1 /*
2 *
3 * Bluetooth HCI UART driver
4 *
5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 *
23 */
24
25 #include <linux/module.h>
26
27 #include <linux/kernel.h>
28 #include <linux/init.h>
29 #include <linux/types.h>
30 #include <linux/fcntl.h>
31 #include <linux/interrupt.h>
32 #include <linux/ptrace.h>
33 #include <linux/poll.h>
34
35 #include <linux/slab.h>
36 #include <linux/tty.h>
37 #include <linux/errno.h>
38 #include <linux/string.h>
39 #include <linux/signal.h>
40 #include <linux/ioctl.h>
41 #include <linux/skbuff.h>
42 #include <linux/bitrev.h>
43 #include <asm/unaligned.h>
44
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47
48 #include "hci_uart.h"
49
50 static bool txcrc = true;
51 static bool hciextn = true;
52
53 #define BCSP_TXWINSIZE 4
54
55 #define BCSP_ACK_PKT 0x05
56 #define BCSP_LE_PKT 0x06
57
58 struct bcsp_struct {
59 struct sk_buff_head unack; /* Unack'ed packets queue */
60 struct sk_buff_head rel; /* Reliable packets queue */
61 struct sk_buff_head unrel; /* Unreliable packets queue */
62
63 unsigned long rx_count;
64 struct sk_buff *rx_skb;
65 u8 rxseq_txack; /* rxseq == txack. */
66 u8 rxack; /* Last packet sent by us that the peer ack'ed */
67 struct timer_list tbcsp;
68
69 enum {
70 BCSP_W4_PKT_DELIMITER,
71 BCSP_W4_PKT_START,
72 BCSP_W4_BCSP_HDR,
73 BCSP_W4_DATA,
74 BCSP_W4_CRC
75 } rx_state;
76
77 enum {
78 BCSP_ESCSTATE_NOESC,
79 BCSP_ESCSTATE_ESC
80 } rx_esc_state;
81
82 u8 use_crc;
83 u16 message_crc;
84 u8 txack_req; /* Do we need to send ack's to the peer? */
85
86 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
87 u8 msgq_txseq;
88 };
89
90 /* ---- BCSP CRC calculation ---- */
91
92 /* Table for calculating CRC for polynomial 0x1021, LSB processed first,
93 initial value 0xffff, bits shifted in reverse order. */
94
95 static const u16 crc_table[] = {
96 0x0000, 0x1081, 0x2102, 0x3183,
97 0x4204, 0x5285, 0x6306, 0x7387,
98 0x8408, 0x9489, 0xa50a, 0xb58b,
99 0xc60c, 0xd68d, 0xe70e, 0xf78f
100 };
101
102 /* Initialise the crc calculator */
103 #define BCSP_CRC_INIT(x) x = 0xffff
104
105 /*
106 Update crc with next data byte
107
108 Implementation note
109 The data byte is treated as two nibbles. The crc is generated
110 in reverse, i.e., bits are fed into the register from the top.
111 */
bcsp_crc_update(u16 * crc,u8 d)112 static void bcsp_crc_update(u16 *crc, u8 d)
113 {
114 u16 reg = *crc;
115
116 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
117 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
118
119 *crc = reg;
120 }
121
122 /* ---- BCSP core ---- */
123
bcsp_slip_msgdelim(struct sk_buff * skb)124 static void bcsp_slip_msgdelim(struct sk_buff *skb)
125 {
126 const char pkt_delim = 0xc0;
127
128 memcpy(skb_put(skb, 1), &pkt_delim, 1);
129 }
130
bcsp_slip_one_byte(struct sk_buff * skb,u8 c)131 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
132 {
133 const char esc_c0[2] = { 0xdb, 0xdc };
134 const char esc_db[2] = { 0xdb, 0xdd };
135
136 switch (c) {
137 case 0xc0:
138 memcpy(skb_put(skb, 2), &esc_c0, 2);
139 break;
140 case 0xdb:
141 memcpy(skb_put(skb, 2), &esc_db, 2);
142 break;
143 default:
144 memcpy(skb_put(skb, 1), &c, 1);
145 }
146 }
147
bcsp_enqueue(struct hci_uart * hu,struct sk_buff * skb)148 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
149 {
150 struct bcsp_struct *bcsp = hu->priv;
151
152 if (skb->len > 0xFFF) {
153 BT_ERR("Packet too long");
154 kfree_skb(skb);
155 return 0;
156 }
157
158 switch (bt_cb(skb)->pkt_type) {
159 case HCI_ACLDATA_PKT:
160 case HCI_COMMAND_PKT:
161 skb_queue_tail(&bcsp->rel, skb);
162 break;
163
164 case HCI_SCODATA_PKT:
165 skb_queue_tail(&bcsp->unrel, skb);
166 break;
167
168 default:
169 BT_ERR("Unknown packet type");
170 kfree_skb(skb);
171 break;
172 }
173
174 return 0;
175 }
176
bcsp_prepare_pkt(struct bcsp_struct * bcsp,u8 * data,int len,int pkt_type)177 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
178 int len, int pkt_type)
179 {
180 struct sk_buff *nskb;
181 u8 hdr[4], chan;
182 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
183 int rel, i;
184
185 switch (pkt_type) {
186 case HCI_ACLDATA_PKT:
187 chan = 6; /* BCSP ACL channel */
188 rel = 1; /* reliable channel */
189 break;
190 case HCI_COMMAND_PKT:
191 chan = 5; /* BCSP cmd/evt channel */
192 rel = 1; /* reliable channel */
193 break;
194 case HCI_SCODATA_PKT:
195 chan = 7; /* BCSP SCO channel */
196 rel = 0; /* unreliable channel */
197 break;
198 case BCSP_LE_PKT:
199 chan = 1; /* BCSP LE channel */
200 rel = 0; /* unreliable channel */
201 break;
202 case BCSP_ACK_PKT:
203 chan = 0; /* BCSP internal channel */
204 rel = 0; /* unreliable channel */
205 break;
206 default:
207 BT_ERR("Unknown packet type");
208 return NULL;
209 }
210
211 if (hciextn && chan == 5) {
212 __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
213
214 /* Vendor specific commands */
215 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
216 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
217 if ((desc & 0xf0) == 0xc0) {
218 data += HCI_COMMAND_HDR_SIZE + 1;
219 len -= HCI_COMMAND_HDR_SIZE + 1;
220 chan = desc & 0x0f;
221 }
222 }
223 }
224
225 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
226 (because bytes 0xc0 and 0xdb are escaped, worst case is
227 when the packet is all made of 0xc0 and 0xdb :) )
228 + 2 (0xc0 delimiters at start and end). */
229
230 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
231 if (!nskb)
232 return NULL;
233
234 bt_cb(nskb)->pkt_type = pkt_type;
235
236 bcsp_slip_msgdelim(nskb);
237
238 hdr[0] = bcsp->rxseq_txack << 3;
239 bcsp->txack_req = 0;
240 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
241
242 if (rel) {
243 hdr[0] |= 0x80 + bcsp->msgq_txseq;
244 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
245 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
246 }
247
248 if (bcsp->use_crc)
249 hdr[0] |= 0x40;
250
251 hdr[1] = ((len << 4) & 0xff) | chan;
252 hdr[2] = len >> 4;
253 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
254
255 /* Put BCSP header */
256 for (i = 0; i < 4; i++) {
257 bcsp_slip_one_byte(nskb, hdr[i]);
258
259 if (bcsp->use_crc)
260 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
261 }
262
263 /* Put payload */
264 for (i = 0; i < len; i++) {
265 bcsp_slip_one_byte(nskb, data[i]);
266
267 if (bcsp->use_crc)
268 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
269 }
270
271 /* Put CRC */
272 if (bcsp->use_crc) {
273 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
274 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
275 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
276 }
277
278 bcsp_slip_msgdelim(nskb);
279 return nskb;
280 }
281
282 /* This is a rewrite of pkt_avail in ABCSP */
bcsp_dequeue(struct hci_uart * hu)283 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
284 {
285 struct bcsp_struct *bcsp = hu->priv;
286 unsigned long flags;
287 struct sk_buff *skb;
288
289 /* First of all, check for unreliable messages in the queue,
290 since they have priority */
291
292 skb = skb_dequeue(&bcsp->unrel);
293 if (skb != NULL) {
294 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
295 if (nskb) {
296 kfree_skb(skb);
297 return nskb;
298 } else {
299 skb_queue_head(&bcsp->unrel, skb);
300 BT_ERR("Could not dequeue pkt because alloc_skb failed");
301 }
302 }
303
304 /* Now, try to send a reliable pkt. We can only send a
305 reliable packet if the number of packets sent but not yet ack'ed
306 is < than the winsize */
307
308 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
309
310 if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
311 skb = skb_dequeue(&bcsp->rel);
312 if (skb != NULL) {
313 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
314 bt_cb(skb)->pkt_type);
315 if (nskb) {
316 __skb_queue_tail(&bcsp->unack, skb);
317 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
318 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
319 return nskb;
320 } else {
321 skb_queue_head(&bcsp->rel, skb);
322 BT_ERR("Could not dequeue pkt because alloc_skb failed");
323 }
324 }
325 }
326
327 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
328
329 /* We could not send a reliable packet, either because there are
