1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Bluetooth HCI UART driver 5 * 6 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com> 7 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org> 8 */ 9 10 #include <linux/module.h> 11 12 #include <linux/kernel.h> 13 #include <linux/init.h> 14 #include <linux/types.h> 15 #include <linux/fcntl.h> 16 #include <linux/interrupt.h> 17 #include <linux/ptrace.h> 18 #include <linux/poll.h> 19 20 #include <linux/slab.h> 21 #include <linux/tty.h> 22 #include <linux/errno.h> 23 #include <linux/string.h> 24 #include <linux/signal.h> 25 #include <linux/ioctl.h> 26 #include <linux/skbuff.h> 27 #include <linux/bitrev.h> 28 #include <asm/unaligned.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 33 #include "hci_uart.h" 34 35 static bool txcrc = true; 36 static bool hciextn = true; 37 38 #define BCSP_TXWINSIZE 4 39 40 #define BCSP_ACK_PKT 0x05 41 #define BCSP_LE_PKT 0x06 42 43 struct bcsp_struct { 44 struct sk_buff_head unack; /* Unack'ed packets queue */ 45 struct sk_buff_head rel; /* Reliable packets queue */ 46 struct sk_buff_head unrel; /* Unreliable packets queue */ 47 48 unsigned long rx_count; 49 struct sk_buff *rx_skb; 50 u8 rxseq_txack; /* rxseq == txack. */ 51 u8 rxack; /* Last packet sent by us that the peer ack'ed */ 52 struct timer_list tbcsp; 53 struct hci_uart *hu; 54 55 enum { 56 BCSP_W4_PKT_DELIMITER, 57 BCSP_W4_PKT_START, 58 BCSP_W4_BCSP_HDR, 59 BCSP_W4_DATA, 60 BCSP_W4_CRC 61 } rx_state; 62 63 enum { 64 BCSP_ESCSTATE_NOESC, 65 BCSP_ESCSTATE_ESC 66 } rx_esc_state; 67 68 u8 use_crc; 69 u16 message_crc; 70 u8 txack_req; /* Do we need to send ack's to the peer? */ 71 72 /* Reliable packet sequence number - used to assign seq to each rel pkt. */ 73 u8 msgq_txseq; 74 }; 75 76 /* ---- BCSP CRC calculation ---- */ 77 78 /* Table for calculating CRC for polynomial 0x1021, LSB processed first, 79 * initial value 0xffff, bits shifted in reverse order. 80 */ 81 82 static const u16 crc_table[] = { 83 0x0000, 0x1081, 0x2102, 0x3183, 84 0x4204, 0x5285, 0x6306, 0x7387, 85 0x8408, 0x9489, 0xa50a, 0xb58b, 86 0xc60c, 0xd68d, 0xe70e, 0xf78f 87 }; 88 89 /* Initialise the crc calculator */ 90 #define BCSP_CRC_INIT(x) x = 0xffff 91 92 /* Update crc with next data byte 93 * 94 * Implementation note 95 * The data byte is treated as two nibbles. The crc is generated 96 * in reverse, i.e., bits are fed into the register from the top. 97 */ 98 static void bcsp_crc_update(u16 *crc, u8 d) 99 { 100 u16 reg = *crc; 101 102 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f]; 103 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f]; 104 105 *crc = reg; 106 } 107 108 /* ---- BCSP core ---- */ 109 110 static void bcsp_slip_msgdelim(struct sk_buff *skb) 111 { 112 const char pkt_delim = 0xc0; 113 114 skb_put_data(skb, &pkt_delim, 1); 115 } 116 117 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c) 118 { 119 const char esc_c0[2] = { 0xdb, 0xdc }; 120 const char esc_db[2] = { 0xdb, 0xdd }; 121 122 switch (c) { 123 case 0xc0: 124 skb_put_data(skb, &esc_c0, 2); 125 break; 126 case 0xdb: 127 skb_put_data(skb, &esc_db, 2); 128 break; 129 default: 130 skb_put_data(skb, &c, 1); 131 } 132 } 133 134 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb) 135 { 136 struct bcsp_struct *bcsp = hu->priv; 137 138 if (skb->len > 0xFFF) { 139 BT_ERR("Packet too long"); 140 kfree_skb(skb); 141 return 0; 