_init(&bcsp->unack);
733 skb_queue_head_init(&bcsp->rel);
734 skb_queue_head_init(&bcsp->unrel);
735
736 setup_timer(&bcsp->tbcsp, bcsp_timed_event, (u_long)hu);
737
738 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
739
740 if (txcrc)
741 bcsp->use_crc = 1;
742
743 return 0;
744}
745
746static int bcsp_close(struct hci_uart *hu)
747{
748 struct bcsp_struct *bcsp = hu->priv;
749
750 del_timer_sync(&bcsp->tbcsp);
751
752 hu->priv = NULL;
753
754 BT_DBG("hu %p", hu);
755
756 skb_queue_purge(&bcsp->unack);
757 skb_queue_purge(&bcsp->rel);
758 skb_queue_purge(&bcsp->unrel);
759
760 kfree(bcsp);
761 return 0;
762}
763
764static const struct hci_uart_proto bcsp = {
765 .id = HCI_UART_BCSP,
766 .name = "BCSP",
767 .open = bcsp_open,
768 .close = bcsp_close,
769 .enqueue = bcsp_enqueue,
770 .dequeue = bcsp_dequeue,
771 .recv = bcsp_recv,
772 .flush = bcsp_flush
773};
774
775int __init bcsp_init(void)
776{
777 return hci_uart_register_proto(&bcsp);
778}
779
780int __exit bcsp_deinit(void)
781{
782 return hci_uart_unregister_proto(&bcsp);
783}
784
785module_param(txcrc, bool, 0644);
786MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
787
788module_param(hciextn, bool, 0644);
789MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");