330 none or because there are too many unack'ed pkts. Did we receive
331 any packets we have not acknowledged yet ? */
332
333 if (bcsp->txack_req) {
334 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
335 channel 0 */
336 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
337 return nskb;
338 }
339
340 /* We have nothing to send */
341 return NULL;
342 }
343
bcsp_flush(struct hci_uart * hu)344 static int bcsp_flush(struct hci_uart *hu)
345 {
346 BT_DBG("hu %p", hu);
347 return 0;
348 }
349
350 /* Remove ack'ed packets */
bcsp_pkt_cull(struct bcsp_struct * bcsp)351 static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
352 {
353 struct sk_buff *skb, *tmp;
354 unsigned long flags;
355 int i, pkts_to_be_removed;
356 u8 seqno;
357
358 spin_lock_irqsave(&bcsp->unack.lock, flags);
359
360 pkts_to_be_removed = skb_queue_len(&bcsp->unack);
361 seqno = bcsp->msgq_txseq;
362
363 while (pkts_to_be_removed) {
364 if (bcsp->rxack == seqno)
365 break;
366 pkts_to_be_removed--;
367 seqno = (seqno - 1) & 0x07;
368 }
369
370 if (bcsp->rxack != seqno)
371 BT_ERR("Peer acked invalid packet");
372
373 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
374 pkts_to_be_removed, skb_queue_len(&bcsp->unack),
375 (seqno - 1) & 0x07);
376
377 i = 0;
378 skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
379 if (i >= pkts_to_be_removed)
380 break;
381 i++;
382
383 __skb_unlink(skb, &bcsp->unack);
384 kfree_skb(skb);
385 }
386
387 if (skb_queue_empty(&bcsp->unack))
388 del_timer(&bcsp->tbcsp);
389
390 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
391
392 if (i != pkts_to_be_removed)
393 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
394 }
395
396 /* Handle BCSP link-establishment packets. When we
397 detect a "sync" packet, symptom that the BT module has reset,
398 we do nothing :) (yet) */
bcsp_handle_le_pkt(struct hci_uart * hu)399 static void bcsp_handle_le_pkt(struct hci_uart *hu)
400 {
401 struct bcsp_struct *bcsp = hu->priv;
402 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
403 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
404 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
405
406 /* spot "conf" pkts and reply with a "conf rsp" pkt */
407 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
408 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
409 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
410
411 BT_DBG("Found a LE conf pkt");
412 if (!nskb)
413 return;
414 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
415 bt_cb(nskb)->pkt_type = BCSP_LE_PKT;
416
417 skb_queue_head(&bcsp->unrel, nskb);
418 hci_uart_tx_wakeup(hu);
419 }
420 /* Spot "sync" pkts. If we find one...disaster! */
421 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
422 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
423 BT_ERR("Found a LE sync pkt, card has reset");
424 }
425 }
426
bcsp_unslip_one_byte(struct bcsp_struct * bcsp,unsigned char byte)427 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
428 {
429 const u8 c0 = 0xc0, db = 0xdb;
430
431 switch (bcsp->rx_esc_state) {
432 case BCSP_ESCSTATE_NOESC:
433 switch (byte) {
434 case 0xdb:
435 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
436 break;
437 default:
438 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
439 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
440 bcsp->rx_state != BCSP_W4_CRC)
441 bcsp_crc_update(&bcsp->message_crc, byte);
442 bcsp->rx_count--;
443 }
444 break;
445
446 case BCSP_ESCSTATE_ESC:
447 switch (byte) {
448 case 0xdc:
449 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
450 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
451 bcsp->rx_state != BCSP_W4_CRC)
452 bcsp_crc_update(&bcsp->message_crc, 0xc0);
453 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
454 bcsp->rx_count--;
455 break;
456
457 case 0xdd:
458 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
459 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
460 bcsp->rx_state != BCSP_W4_CRC)
461 bcsp_crc_update(&bcsp->message_crc, 0xdb);
462 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
463 bcsp->rx_count--;
464 break;
465
466 default:
467 BT_ERR("Invalid byte %02x after esc byte", byte);
468 kfree_skb(bcsp->rx_skb);
469 bcsp->rx_skb = NULL;
470 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
471 bcsp->rx_count = 0;
472 }
473 }
474 }
475
bcsp_complete_rx_pkt(struct hci_uart * hu)476 static void bcsp_complete_rx_pkt(struct hci_uart *hu)
477 {
478 struct bcsp_struct *bcsp = hu->priv;
479 int pass_up;
480
481 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
482 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
483 bcsp->rxseq_txack++;
484 bcsp->rxseq_txack %= 0x8;
485 bcsp->txack_req = 1;
486
487 /* If needed, transmit an ack pkt */
488 hci_uart_tx_wakeup(hu);
489 }
490
491 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
492 BT_DBG("Request for pkt %u from card", bcsp->rxack);
493
494 bcsp_pkt_cull(bcsp);
495 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
496 bcsp->rx_skb->data[0] & 0x80) {
497 bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT;
498 pass_up = 1;
499 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
500 bcsp->rx_skb->data[0] & 0x80) {
501 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
502 pass_up = 1;
503 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
504 bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT;
505 pass_up = 1;
506 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
507 !(bcsp->rx_skb->data[0] & 0x80)) {
508 bcsp_handle_le_pkt(hu);
509 pass_up = 0;
510 } else
511 pass_up = 0;
512
513 if (!pass_up) {
514 struct hci_event_hdr hdr;
515 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
516
517 if (desc != 0 && desc != 1) {
518 if (hciextn) {
519 desc |= 0xc0;
520 skb_pull(bcsp->rx_skb, 4);
521 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
522
523 hdr.evt = 0xff;
524 hdr.plen = bcsp->rx_skb->len;
525 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
526 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
527
528 hci_recv_frame(hu->hdev, bcsp->rx_skb);
529 } else {
530 BT_ERR("Packet for unknown channel (%u %s)",
531 bcsp->rx_skb->data[1] & 0x0f,
532 bcsp->rx_skb->data[0] & 0x80 ?
533 "reliable" : "unreliable");
534 kfree_skb(bcsp->rx_skb);
535 }
536 } else
537 kfree_skb(bcsp->rx_skb);
538 } else {
539 /* Pull out BCSP hdr */
540 skb_pull(bcsp->rx_skb, 4);
541
542 hci_recv_frame(hu->hdev, bcsp->rx_skb);
543 }
544
545 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
546 bcsp->rx_skb = NULL;
547 }
548
bscp_get_crc(struct bcsp_struct * bcsp)549 static u16 bscp_get_crc(struct bcsp_struct *bcsp)
550 {
551 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
552 }
553
554 /* Recv data */
bcsp_recv(struct hci_uart * hu,const void * data,int count)555 static int bcsp_recv(struct hci_uart *hu, const void *data, int count)
556 {
557 struct bcsp_struct *bcsp = hu->priv;
558 const unsigned char *ptr;
559
560 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
561 hu, count, bcsp->rx_state, bcsp->rx_count);
562
563 ptr = data;
564 while (count) {
565 if (bcsp->rx_count) {
566 if (*ptr == 0xc0) {
567 BT_ERR("Short BCSP packet");
568 kfree_skb(bcsp->rx_skb);
569 bcsp->rx_skb = NULL;
570 bcsp->rx_state = BCSP_W4_PKT_START;
571 bcsp->rx_count = 0;
572 } else
573 bcsp_unslip_one_byte(bcsp, *ptr);
574
575 ptr++; count--;
576 continue;
577 }
578
579 switch (bcsp->rx_state) {
580 case BCSP_W4_BCSP_HDR:
581 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
582 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
583 BT_ERR("Error in BCSP hdr checksum");
584 kfree_skb(bcsp->rx_skb);
585 bcsp->rx_skb = NULL;
586 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
587 bcsp->rx_count = 0;
588 continue;
589 }
590 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */
591 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
592 BT_ERR("Out-of-order packet arrived, got %u expected %u",
593 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
594
595 kfree_skb(bcsp->rx_skb);
596 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
597 bcsp->rx_count = 0;
598 continue;
599 }
600 bcsp->rx_state = BCSP_W4_DATA;
601 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