142 } 143 144 switch (hci_skb_pkt_type(skb)) { 145 case HCI_ACLDATA_PKT: 146 case HCI_COMMAND_PKT: 147 skb_queue_tail(&bcsp->rel, skb); 148 break; 149 150 case HCI_SCODATA_PKT: 151 skb_queue_tail(&bcsp->unrel, skb); 152 break; 153 154 default: 155 BT_ERR("Unknown packet type"); 156 kfree_skb(skb); 157 break; 158 } 159 160 return 0; 161 } 162 163 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data, 164 int len, int pkt_type) 165 { 166 struct sk_buff *nskb; 167 u8 hdr[4], chan; 168 u16 BCSP_CRC_INIT(bcsp_txmsg_crc); 169 int rel, i; 170 171 switch (pkt_type) { 172 case HCI_ACLDATA_PKT: 173 chan = 6; /* BCSP ACL channel */ 174 rel = 1; /* reliable channel */ 175 break; 176 case HCI_COMMAND_PKT: 177 chan = 5; /* BCSP cmd/evt channel */ 178 rel = 1; /* reliable channel */ 179 break; 180 case HCI_SCODATA_PKT: 181 chan = 7; /* BCSP SCO channel */ 182 rel = 0; /* unreliable channel */ 183 break; 184 case BCSP_LE_PKT: 185 chan = 1; /* BCSP LE channel */ 186 rel = 0; /* unreliable channel */ 187 break; 188 case BCSP_ACK_PKT: 189 chan = 0; /* BCSP internal channel */ 190 rel = 0; /* unreliable channel */ 191 break; 192 default: 193 BT_ERR("Unknown packet type"); 194 return NULL; 195 } 196 197 if (hciextn && chan == 5) { 198 __le16 opcode = ((struct hci_command_hdr *)data)->opcode; 199 200 /* Vendor specific commands */ 201 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) { 202 u8 desc = *(data + HCI_COMMAND_HDR_SIZE); 203 204 if ((desc & 0xf0) == 0xc0) { 205 data += HCI_COMMAND_HDR_SIZE + 1; 206 len -= HCI_COMMAND_HDR_SIZE + 1; 207 chan = desc & 0x0f; 208 } 209 } 210 } 211 212 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2 213 * (because bytes 0xc0 and 0xdb are escaped, worst case is 214 * when the packet is all made of 0xc0 and 0xdb :) ) 215 * + 2 (0xc0 delimiters at start and end). 216 */ 217 218 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC); 219 if (!nskb) 220 return NULL; 221 222 hci_skb_pkt_type(nskb) = pkt_type; 223 224 bcsp_slip_msgdelim(nskb); 225 226 hdr[0] = bcsp->rxseq_txack << 3; 227 bcsp->txack_req = 0; 228 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack); 229 230 if (rel) { 231 hdr[0] |= 0x80 + bcsp->msgq_txseq; 232 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq); 233 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07; 234 } 235 236 if (bcsp->use_crc) 237 hdr[0] |= 0x40; 238 239 hdr[1] = ((len << 4) & 0xff) | chan; 240 hdr[2] = len >> 4; 241 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]); 242 243 /* Put BCSP header */ 244 for (i = 0; i < 4; i++) { 245 bcsp_slip_one_byte(nskb, hdr[i]); 246 247 if (bcsp->use_crc) 248 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]); 249 } 250 251 /* Put payload */ 252 for (i = 0; i < len; i++) { 253 bcsp_slip_one_byte(nskb, data[i]); 254 255 if (bcsp->use_crc) 256 bcsp_crc_update(&bcsp_txmsg_crc, data[i]); 257 } 258 259 /* Put CRC */ 260 if (bcsp->use_crc) { 261 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc); 262 bcsp_slip_one_byte(nskb, (u8)((bcsp_txmsg_crc >> 8) & 0x00ff)); 263 bcsp_slip_one_byte(nskb, (u8)(bcsp_txmsg_crc & 0x00ff)); 264 } 265 266 bcsp_slip_msgdelim(nskb); 267 return nskb; 268 } 269 270 /* This is a rewrite of pkt_avail in ABCSP */ 271 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu) 272 { 273 struct bcsp_struct *bcsp = hu->priv; 274 unsigned long flags; 275 struct sk_buff *skb; 276 277 /* First