1 /* 2 * 3 * Bluetooth HCI UART driver 4 * 5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com> 6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org> 7 * 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program; if not, write to the Free Software 21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 22 * 23 */ 24 25 #include <linux/module.h> 26 27 #include <linux/kernel.h> 28 #include <linux/init.h> 29 #include <linux/types.h> 30 #include <linux/fcntl.h> 31 #include <linux/interrupt.h> 32 #include <linux/ptrace.h> 33 #include <linux/poll.h> 34 35 #include <linux/slab.h> 36 #include <linux/tty.h> 37 #include <linux/errno.h> 38 #include <linux/string.h> 39 #include <linux/signal.h> 40 #include <linux/ioctl.h> 41 #include <linux/skbuff.h> 42 43 #include <net/bluetooth/bluetooth.h> 44 #include <net/bluetooth/hci_core.h> 45 46 #include "hci_uart.h" 47 48 #ifndef CONFIG_BT_HCIUART_DEBUG 49 #undef BT_DBG 50 #define BT_DBG( A... ) 51 #endif 52 53 #define VERSION "0.3" 54 55 static int txcrc = 1; 56 static int hciextn = 1; 57 58 #define BCSP_TXWINSIZE 4 59 60 #define BCSP_ACK_PKT 0x05 61 #define BCSP_LE_PKT 0x06 62 63 struct bcsp_struct { 64 struct sk_buff_head unack; /* Unack'ed packets queue */ 65 struct sk_buff_head rel; /* Reliable packets queue */ 66 struct sk_buff_head unrel; /* Unreliable packets queue */ 67 68 unsigned long rx_count; 69 struct sk_buff *rx_skb; 70 u8 rxseq_txack; /* rxseq == txack. */ 71 u8 rxack; /* Last packet sent by us that the peer ack'ed */ 72 struct timer_list tbcsp; 73 74 enum { 75 BCSP_W4_PKT_DELIMITER, 76 BCSP_W4_PKT_START, 77 BCSP_W4_BCSP_HDR, 78 BCSP_W4_DATA, 79 BCSP_W4_CRC 80 } rx_state; 81 82 enum { 83 BCSP_ESCSTATE_NOESC, 84 BCSP_ESCSTATE_ESC 85 } rx_esc_state; 86 87 u8 use_crc; 88 u16 message_crc; 89 u8 txack_req; /* Do we need to send ack's to the peer? */ 90 91 /* Reliable packet sequence number - used to assign seq to each rel pkt. */ 92 u8 msgq_txseq; 93 }; 94 95 /* ---- BCSP CRC calculation ---- */ 96 97 /* Table for calculating CRC for polynomial 0x1021, LSB processed first, 98 initial value 0xffff, bits shifted in reverse order. */ 99 100 static const u16 crc_table[] = { 101 0x0000, 0x1081, 0x2102, 0x3183, 102 0x4204, 0x5285, 0x6306, 0x7387, 103 0x8408, 0x9489, 0xa50a, 0xb58b, 104 0xc60c, 0xd68d, 0xe70e, 0xf78f 105 }; 106 107 /* Initialise the crc calculator */ 108 #define BCSP_CRC_INIT(x) x = 0xffff 109 110 /* 111 Update crc with next data byte 112 113 Implementation note 114 The data byte is treated as two nibbles. The crc is generated 115 in reverse, i.e., bits are fed into the register from the top. 116 */ 117 static void bcsp_crc_update(u16 *crc, u8 d) 118 { 119 u16 reg = *crc; 120 121 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f]; 122 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f]; 123 124 *crc = reg; 125 } 126 127 /* 128 Get reverse of generated crc 129 130 Implementation note 131 The crc generator (bcsp_crc_init() and bcsp_crc_update()) 132 creates a reversed crc, so it needs to be swapped back before 133 being passed on. 134 */ 135 static u16 bcsp_crc_reverse(u16 crc) 136 { 137 u16 b, rev; 138 139 for (b = 0, rev = 0; b < 16; b++) { 140 rev = rev << 1; 141 rev |= (crc & 1); 142 crc = crc >> 1; 143 } 144 145 return (rev); 146 } 147 148 /* ---- BCSP core ---- */ 149 150 static void bcsp_slip_msgdelim(struct sk_buff *skb) 151 { 152 const char pkt_delim = 0xc0; 153 154 memcpy(skb_put(skb, 1), &pkt_delim, 1); 