602 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
603 continue;
604
605 case BCSP_W4_DATA:
606 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
607 bcsp->rx_state = BCSP_W4_CRC;
608 bcsp->rx_count = 2;
609 } else
610 bcsp_complete_rx_pkt(hu);
611 continue;
612
613 case BCSP_W4_CRC:
614 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
615 BT_ERR ("Checksum failed: computed %04x received %04x",
616 bitrev16(bcsp->message_crc),
617 bscp_get_crc(bcsp));
618
619 kfree_skb(bcsp->rx_skb);
620 bcsp->rx_skb = NULL;
621 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
622 bcsp->rx_count = 0;
623 continue;
624 }
625 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
626 bcsp_complete_rx_pkt(hu);
627 continue;
628
629 case BCSP_W4_PKT_DELIMITER:
630 switch (*ptr) {
631 case 0xc0:
632 bcsp->rx_state = BCSP_W4_PKT_START;
633 break;
634 default:
635 /*BT_ERR("Ignoring byte %02x", *ptr);*/
636 break;
637 }
638 ptr++; count--;
639 break;
640
641 case BCSP_W4_PKT_START:
642 switch (*ptr) {
643 case 0xc0:
644 ptr++; count--;
645 break;
646
647 default:
648 bcsp->rx_state = BCSP_W4_BCSP_HDR;
649 bcsp->rx_count = 4;
650 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
651 BCSP_CRC_INIT(bcsp->message_crc);
652
653 /* Do not increment ptr or decrement count
654 * Allocate packet. Max len of a BCSP pkt=
655 * 0xFFF (payload) +4 (header) +2 (crc) */
656
657 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
658 if (!bcsp->rx_skb) {
659 BT_ERR("Can't allocate mem for new packet");
660 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
661 bcsp->rx_count = 0;
662 return 0;
663 }
664 break;
665 }
666 break;
667 }
668 }
669 return count;
670 }
671
672 /* Arrange to retransmit all messages in the relq. */
bcsp_timed_event(unsigned long arg)673 static void bcsp_timed_event(unsigned long arg)
674 {
675 struct hci_uart *hu = (struct hci_uart *) arg;
676 struct bcsp_struct *bcsp = hu->priv;
677 struct sk_buff *skb;
678 unsigned long flags;
679
680 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
681
682 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
683
684 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
685 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
686 skb_queue_head(&bcsp->rel, skb);
687 }
688
689 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
690
691 hci_uart_tx_wakeup(hu);
692 }
693
bcsp_open(struct hci_uart * hu)694 static int bcsp_open(struct hci_uart *hu)
695 {
696 struct bcsp_struct *bcsp;
697
698 BT_DBG("hu %p", hu);
699
700 bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
701 if (!bcsp)
702 return -ENOMEM;
703
704 hu->priv = bcsp;
705 skb_queue_head_init(&bcsp->unack);
706 skb_queue_head_init(&bcsp->rel);
707 skb_queue_head_init(&bcsp->unrel);
708
709 init_timer(&bcsp->tbcsp);
710 bcsp->tbcsp.function = bcsp_timed_event;
711 bcsp->tbcsp.data = (u_long) hu;
712
713 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
714
715 if (txcrc)
716 bcsp->use_crc = 1;
717
718 return 0;
719 }
720
bcsp_close(struct hci_uart * hu)721 static int bcsp_close(struct hci_uart *hu)
722 {
723 struct bcsp_struct *bcsp = hu->priv;
724
725 del_timer_sync(&bcsp->tbcsp);
726
727 hu->priv = NULL;
728
729 BT_DBG("hu %p", hu);
730
731 skb_queue_purge(&bcsp->unack);
732 skb_queue_purge(&bcsp->rel);
733 skb_queue_purge(&bcsp->unrel);
734
735 if (bcsp->rx_skb) {
736 kfree_skb(bcsp->rx_skb);
737 bcsp->rx_skb = NULL;
738 }
739
740 kfree(bcsp);
741 return 0;
742 }
743
744 static const struct hci_uart_proto bcsp = {
745 .id = HCI_UART_BCSP,
746 .name = "BCSP",
747 .open = bcsp_open,
748 .close = bcsp_close,
749 .enqueue = bcsp_enqueue,
750 .dequeue = bcsp_dequeue,
751 .recv = bcsp_recv,
752 .flush = bcsp_flush
753 };
754
bcsp_init(void)755 int __init bcsp_init(void)
756 {
757 return hci_uart_register_proto(&bcsp);
758 }
759
bcsp_deinit(void)760 int __exit bcsp_deinit(void)
761 {
762 return hci_uart_unregister_proto(&bcsp);
763 }
764
765 module_param(txcrc, bool, 0644);
766 MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
767
768 module_param(hciextn, bool, 0644);
769 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");
770