1 /* 2 * 3 * Bluetooth HCI UART driver 4 * 5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com> 6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org> 7 * 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program; if not, write to the Free Software 21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 22 * 23 */ 24 25 #include <linux/module.h> 26 27 #include <linux/kernel.h> 28 #include <linux/init.h> 29 #include <linux/types.h> 30 #include <linux/fcntl.h> 31 #include <linux/interrupt.h> 32 #include <linux/ptrace.h> 33 #include <linux/poll.h> 34 35 #include <linux/slab.h> 36 #include <linux/tty.h> 37 #include <linux/errno.h> 38 #include <linux/string.h> 39 #include <linux/signal.h> 40 #include <linux/ioctl.h> 41 #include <linux/skbuff.h> 42 43 #include <net/bluetooth/bluetooth.h> 44 #include <net/bluetooth/hci_core.h> 45 46 #include "hci_uart.h" 47 48 #ifndef CONFIG_BT_HCIUART_DEBUG 49 #undef BT_DBG 50 #define BT_DBG( A... ) 51 #endif 52 53 #define VERSION "0.3" 54 55 static int txcrc = 1; 56 static int hciextn = 1; 57 58 #define BCSP_TXWINSIZE 4 59 60 #define BCSP_ACK_PKT 0x05 61 #define BCSP_LE_PKT 0x06 62 63 struct bcsp_struct { 64 struct sk_buff_head unack; /* Unack'ed packets queue */ 65 struct sk_buff_head rel; /* Reliable packets queue */ 66 struct sk_buff_head unrel; /* Unreliable packets queue */ 67 68 unsigned long rx_count; 69 struct sk_buff *rx_skb; 70 u8 rxseq_txack; /* rxseq == txack. */ 71 u8 rxack; /* Last packet sent by us that the peer ack'ed */ 72 struct timer_list tbcsp; 73 74 enum { 75 BCSP_W4_PKT_DELIMITER, 76 BCSP_W4_PKT_START, 77 BCSP_W4_BCSP_HDR, 78 BCSP_W4_DATA, 79 BCSP_W4_CRC 80 } rx_state; 81 82 enum { 83 BCSP_ESCSTATE_NOESC, 84 BCSP_ESCSTATE_ESC 85 } rx_esc_state; 86 87 u8 use_crc; 88 u16 message_crc; 89 u8 txack_req; /* Do we need to send ack's to the peer? */ 90 91 /* Reliable packet sequence number - used to assign seq to each rel pkt. */ 92 u8 msgq_txseq; 93 }; 94 95 /* ---- BCSP CRC calculation ---- */ 96 97 /* Table for calculating CRC for polynomial 0x1021, LSB processed first, 98 initial value 0xffff, bits shifted in reverse order. */ 99 100 static const u16 crc_table[] = { 101 0x0000, 0x1081, 0x2102, 0x3183, 102 0x4204, 0x5285, 0x6306, 0x7387, 103 0x8408, 0x9489, 0xa50a, 0xb58b, 104 0xc60c, 0xd68d, 0xe70e, 0xf78f 105 }; 106 107 /* Initialise the crc calculator */ 108 #define BCSP_CRC_INIT(x) x = 0xffff 109 110 /* 111 Update crc with next data byte 112 113 Implementation note 114 The data byte is treated as two nibbles. The crc is generated 115 in reverse, i.e., bits are fed into the register from the top. 116 */ 117 static void bcsp_crc_update(u16 *crc, u8 d) 118 { 119 u16 reg = *crc; 120 121 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f]; 122 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f]; 123 124 *crc = reg; 125 } 126 127 /* 128 Get reverse of generated crc 129 130 Implementation note 131 The crc generator (bcsp_crc_init() and bcsp_crc_update()) 132 creates a reversed crc, so it needs to be swapped back before 133 being passed on. 134 */ 135 static u16 bcsp_crc_reverse(u16 crc) 136 { 137 u16 b, rev; 138 139 for (b = 0, rev = 0; b < 16; b++) { 140 rev = rev << 1; 141 rev |= (crc & 1); 142 crc = crc >> 1; 143 } 144 145 return (rev); 146 } 147 148 /* ---- BCSP core ---- */ 149 150 static void bcsp_slip_msgdelim(struct sk_buff *skb) 151 { 152 const char pkt_delim = 0xc0; 153 154 memcpy(skb_put(skb, 1), &pkt_delim, 