155 } 156 157 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c) 158 { 159 const char esc_c0[2] = { 0xdb, 0xdc }; 160 const char esc_db[2] = { 0xdb, 0xdd }; 161 162 switch (c) { 163 case 0xc0: 164 memcpy(skb_put(skb, 2), &esc_c0, 2); 165 break; 166 case 0xdb: 167 memcpy(skb_put(skb, 2), &esc_db, 2); 168 break; 169 default: 170 memcpy(skb_put(skb, 1), &c, 1); 171 } 172 } 173 174 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb) 175 { 176 struct bcsp_struct *bcsp = hu->priv; 177 178 if (skb->len > 0xFFF) { 179 BT_ERR("Packet too long"); 180 kfree_skb(skb); 181 return 0; 182 } 183 184 switch (bt_cb(skb)->pkt_type) { 185 case HCI_ACLDATA_PKT: 186 case HCI_COMMAND_PKT: 187 skb_queue_tail(&bcsp->rel, skb); 188 break; 189 190 case HCI_SCODATA_PKT: 191 skb_queue_tail(&bcsp->unrel, skb); 192 break; 193 194 default: 195 BT_ERR("Unknown packet type"); 196 kfree_skb(skb); 197 break; 198 } 199 200 return 0; 201 } 202 203 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data, 204 int len, int pkt_type) 205 { 206 struct sk_buff *nskb; 207 u8 hdr[4], chan; 208 u16 BCSP_CRC_INIT(bcsp_txmsg_crc); 209 int rel, i; 210 211 switch (pkt_type) { 212 case HCI_ACLDATA_PKT: 213 chan = 6; /* BCSP ACL channel */ 214 rel = 1; /* reliable channel */ 215 break; 216 case HCI_COMMAND_PKT: 217 chan = 5; /* BCSP cmd/evt channel */ 218 rel = 1; /* reliable channel */ 219 break; 220 case HCI_SCODATA_PKT: 221 chan = 7; /* BCSP SCO channel */ 222 rel = 0; /* unreliable channel */ 223 break; 224 case BCSP_LE_PKT: 225 chan = 1; /* BCSP LE channel */ 226 rel = 0; /* unreliable channel */ 227 break; 228 case BCSP_ACK_PKT: 229 chan = 0; /* BCSP internal channel */ 230 rel = 0; /* unreliable channel */ 231 break; 232 default: 233 BT_ERR("Unknown packet type"); 234 return NULL; 235 } 236 237 if (hciextn && chan == 5) { 238 struct hci_command_hdr *hdr = (struct hci_command_hdr *) data; 239 240 /* Vendor specific commands */ 241 if (hci_opcode_ogf(__le16_to_cpu(hdr->opcode)) == 0x3f) { 242 u8 desc = *(data + HCI_COMMAND_HDR_SIZE); 243 if ((desc & 0xf0) == 0xc0) { 244 data += HCI_COMMAND_HDR_SIZE + 1; 245 len -= HCI_COMMAND_HDR_SIZE + 1; 246 chan = desc & 0x0f; 247 } 248 } 249 } 250 251 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2 252 (because bytes 0xc0 and 0xdb are escaped, worst case is 253 when the packet is all made of 0xc0 and 0xdb :) ) 254 + 2 (0xc0 delimiters at start and end). */ 255 256 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC); 257 if (!nskb) 258 return NULL; 259 260 bt_cb(nskb)->pkt_type = pkt_type; 261 262 bcsp_slip_msgdelim(nskb); 263 264 hdr[0] = bcsp->rxseq_txack << 3; 265 bcsp->txack_req = 0; 266 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack); 267 268 if (rel) { 269 hdr[0] |= 0x80 + bcsp->msgq_txseq; 270 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq); 271 bcsp->msgq_txseq = ++(bcsp->msgq_txseq) & 0x07; 272 } 273 274 if (bcsp->use_crc) 275 hdr[0] |= 0x40; 276 277 hdr[1] = ((len << 4) & 0xff) | chan; 278 hdr[2] = len >> 4; 279 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]); 280 281 /* Put BCSP header */ 282 for (i = 0; i < 4; i++) { 283 bcsp_slip_one_byte(nskb, hdr[i]); 284 285 if (bcsp->use_crc) 286 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]); 287 } 288 289 /* Put payload */ 290 for (i = 0; i < len; i++) { 291 bcsp_slip_one_byte(nskb, data[i]); 292 293 if (bcsp->use_crc) 294 bcsp_crc_update(&bcsp_txmsg_crc, data[i]); 295 } 296 297 /* Put CRC */ 298 if (bcsp->use_crc) { 299 bcsp_txmsg_crc = bcsp_crc_reverse(bcsp_txmsg_crc); 300 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff)); 301 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff)); 302 } 303 304 bcsp_slip_msgdelim(nskb); 305 return nskb; 306 } 307 308 /* This is a rewrite of pkt_avail in ABCSP */ 309 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu) 310 { 311 struct bcsp_struct *bcsp = hu->priv; 312 unsigned long flags; 313 struct sk_buff *skb; 314 315 /* First of all, check for unreliable messages in the queue, 316 since they have priority */ 317 318 if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) { 319 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type); 320 if (nskb) { 321 kfree_skb(skb); 322 return nskb; 323 } else { 324 skb_queue_head(&bcsp->unrel, skb); 325 BT_ERR("Could not dequeue pkt because alloc_skb failed"); 326 } 327 } 328 329 /* Now, try to send a reliable pkt. We can only send a 330 reliable packet if the number of packets sent but not yet ack'ed 331 is < than the winsize */ 332 333 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING); 334 335 if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) { 336 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type); 337 if (nskb) { 338 __skb_queue_tail(&bcsp->unack, skb); 339 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4); 340 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 341 return nskb; 342 } else { 343 skb_queue_head(&bcsp->rel, skb); 344 BT_ERR("Could not dequeue pkt because alloc_skb failed"); 345 } 346 } 347 348 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 349 350 /* We could not send a reliable packet, either because there are 351 none or because there are too many unack'ed pkts. Did we receive 352 any packets we have not acknowledged yet ? */ 353 354 if (bcsp->txack_req) { 355 /* if so, craft an empty ACK pkt and send it on BCSP unreliable 356 channel 0 */ 357 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT); 358 return nskb; 359 } 360 361 /* We have nothing to send */ 362 return NULL; 363 } 364 365 static int bcsp_flush(struct hci_uart *hu) 366 { 367 BT_DBG("hu %p", hu); 368 return 0; 369 } 370 371 /* Remove ack'ed packets */ 372 static void bcsp_pkt_cull(struct bcsp_struct *bcsp) 373 { 374 unsigned long flags; 375 struct sk_buff *skb; 376 int i, pkts_to_be_removed; 377 u8 seqno; 378 379 spin_lock_irqsave(&bcsp->unack.lock, flags); 380 381 pkts_to_be_removed = bcsp->unack.qlen; 382 seqno = bcsp->msgq_txseq; 383 384 while (pkts_to_be_removed) { 385 if (bcsp->rxack == seqno) 386 break; 387 pkts_to_be_removed--; 388 seqno = (seqno - 1) & 0x07; 389 } 390 391 if (bcsp->rxack != seqno) 392 BT_ERR("Peer acked invalid packet"); 393 394 BT_DBG("Removing %u pkts out of %u, up to seqno %u", 395 pkts_to_be_removed, bcsp->unack.qlen, (seqno - 1) & 0x07); 396 397 for (i = 0, skb = ((struct sk_buff *) &bcsp->unack)->next; i < pkts_to_be_removed 398 && skb != (struct sk_buff *) &bcsp->unack; i++) { 399 struct sk_buff *nskb; 400 401 nskb = skb->next; 402 __skb_unlink(skb, &bcsp->unack); 403 kfree_skb(skb); 404 skb = nskb; 405 } 406 407 if (bcsp->unack.qlen == 0) 408 del_timer(&bcsp->tbcsp); 409 410 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 411 412 if (i != pkts_to_be_removed) 413 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed); 414 } 415 416 /* Handle BCSP link-establishment packets. When we 417 detect a "sync" packet, symptom