of all, check for unreliable messages in the queue, 278 * since they have priority 279 */ 280 281 skb = skb_dequeue(&bcsp->unrel); 282 if (skb != NULL) { 283 struct sk_buff *nskb; 284 285 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, 286 hci_skb_pkt_type(skb)); 287 if (nskb) { 288 kfree_skb(skb); 289 return nskb; 290 } else { 291 skb_queue_head(&bcsp->unrel, skb); 292 BT_ERR("Could not dequeue pkt because alloc_skb failed"); 293 } 294 } 295 296 /* Now, try to send a reliable pkt. We can only send a 297 * reliable packet if the number of packets sent but not yet ack'ed 298 * is < than the winsize 299 */ 300 301 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING); 302 303 if (bcsp->unack.qlen < BCSP_TXWINSIZE) { 304 skb = skb_dequeue(&bcsp->rel); 305 if (skb != NULL) { 306 struct sk_buff *nskb; 307 308 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, 309 hci_skb_pkt_type(skb)); 310 if (nskb) { 311 __skb_queue_tail(&bcsp->unack, skb); 312 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4); 313 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 314 return nskb; 315 } else { 316 skb_queue_head(&bcsp->rel, skb); 317 BT_ERR("Could not dequeue pkt because alloc_skb failed"); 318 } 319 } 320 } 321 322 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 323 324 /* We could not send a reliable packet, either because there are 325 * none or because there are too many unack'ed pkts. Did we receive 326 * any packets we have not acknowledged yet ? 327 */ 328 329 if (bcsp->txack_req) { 330 /* if so, craft an empty ACK pkt and send it on BCSP unreliable 331 * channel 0 332 */ 333 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT); 334 return nskb; 335 } 336 337 /* We have nothing to send */ 338 return NULL; 339 } 340 341 static int bcsp_flush(struct hci_uart *hu) 342 { 343 BT_DBG("hu %p", hu); 344 return 0; 345 } 346 347 /* Remove ack'ed packets */ 348 static void bcsp_pkt_cull(struct bcsp_struct *bcsp) 349 { 350 struct sk_buff *skb, *tmp; 351 unsigned long flags; 352 int i, pkts_to_be_removed; 353 u8 seqno; 354 355 spin_lock_irqsave(&bcsp->unack.lock, flags); 356 357 pkts_to_be_removed = skb_queue_len(&bcsp->unack); 358 seqno = bcsp->msgq_txseq; 359 360 while (pkts_to_be_removed) { 361 if (bcsp->rxack == seqno) 362 break; 363 pkts_to_be_removed--; 364 seqno = (seqno - 1) & 0x07; 365 } 366 367 if (bcsp->rxack != seqno) 368 BT_ERR("Peer acked invalid packet"); 369 370 BT_DBG("Removing %u pkts out of %u, up to seqno %u", 371 pkts_to_be_removed, skb_queue_len(&bcsp->unack), 372 (seqno - 1) & 0x07); 373 374 i = 0; 375 skb_queue_walk_safe(&bcsp->unack, skb, tmp) { 376 if (i >= pkts_to_be_removed) 377 break; 378 i++; 379 380 __skb_unlink(skb, &bcsp->unack); 381 kfree_skb(skb); 382 } 383 384 if (skb_queue_empty(&bcsp->unack)) 385 del_timer(&bcsp->tbcsp); 386 387 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 388 389 if (i != pkts_to_be_removed) 390 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed); 391 } 392 393 /* Handle BCSP link-establishment packets. When we 394 * detect a "sync" packet, symptom that the BT module has reset, 395 * we do nothing :) (yet) 396 */ 397 static void bcsp_handle_le_pkt(struct hci_uart *hu) 398 { 399 struct bcsp_struct *bcsp = hu->priv; 400 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed }; 401 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 }; 402 