1); 155 } 156 157 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c) 158 { 159 const char esc_c0[2] = { 0xdb, 0xdc }; 160 const char esc_db[2] = { 0xdb, 0xdd }; 161 162 switch (c) { 163 case 0xc0: 164 memcpy(skb_put(skb, 2), &esc_c0, 2); 165 break; 166 case 0xdb: 167 memcpy(skb_put(skb, 2), &esc_db, 2); 168 break; 169 default: 170 memcpy(skb_put(skb, 1), &c, 1); 171 } 172 } 173 174 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb) 175 { 176 struct bcsp_struct *bcsp = hu->priv; 177 178 if (skb->len > 0xFFF) { 179 BT_ERR("Packet too long"); 180 kfree_skb(skb); 181 return 0; 182 } 183 184 switch (bt_cb(skb)->pkt_type) { 185 case HCI_ACLDATA_PKT: 186 case HCI_COMMAND_PKT: 187 skb_queue_tail(&bcsp->rel, skb); 188 break; 189 190 case HCI_SCODATA_PKT: 191 skb_queue_tail(&bcsp->unrel, skb); 192 break; 193 194 default: 195 BT_ERR("Unknown packet type"); 196 kfree_skb(skb); 197 break; 198 } 199 200 return 0; 201 } 202 203 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data, 204 int len, int pkt_type) 205 { 206 struct sk_buff *nskb; 207 u8 hdr[4], chan; 208 u16 BCSP_CRC_INIT(bcsp_txmsg_crc); 209 int rel, i; 210 211 switch (pkt_type) { 212 case HCI_ACLDATA_PKT: 213 chan = 6; /* BCSP ACL channel */ 214 rel = 1; /* reliable channel */ 215 break; 216 case HCI_COMMAND_PKT: 217 chan = 5; /* BCSP cmd/evt channel */ 218 rel = 1; /* reliable channel */ 219 break; 220 case HCI_SCODATA_PKT: 221 chan = 7; /* BCSP SCO channel */ 222 rel = 0; /* unreliable channel */ 223 break; 224 case BCSP_LE_PKT: 225 chan = 1; /* BCSP LE channel */ 226 rel = 0; /* unreliable channel */ 227 break; 228 case BCSP_ACK_PKT: 229 chan = 0; /* BCSP internal channel */ 230 rel = 0; /* unreliable channel */ 231 break; 232 default: 233 BT_ERR("Unknown packet type"); 234 return NULL; 235 } 236 237 if (hciextn && chan == 5) { 238 struct hci_command_hdr *hdr = (struct hci_command_hdr *) data; 239 240 if (hci_opcode_ogf(__le16_to_cpu(hdr->opcode)) == OGF_VENDOR_CMD) { 241 u8 desc = *(data + HCI_COMMAND_HDR_SIZE); 242 if ((desc & 0xf0) == 0xc0) { 243 data += HCI_COMMAND_HDR_SIZE + 1; 244 len -= HCI_COMMAND_HDR_SIZE + 1; 245 chan = desc & 0x0f; 246 } 247 } 248 } 249 250 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2 251 (because bytes 0xc0 and 0xdb are escaped, worst case is 252 when the packet is all made of 0xc0 and 0xdb :) ) 253 + 2 (0xc0 delimiters at start and end). */ 254 255 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC); 256 if (!nskb) 257 return NULL; 258 259 bt_cb(nskb)->pkt_type = pkt_type; 260 261 bcsp_slip_msgdelim(nskb); 262 263 hdr[0] = bcsp->rxseq_txack << 3; 264 bcsp->txack_req = 0; 265 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack); 266 267 if (rel) { 268 hdr[0] |= 0x80 + bcsp->msgq_txseq; 269 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq); 270 bcsp->msgq_txseq = ++(bcsp->msgq_txseq) & 0x07; 271 } 272 273 if (bcsp->use_crc) 274 hdr[0] |= 0x40; 275 276 hdr[1] = ((len << 4) & 0xff) | chan; 277 hdr[2] = len >> 4; 278 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]); 279 280 /* Put BCSP header */ 281 for (i = 0; i < 4; i++) { 282 bcsp_slip_one_byte(nskb, hdr[i]); 283 284 if (bcsp->use_crc) 285 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]); 286 } 287 288 /* Put payload */ 289 for (i = 0; i < len; i++) { 290 bcsp_slip_one_byte(nskb, data[i]); 291 292 if (bcsp->use_crc) 293 bcsp_crc_update(&bcsp_txmsg_crc, data[i]); 294 } 295 296 /* Put CRC */ 297 if (bcsp->use_crc) { 298 bcsp_txmsg_crc = bcsp_crc_reverse(bcsp_txmsg_crc); 299 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff)); 300 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff)); 301 } 302 303 bcsp_slip_msgdelim(nskb); 304 return nskb; 305 } 306 307 /* This is a rewrite of pkt_avail in ABCSP */ 308 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu) 309 { 310 struct bcsp_struct *bcsp = hu->priv; 311 unsigned long flags; 312 struct sk_buff *skb; 313 314 /* First of all, check for unreliable messages in the queue, 315 since they have priority */ 316 317 if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) { 318 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type); 319 if (nskb) { 320 kfree_skb(skb); 321 return nskb; 322 } else { 323 skb_queue_head(&bcsp->unrel, skb); 324 BT_ERR("Could not dequeue pkt because alloc_skb failed"); 325 } 326 } 327 328 /* Now, try to send a reliable pkt. We can only send a 329 reliable packet if the number of packets sent but not yet ack'ed 330 is < than the winsize */ 331 332 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING); 333 334 if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) { 335 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type); 336 if (nskb) { 337 __skb_queue_tail(&bcsp->unack, skb); 338 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4); 339 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 340 return nskb; 341 } else { 342 skb_queue_head(&bcsp->rel, skb); 343 BT_ERR("Could not dequeue pkt because alloc_skb failed"); 344 } 345 } 346 347 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 348 349 /* We could not send a reliable packet, either because there are 350 none or because there are too many unack'ed pkts. Did we receive 351 any packets we have not acknowledged yet ? */ 352 353 if (bcsp->txack_req) { 354 /* if so, craft an empty ACK pkt and send it on BCSP unreliable 355 channel 0 */ 356 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT); 357 return nskb; 358 } 359 360 /* We have nothing to send */ 361 return NULL; 362 } 363 364 static int bcsp_flush(struct hci_uart *hu) 365 { 366 BT_DBG("hu %p", hu); 367 return 0; 368 } 369 370 /* Remove ack'ed packets */ 371 static void bcsp_pkt_cull(struct bcsp_struct *bcsp) 372 { 373 unsigned long flags; 374 struct sk_buff *skb; 375 int i, pkts_to_be_removed; 376 u8 seqno; 377 378 spin_lock_irqsave(&bcsp->unack.lock, flags); 379 380 pkts_to_be_removed = bcsp->unack.qlen; 381 seqno = bcsp->msgq_txseq; 382 383 while (pkts_to_be_removed) { 384 if (bcsp->rxack == seqno) 385 break; 386 pkts_to_be_removed--; 387 seqno = (seqno - 1) & 0x07; 388 } 389 390 if (bcsp->rxack != seqno) 391 BT_ERR("Peer acked invalid packet"); 392 393 BT_DBG("Removing %u pkts out of %u, up to seqno %u", 394 pkts_to_be_removed, bcsp->unack.qlen, (seqno - 1) & 0x07); 395 396 for (i = 0, skb = ((struct sk_buff *) &bcsp->unack)->next; i < pkts_to_be_removed 397 && skb != (struct sk_buff *) &bcsp->unack; i++) { 398 struct sk_buff *nskb; 399 400 nskb = skb->next; 401 __skb_unlink(skb, &bcsp->unack); 402 kfree_skb(skb); 403 skb = nskb; 404 } 405 406 if (bcsp->unack.qlen == 0) 407 del_timer(&bcsp->tbcsp); 408 409 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 410 411 if (i != pkts_to_be_removed) 412 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed); 413 } 414 415 /* Handle BCSP link-establishment packets. When we 416 detect a "sync" packet, symptom that the