that the BT module has reset, 418 we do nothing :) (yet) */ 419 static void bcsp_handle_le_pkt(struct hci_uart *hu) 420 { 421 struct bcsp_struct *bcsp = hu->priv; 422 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed }; 423 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 }; 424 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed }; 425 426 /* spot "conf" pkts and reply with a "conf rsp" pkt */ 427 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 && 428 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) { 429 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC); 430 431 BT_DBG("Found a LE conf pkt"); 432 if (!nskb) 433 return; 434 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4); 435 bt_cb(nskb)->pkt_type = BCSP_LE_PKT; 436 437 skb_queue_head(&bcsp->unrel, nskb); 438 hci_uart_tx_wakeup(hu); 439 } 440 /* Spot "sync" pkts. If we find one...disaster! */ 441 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 && 442 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) { 443 BT_ERR("Found a LE sync pkt, card has reset"); 444 } 445 } 446 447 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte) 448 { 449 const u8 c0 = 0xc0, db = 0xdb; 450 451 switch (bcsp->rx_esc_state) { 452 case BCSP_ESCSTATE_NOESC: 453 switch (byte) { 454 case 0xdb: 455 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC; 456 break; 457 default: 458 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1); 459 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 && 460 bcsp->rx_state != BCSP_W4_CRC) 461 bcsp_crc_update(&bcsp->message_crc, byte); 462 bcsp->rx_count--; 463 } 464 break; 465 466 case BCSP_ESCSTATE_ESC: 467 switch (byte) { 468 case 0xdc: 469 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1); 470 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 && 471 bcsp->rx_state != BCSP_W4_CRC) 472 bcsp_crc_update(&bcsp-> message_crc, 0xc0); 473 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 474 bcsp->rx_count--; 475 break; 476 477 case 0xdd: 478 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1); 479 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 && 480 bcsp->rx_state != BCSP_W4_CRC) 481 bcsp_crc_update(&bcsp-> message_crc, 0xdb); 482 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 483 bcsp->rx_count--; 484 break; 485 486 default: 487 BT_ERR ("Invalid byte %02x after esc byte", byte); 488 kfree_skb(bcsp->rx_skb); 489 bcsp->rx_skb = NULL; 490 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 491 bcsp->rx_count = 0; 492 } 493 } 494 } 495 496 static void bcsp_complete_rx_pkt(struct hci_uart *hu) 497 { 498 struct bcsp_struct *bcsp = hu->priv; 499 int pass_up; 500 501 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */ 502 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack); 503 bcsp->rxseq_txack++; 504 bcsp->rxseq_txack %= 0x8; 505 bcsp->txack_req = 1; 506 507 /* If needed, transmit an ack pkt */ 508 hci_uart_tx_wakeup(hu); 509 } 510 511 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07; 512 BT_DBG("Request for pkt %u from card", bcsp->rxack); 513 514 bcsp_pkt_cull(bcsp); 515 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 && 516 bcsp->rx_skb->data[0] & 0x80) { 517 bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT; 518 pass_up = 1; 519 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 && 520 bcsp->rx_skb->data[0] & 0x80) { 521 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT; 522 pass_up = 1; 523 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) { 524 bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT; 525 pass_up = 1; 526 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 && 527 !