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed }; 403 404 /* spot "conf" pkts and reply with a "conf rsp" pkt */ 405 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 && 406 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) { 407 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC); 408 409 BT_DBG("Found a LE conf pkt"); 410 if (!nskb) 411 return; 412 skb_put_data(nskb, conf_rsp_pkt, 4); 413 hci_skb_pkt_type(nskb) = BCSP_LE_PKT; 414 415 skb_queue_head(&bcsp->unrel, nskb); 416 hci_uart_tx_wakeup(hu); 417 } 418 /* Spot "sync" pkts. If we find one...disaster! */ 419 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 && 420 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) { 421 BT_ERR("Found a LE sync pkt, card has reset"); 422 } 423 } 424 425 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte) 426 { 427 const u8 c0 = 0xc0, db = 0xdb; 428 429 switch (bcsp->rx_esc_state) { 430 case BCSP_ESCSTATE_NOESC: 431 switch (byte) { 432 case 0xdb: 433 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC; 434 break; 435 default: 436 skb_put_data(bcsp->rx_skb, &byte, 1); 437 if ((bcsp->rx_skb->data[0] & 0x40) != 0 && 438 bcsp->rx_state != BCSP_W4_CRC) 439 bcsp_crc_update(&bcsp->message_crc, byte); 440 bcsp->rx_count--; 441 } 442 break; 443 444 case BCSP_ESCSTATE_ESC: 445 switch (byte) { 446 case 0xdc: 447 skb_put_data(bcsp->rx_skb, &c0, 1); 448 if ((bcsp->rx_skb->data[0] & 0x40) != 0 && 449 bcsp->rx_state != BCSP_W4_CRC) 450 bcsp_crc_update(&bcsp->message_crc, 0xc0); 451 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 452 bcsp->rx_count--; 453 break; 454 455 case 0xdd: 456 skb_put_data(bcsp->rx_skb, &db, 1); 457 if ((bcsp->rx_skb->data[0] & 0x40) != 0 && 458 bcsp->rx_state != BCSP_W4_CRC) 459 bcsp_crc_update(&bcsp->message_crc, 0xdb); 460 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 461 bcsp->rx_count--; 462 break; 463 464 default: 465 BT_ERR("Invalid byte %02x after esc byte", byte); 466 kfree_skb(bcsp->rx_skb); 467 bcsp->rx_skb = NULL; 468 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 469 bcsp->rx_count = 0; 470 } 471 } 472 } 473 474 static void bcsp_complete_rx_pkt(struct hci_uart *hu) 475 { 476 struct bcsp_struct *bcsp = hu->priv; 477 int pass_up = 0; 478 479 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */ 480 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack); 481 482 /* check the rx sequence number is as expected */ 483 if ((bcsp->rx_skb->data[0] & 0x07) == bcsp->rxseq_txack) { 484 bcsp->rxseq_txack++; 485 bcsp->rxseq_txack %= 0x8; 486 } else { 487 /* handle re-transmitted packet or 488 * when packet was missed 489 */ 490 BT_ERR("Out-of-order packet arrived, got %u expected %u", 491 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack); 492 493 /* do not process out-of-order packet payload */ 494 pass_up = 2; 495 } 496 497 /* send current txack value to all received reliable packets */ 498 bcsp->txack_req = 1; 499 500 /* If needed, transmit an ack pkt */ 501 hci_uart_tx_wakeup(hu); 502 } 503 504 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07; 505 BT_DBG("Request for pkt %u from card", bcsp->rxack); 506 507 /* handle received ACK indications, 508 * including those from out-of-order packets 509 */ 510 bcsp_pkt_cull(bcsp); 511 512 if (pass_up != 2) { 513 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 && 514 (bcsp->rx_skb->data[0] & 0x80)) { 515 hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT; 516 pass_up = 1; 517 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 && 518 (bcsp->rx_skb->data[0] & 0x80)) { 519 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT; 520 pass_up = 1; 521 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) { 522 hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT; 523 pass_up = 1; 524 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 && 525 !