BT module has reset, 417 we do nothing :) (yet) */ 418 static void bcsp_handle_le_pkt(struct hci_uart *hu) 419 { 420 struct bcsp_struct *bcsp = hu->priv; 421 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed }; 422 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 }; 423 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed }; 424 425 /* spot "conf" pkts and reply with a "conf rsp" pkt */ 426 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 && 427 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) { 428 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC); 429 430 BT_DBG("Found a LE conf pkt"); 431 if (!nskb) 432 return; 433 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4); 434 bt_cb(nskb)->pkt_type = BCSP_LE_PKT; 435 436 skb_queue_head(&bcsp->unrel, nskb); 437 hci_uart_tx_wakeup(hu); 438 } 439 /* Spot "sync" pkts. If we find one...disaster! */ 440 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 && 441 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) { 442 BT_ERR("Found a LE sync pkt, card has reset"); 443 } 444 } 445 446 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte) 447 { 448 const u8 c0 = 0xc0, db = 0xdb; 449 450 switch (bcsp->rx_esc_state) { 451 case BCSP_ESCSTATE_NOESC: 452 switch (byte) { 453 case 0xdb: 454 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC; 455 break; 456 default: 457 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1); 458 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 && 459 bcsp->rx_state != BCSP_W4_CRC) 460 bcsp_crc_update(&bcsp->message_crc, byte); 461 bcsp->rx_count--; 462 } 463 break; 464 465 case BCSP_ESCSTATE_ESC: 466 switch (byte) { 467 case 0xdc: 468 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1); 469 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 && 470 bcsp->rx_state != BCSP_W4_CRC) 471 bcsp_crc_update(&bcsp-> message_crc, 0xc0); 472 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 473 bcsp->rx_count--; 474 break; 475 476 case 0xdd: 477 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1); 478 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 && 479 bcsp->rx_state != BCSP_W4_CRC) 480 bcsp_crc_update(&bcsp-> message_crc, 0xdb); 481 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 482 bcsp->rx_count--; 483 break; 484 485 default: 486 BT_ERR ("Invalid byte %02x after esc byte", byte); 487 kfree_skb(bcsp->rx_skb); 488 bcsp->rx_skb = NULL; 489 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 490 bcsp->rx_count = 0; 491 } 492 } 493 } 494 495 static void bcsp_complete_rx_pkt(struct hci_uart *hu) 496 { 497 struct bcsp_struct *bcsp = hu->priv; 498 int pass_up; 499 500 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */ 501 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack); 502 bcsp->rxseq_txack++; 503 bcsp->rxseq_txack %= 0x8; 504 bcsp->txack_req = 1; 505 506 /* If needed, transmit an ack pkt */ 507 hci_uart_tx_wakeup(hu); 508 } 509 510 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07; 511 BT_DBG("Request for pkt %u from card", bcsp->rxack); 512 513 bcsp_pkt_cull(bcsp); 514 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 && 515 bcsp->rx_skb->data[0] & 0x80) { 516 bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT; 517 pass_up = 1; 518 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 && 519 bcsp->rx_skb->data[0] & 0x80) { 520 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT; 521 pass_up = 1; 522 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) { 523 bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT; 524 pass_up = 1; 525 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 && 526 !