(bcsp->rx_skb->data[0] & 0x80)) { 528 bcsp_handle_le_pkt(hu); 529 pass_up = 0; 530 } else 531 pass_up = 0; 532 533 if (!pass_up) { 534 struct hci_event_hdr hdr; 535 u8 desc = (bcsp->rx_skb->data[1] & 0x0f); 536 537 if (desc != 0 && desc != 1) { 538 if (hciextn) { 539 desc |= 0xc0; 540 skb_pull(bcsp->rx_skb, 4); 541 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1); 542 543 hdr.evt = 0xff; 544 hdr.plen = bcsp->rx_skb->len; 545 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE); 546 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT; 547 548 hci_recv_frame(bcsp->rx_skb); 549 } else { 550 BT_ERR ("Packet for unknown channel (%u %s)", 551 bcsp->rx_skb->data[1] & 0x0f, 552 bcsp->rx_skb->data[0] & 0x80 ? 553 "reliable" : "unreliable"); 554 kfree_skb(bcsp->rx_skb); 555 } 556 } else 557 kfree_skb(bcsp->rx_skb); 558 } else { 559 /* Pull out BCSP hdr */ 560 skb_pull(bcsp->rx_skb, 4); 561 562 hci_recv_frame(bcsp->rx_skb); 563 } 564 565 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 566 bcsp->rx_skb = NULL; 567 } 568 569 /* Recv data */ 570 static int bcsp_recv(struct hci_uart *hu, void *data, int count) 571 { 572 struct bcsp_struct *bcsp = hu->priv; 573 register unsigned char *ptr; 574 575 BT_DBG("hu %p count %d rx_state %d rx_count %ld", 576 hu, count, bcsp->rx_state, bcsp->rx_count); 577 578 ptr = data; 579 while (count) { 580 if (bcsp->rx_count) { 581 if (*ptr == 0xc0) { 582 BT_ERR("Short BCSP packet"); 583 kfree_skb(bcsp->rx_skb); 584 bcsp->rx_state = BCSP_W4_PKT_START; 585 bcsp->rx_count = 0; 586 } else 587 bcsp_unslip_one_byte(bcsp, *ptr); 588 589 ptr++; count--; 590 continue; 591 } 592 593 switch (bcsp->rx_state) { 594 case BCSP_W4_BCSP_HDR: 595 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] + 596 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) { 597 BT_ERR("Error in BCSP hdr checksum"); 598 kfree_skb(bcsp->rx_skb); 599 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 600 bcsp->rx_count = 0; 601 continue; 602 } 603 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */ 604 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) { 605 BT_ERR ("Out-of-order packet arrived, got %u expected %u", 606 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack); 607 608 kfree_skb(bcsp->rx_skb); 609 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 610 bcsp->rx_count = 0; 611 continue; 612 } 613 bcsp->rx_state = BCSP_W4_DATA; 614 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) + 615 (bcsp->rx_skb->data[2] << 4); /* May be 0 */ 616 continue; 617 618 case BCSP_W4_DATA: 619 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */ 620 bcsp->rx_state = BCSP_W4_CRC; 621 bcsp->rx_count = 2; 622 } else 623 bcsp_complete_rx_pkt(hu); 624 continue; 625 626 case BCSP_W4_CRC: 627 if (bcsp_crc_reverse(bcsp->message_crc) != 628 (bcsp->rx_skb->data[bcsp->rx_skb->len - 2] << 8) + 629 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]) { 630 631 BT_ERR ("Checksum failed: computed %04x received %04x", 632 bcsp_crc_reverse(bcsp->message_crc), 633 (bcsp->rx_skb-> data[bcsp->rx_skb->len - 2] << 8) + 634 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]); 635 636 kfree_skb(bcsp->rx_skb); 637 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 638 bcsp->rx_count = 0; 639 