(bcsp->rx_skb->data[0] & 0x80)) { 526 bcsp_handle_le_pkt(hu); 527 pass_up = 0; 528 } else { 529 pass_up = 0; 530 } 531 } 532 533 if (pass_up == 0) { 534 struct hci_event_hdr hdr; 535 u8 desc = (bcsp->rx_skb->data[1] & 0x0f); 536 537 if (desc != 0 && desc != 1) { 538 if (hciextn) { 539 desc |= 0xc0; 540 skb_pull(bcsp->rx_skb, 4); 541 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1); 542 543 hdr.evt = 0xff; 544 hdr.plen = bcsp->rx_skb->len; 545 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE); 546 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT; 547 548 hci_recv_frame(hu->hdev, bcsp->rx_skb); 549 } else { 550 BT_ERR("Packet for unknown channel (%u %s)", 551 bcsp->rx_skb->data[1] & 0x0f, 552 bcsp->rx_skb->data[0] & 0x80 ? 553 "reliable" : "unreliable"); 554 kfree_skb(bcsp->rx_skb); 555 } 556 } else 557 kfree_skb(bcsp->rx_skb); 558 } else if (pass_up == 1) { 559 /* Pull out BCSP hdr */ 560 skb_pull(bcsp->rx_skb, 4); 561 562 hci_recv_frame(hu->hdev, bcsp->rx_skb); 563 } else { 564 /* ignore packet payload of already ACKed re-transmitted 565 * packets or when a packet was missed in the BCSP window 566 */ 567 kfree_skb(bcsp->rx_skb); 568 } 569 570 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 571 bcsp->rx_skb = NULL; 572 } 573 574 static u16 bscp_get_crc(struct bcsp_struct *bcsp) 575 { 576 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]); 577 } 578 579 /* Recv data */ 580 static int bcsp_recv(struct hci_uart *hu, const void *data, int count) 581 { 582 struct bcsp_struct *bcsp = hu->priv; 583 const unsigned char *ptr; 584 585 BT_DBG("hu %p count %d rx_state %d rx_count %ld", 586 hu, count, bcsp->rx_state, bcsp->rx_count); 587 588 ptr = data; 589 while (count) { 590 if (bcsp->rx_count) { 591 if (*ptr == 0xc0) { 592 BT_ERR("Short BCSP packet"); 593 kfree_skb(bcsp->rx_skb); 594 bcsp->rx_state = BCSP_W4_PKT_START; 595 bcsp->rx_count = 0; 596 } else 597 bcsp_unslip_one_byte(bcsp, *ptr); 598 599 ptr++; count--; 600 continue; 601 } 602 603 switch (bcsp->rx_state) { 604 case BCSP_W4_BCSP_HDR: 605 if ((0xff & (u8)~(bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] + 606 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) { 607 BT_ERR("Error in BCSP hdr checksum"); 608 kfree_skb(bcsp->rx_skb); 609 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 610 bcsp->rx_count = 0; 611 continue; 612 } 613 bcsp->rx_state = BCSP_W4_DATA; 614 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) + 615 (bcsp->rx_skb->data[2] << 4); /* May be 0 */ 616 continue; 617 618 case BCSP_W4_DATA: 619 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */ 620 bcsp->rx_state = BCSP_W4_CRC; 621 bcsp->rx_count = 2; 622 } else 623 bcsp_complete_rx_pkt(hu); 624 continue; 625 626 case BCSP_W4_CRC: 627 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) { 628 BT_ERR("Checksum failed: computed %04x received %04x", 629 bitrev16(bcsp->message_crc), 630 bscp_get_crc(bcsp)); 631 632 kfree_skb(bcsp->rx_skb); 