(bcsp->rx_skb->data[0] & 0x80)) { 527 bcsp_handle_le_pkt(hu); 528 pass_up = 0; 529 } else 530 pass_up = 0; 531 532 if (!pass_up) { 533 struct hci_event_hdr hdr; 534 u8 desc = (bcsp->rx_skb->data[1] & 0x0f); 535 536 if (desc != 0 && desc != 1) { 537 if (hciextn) { 538 desc |= 0xc0; 539 skb_pull(bcsp->rx_skb, 4); 540 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1); 541 542 hdr.evt = 0xff; 543 hdr.plen = bcsp->rx_skb->len; 544 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE); 545 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT; 546 547 hci_recv_frame(bcsp->rx_skb); 548 } else { 549 BT_ERR ("Packet for unknown channel (%u %s)", 550 bcsp->rx_skb->data[1] & 0x0f, 551 bcsp->rx_skb->data[0] & 0x80 ? 552 "reliable" : "unreliable"); 553 kfree_skb(bcsp->rx_skb); 554 } 555 } else 556 kfree_skb(bcsp->rx_skb); 557 } else { 558 /* Pull out BCSP hdr */ 559 skb_pull(bcsp->rx_skb, 4); 560 561 hci_recv_frame(bcsp->rx_skb); 562 } 563 564 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 565 bcsp->rx_skb = NULL; 566 } 567 568 /* Recv data */ 569 static int bcsp_recv(struct hci_uart *hu, void *data, int count) 570 { 571 struct bcsp_struct *bcsp = hu->priv; 572 register unsigned char *ptr; 573 574 BT_DBG("hu %p count %d rx_state %d rx_count %ld", 575 hu, count, bcsp->rx_state, bcsp->rx_count); 576 577 ptr = data; 578 while (count) { 579 if (bcsp->rx_count) { 580 if (*ptr == 0xc0) { 581 BT_ERR("Short BCSP packet"); 582 kfree_skb(bcsp->rx_skb); 583 bcsp->rx_state = BCSP_W4_PKT_START; 584 bcsp->rx_count = 0; 585 } else 586 bcsp_unslip_one_byte(bcsp, *ptr); 587 588 ptr++; count--; 589 continue; 590 } 591 592 switch (bcsp->rx_state) { 593 case BCSP_W4_BCSP_HDR: 594 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] + 595 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) { 596 BT_ERR("Error in BCSP hdr checksum"); 597 kfree_skb(bcsp->rx_skb); 598 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 599 bcsp->rx_count = 0; 600 continue; 601 } 602 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */ 603 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) { 604 BT_ERR ("Out-of-order packet arrived, got %u expected %u", 605 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack); 606 607 kfree_skb(bcsp->rx_skb); 608 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 609 bcsp->rx_count = 0; 610 continue; 611 } 612 bcsp->rx_state = BCSP_W4_DATA; 613 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) + 614 (bcsp->rx_skb->data[2] << 4); /* May be 0 */ 615 continue; 616 617 case BCSP_W4_DATA: 618 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */ 619 bcsp->rx_state = BCSP_W4_CRC; 620 bcsp->rx_count = 2; 621 } else 622 bcsp_complete_rx_pkt(hu); 623 continue; 624 625 case BCSP_W4_CRC: 626 if (bcsp_crc_reverse(bcsp->message_crc) != 627 (bcsp->rx_skb->data[bcsp->rx_skb->len - 2] << 8) + 628 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]) { 629 630 BT_ERR ("Checksum failed: computed %04x received %04x", 631 bcsp_crc_reverse(bcsp->message_crc), 632 (bcsp->rx_skb-> data[bcsp->rx_skb->len - 2] << 8) + 633 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]); 634 635 kfree_skb(bcsp->rx_skb); 636 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 637 bcsp->rx_count = 0; 638 continue; 