continue; 640 } 641 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2); 642 bcsp_complete_rx_pkt(hu); 643 continue; 644 645 case BCSP_W4_PKT_DELIMITER: 646 switch (*ptr) { 647 case 0xc0: 648 bcsp->rx_state = BCSP_W4_PKT_START; 649 break; 650 default: 651 /*BT_ERR("Ignoring byte %02x", *ptr);*/ 652 break; 653 } 654 ptr++; count--; 655 break; 656 657 case BCSP_W4_PKT_START: 658 switch (*ptr) { 659 case 0xc0: 660 ptr++; count--; 661 break; 662 663 default: 664 bcsp->rx_state = BCSP_W4_BCSP_HDR; 665 bcsp->rx_count = 4; 666 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 667 BCSP_CRC_INIT(bcsp->message_crc); 668 669 /* Do not increment ptr or decrement count 670 * Allocate packet. Max len of a BCSP pkt= 671 * 0xFFF (payload) +4 (header) +2 (crc) */ 672 673 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC); 674 if (!bcsp->rx_skb) { 675 BT_ERR("Can't allocate mem for new packet"); 676 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 677 bcsp->rx_count = 0; 678 return 0; 679 } 680 bcsp->rx_skb->dev = (void *) hu->hdev; 681 break; 682 } 683 break; 684 } 685 } 686 return count; 687 } 688 689 /* Arrange to retransmit all messages in the relq. */ 690 static void bcsp_timed_event(unsigned long arg) 691 { 692 struct hci_uart *hu = (struct hci_uart *) arg; 693 struct bcsp_struct *bcsp = hu->priv; 694 struct sk_buff *skb; 695 unsigned long flags; 696 697 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen); 698 699 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING); 700 701 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) { 702 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07; 703 skb_queue_head(&bcsp->rel, skb); 704 } 705 706 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 707 708 hci_uart_tx_wakeup(hu); 709 } 710 711 static int bcsp_open(struct hci_uart *hu) 712 { 713 struct bcsp_struct *bcsp; 714 715 BT_DBG("hu %p", hu); 716 717 bcsp = kzalloc(sizeof(*bcsp), GFP_ATOMIC); 718 if (!bcsp) 719 return -ENOMEM; 720 721 hu->priv = bcsp; 722 skb_queue_head_init(&bcsp->unack); 723 skb_queue_head_init(&bcsp->rel); 724 skb_queue_head_init(&bcsp->unrel); 725 726 init_timer(&bcsp->tbcsp); 727 bcsp->tbcsp.function = bcsp_timed_event; 728 bcsp->tbcsp.data = (u_long) hu; 729 730 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 731 732 if (txcrc) 733 bcsp->use_crc = 1; 734 735 return 0; 736 } 737 738 static int bcsp_close(struct hci_uart *hu) 739 { 740 struct bcsp_struct *bcsp = hu->priv; 741 hu->priv = NULL; 742 743 BT_DBG("hu %p", hu); 744 745 skb_queue_purge(&bcsp->unack); 746 skb_queue_purge(&bcsp->rel); 747 skb_queue_purge(&bcsp->unrel); 748 del_timer(&bcsp->tbcsp); 749 750 kfree(bcsp); 751 return 0; 752 } 753 754 static struct hci_uart_proto bcsp = { 755 .id = HCI_UART_BCSP, 756 .open = bcsp_open, 757 .close = bcsp_close, 758 .enqueue = bcsp_enqueue, 759 .dequeue = bcsp_dequeue, 760 .recv = bcsp_recv, 761 .flush = bcsp_flush 762 }; 763 764 int bcsp_init(void) 765 { 766 int err = hci_uart_register_proto(&bcsp); 767 768 if (!err) 769 BT_INFO("HCI BCSP protocol initialized"); 770 else 771 BT_ERR("HCI BCSP protocol registration failed"); 772 773 return err; 774 } 775 776 int bcsp_deinit(void) 777 { 778 return hci_uart_unregister_proto(&bcsp); 779 } 780 781 module_param(txcrc, bool, 0644); 782 MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet"); 783 784 module_param(hciextn, bool, 0644); 785 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets"); 786