633 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 634 bcsp->rx_count = 0; 635 continue; 636 } 637 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2); 638 bcsp_complete_rx_pkt(hu); 639 continue; 640 641 case BCSP_W4_PKT_DELIMITER: 642 switch (*ptr) { 643 case 0xc0: 644 bcsp->rx_state = BCSP_W4_PKT_START; 645 break; 646 default: 647 /*BT_ERR("Ignoring byte %02x", *ptr);*/ 648 break; 649 } 650 ptr++; count--; 651 break; 652 653 case BCSP_W4_PKT_START: 654 switch (*ptr) { 655 case 0xc0: 656 ptr++; count--; 657 break; 658 659 default: 660 bcsp->rx_state = BCSP_W4_BCSP_HDR; 661 bcsp->rx_count = 4; 662 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 663 BCSP_CRC_INIT(bcsp->message_crc); 664 665 /* Do not increment ptr or decrement count 666 * Allocate packet. Max len of a BCSP pkt= 667 * 0xFFF (payload) +4 (header) +2 (crc) 668 */ 669 670 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC); 671 if (!bcsp->rx_skb) { 672 BT_ERR("Can't allocate mem for new packet"); 673 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 674 bcsp->rx_count = 0; 675 return 0; 676 } 677 break; 678 } 679 break; 680 } 681 } 682 return count; 683 } 684 685 /* Arrange to retransmit all messages in the relq. */ 686 static void bcsp_timed_event(struct timer_list *t) 687 { 688 struct bcsp_struct *bcsp = from_timer(bcsp, t, tbcsp); 689 struct hci_uart *hu = bcsp->hu; 690 struct sk_buff *skb; 691 unsigned long flags; 692 693 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen); 694 695 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING); 696 697 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) { 698 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07; 699 skb_queue_head(&bcsp->rel, skb); 700 } 701 702 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 703 704 hci_uart_tx_wakeup(hu); 705 } 706 707 static int bcsp_open(struct hci_uart *hu) 708 { 709 struct bcsp_struct *bcsp; 710 711 BT_DBG("hu %p", hu); 712 713 bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL); 714 if (!bcsp) 715 return -ENOMEM; 716 717 hu->priv = bcsp; 718 bcsp->hu = hu; 719 skb_queue_head_init(&bcsp->unack); 720 skb_queue_head_init(&bcsp->rel); 721 skb_queue_head_init(&bcsp->unrel); 722 723 timer_setup(&bcsp->tbcsp, bcsp_timed_event, 0); 724 725 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 726 727 if (txcrc) 728 bcsp->use_crc = 1; 729 730 return 0; 731 } 732 733 static int bcsp_close(struct hci_uart *hu) 734 { 735 struct bcsp_struct *bcsp = hu->priv; 736 737 del_timer_sync(&bcsp->tbcsp); 738 739 hu->priv = NULL; 740 741 BT_DBG("hu %p", hu); 742 743 skb_queue_purge(&bcsp->unack); 744 skb_queue_purge(&bcsp->rel); 745 skb_queue_purge(&bcsp->unrel); 746 747 kfree(bcsp); 748 return 0; 749 } 750 751 static const struct hci_uart_proto bcsp = { 752 .id = HCI_UART_BCSP, 753 .name = "BCSP", 754 .open = bcsp_open, 755 .close = bcsp_close, 756 .enqueue = bcsp_enqueue, 757 .dequeue = bcsp_dequeue, 758 .recv = bcsp_recv, 759 .flush = bcsp_flush 760 }; 761 762 int __init bcsp_init(void) 763 { 764 return hci_uart_register_proto(&bcsp); 765 } 766 767 int __exit bcsp_deinit(void) 768 { 769 return hci_uart_unregister_proto(&bcsp); 770 } 771 772 module_param(txcrc, bool, 0644); 773 MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet"); 774 775 module_param(hciextn, bool, 0644); 776 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets"); 777