639 } 640 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2); 641 bcsp_complete_rx_pkt(hu); 642 continue; 643 644 case BCSP_W4_PKT_DELIMITER: 645 switch (*ptr) { 646 case 0xc0: 647 bcsp->rx_state = BCSP_W4_PKT_START; 648 break; 649 default: 650 /*BT_ERR("Ignoring byte %02x", *ptr);*/ 651 break; 652 } 653 ptr++; count--; 654 break; 655 656 case BCSP_W4_PKT_START: 657 switch (*ptr) { 658 case 0xc0: 659 ptr++; count--; 660 break; 661 662 default: 663 bcsp->rx_state = BCSP_W4_BCSP_HDR; 664 bcsp->rx_count = 4; 665 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 666 BCSP_CRC_INIT(bcsp->message_crc); 667 668 /* Do not increment ptr or decrement count 669 * Allocate packet. Max len of a BCSP pkt= 670 * 0xFFF (payload) +4 (header) +2 (crc) */ 671 672 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC); 673 if (!bcsp->rx_skb) { 674 BT_ERR("Can't allocate mem for new packet"); 675 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 676 bcsp->rx_count = 0; 677 return 0; 678 } 679 bcsp->rx_skb->dev = (void *) hu->hdev; 680 break; 681 } 682 break; 683 } 684 } 685 return count; 686 } 687 688 /* Arrange to retransmit all messages in the relq. */ 689 static void bcsp_timed_event(unsigned long arg) 690 { 691 struct hci_uart *hu = (struct hci_uart *) arg; 692 struct bcsp_struct *bcsp = hu->priv; 693 struct sk_buff *skb; 694 unsigned long flags; 695 696 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen); 697 698 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING); 699 700 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) { 701 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07; 702 skb_queue_head(&bcsp->rel, skb); 703 } 704 705 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 706 707 hci_uart_tx_wakeup(hu); 708 } 709 710 static int bcsp_open(struct hci_uart *hu) 711 { 712 struct bcsp_struct *bcsp; 713 714 BT_DBG("hu %p", hu); 715 716 bcsp = kzalloc(sizeof(*bcsp), GFP_ATOMIC); 717 if (!bcsp) 718 return -ENOMEM; 719 720 hu->priv = bcsp; 721 skb_queue_head_init(&bcsp->unack); 722 skb_queue_head_init(&bcsp->rel); 723 skb_queue_head_init(&bcsp->unrel); 724 725 init_timer(&bcsp->tbcsp); 726 bcsp->tbcsp.function = bcsp_timed_event; 727 bcsp->tbcsp.data = (u_long) hu; 728 729 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 730 731 if (txcrc) 732 bcsp->use_crc = 1; 733 734 return 0; 735 } 736 737 static int bcsp_close(struct hci_uart *hu) 738 { 739 struct bcsp_struct *bcsp = hu->priv; 740 hu->priv = NULL; 741 742 BT_DBG("hu %p", hu); 743 744 skb_queue_purge(&bcsp->unack); 745 skb_queue_purge(&bcsp->rel); 746 skb_queue_purge(&bcsp->unrel); 747 del_timer(&bcsp->tbcsp); 748 749 kfree(bcsp); 750 return 0; 751 } 752 753 static struct hci_uart_proto bcsp = { 754 .id = HCI_UART_BCSP, 755 .open = bcsp_open, 756 .close = bcsp_close, 757 .enqueue = bcsp_enqueue, 758 .dequeue = bcsp_dequeue, 759 .recv = bcsp_recv, 760 .flush = bcsp_flush 761 }; 762 763 int bcsp_init(void) 764 { 765 int err = hci_uart_register_proto(&bcsp); 766 767 if (!err) 768 BT_INFO("HCI BCSP protocol initialized"); 769 else 770 BT_ERR("HCI BCSP protocol registration failed"); 771 772 return err; 773 } 774 775 int bcsp_deinit(void) 776 { 777 return hci_uart_unregister_proto(&bcsp); 778 } 779 780 module_param(txcrc, bool, 0644); 781 MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet"); 782 783 module_param(hciextn, bool, 0644); 784 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets"); 785