1 /* 2 * 3 * Bluetooth HCI UART driver 4 * 5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com> 6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org> 7 * 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program; if not, write to the Free Software 21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 22 * 23 */ 24 25 #include <linux/module.h> 26 27 #include <linux/kernel.h> 28 #include <linux/init.h> 29 #include <linux/types.h> 30 #include <linux/fcntl.h> 31 #include <linux/interrupt.h> 32 #include <linux/ptrace.h> 33 #include <linux/poll.h> 34 35 #include <linux/slab.h> 36 #include <linux/tty.h> 37 #include <linux/errno.h> 38 #include <linux/string.h> 39 #include <linux/signal.h> 40 #include <linux/ioctl.h> 41 #include <linux/skbuff.h> 42 #include <linux/bitrev.h> 43 #include <asm/unaligned.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 48 #include "hci_uart.h" 49 50 static bool txcrc = true; 51 static bool hciextn = true; 52 53 #define BCSP_TXWINSIZE 4 54 55 #define BCSP_ACK_PKT 0x05 56 #define BCSP_LE_PKT 0x06 57 58 struct bcsp_struct { 59 struct sk_buff_head unack; /* Unack'ed packets queue */ 60 struct sk_buff_head rel; /* Reliable packets queue */ 61 struct sk_buff_head unrel; /* Unreliable packets queue */ 62 63 unsigned long rx_count; 64 struct sk_buff *rx_skb; 65 u8 rxseq_txack; /* rxseq == txack. */ 66 u8 rxack; /* Last packet sent by us that the peer ack'ed */ 67 struct timer_list tbcsp; 68 69 enum { 70 BCSP_W4_PKT_DELIMITER, 71 BCSP_W4_PKT_START, 72 BCSP_W4_BCSP_HDR, 73 BCSP_W4_DATA, 74 BCSP_W4_CRC 75 } rx_state; 76 77 enum { 78 BCSP_ESCSTATE_NOESC, 79 BCSP_ESCSTATE_ESC 80 } rx_esc_state; 81 82 u8 use_crc; 83 u16 message_crc; 84 u8 txack_req; /* Do we need to send ack's to the peer? */ 85 86 /* Reliable packet sequence number - used to assign seq to each rel pkt. */ 87 u8 msgq_txseq; 88 }; 89 90 /* ---- BCSP CRC calculation ---- */ 91 92 /* Table for calculating CRC for polynomial 0x1021, LSB processed first, 93 initial value 0xffff, bits shifted in reverse order. */ 94 95 static const u16 crc_table[] = { 96 0x0000, 0x1081, 0x2102, 0x3183, 97 0x4204, 0x5285, 0x6306, 0x7387, 98 0x8408, 0x9489, 0xa50a, 0xb58b, 99 0xc60c, 0xd68d, 0xe70e, 0xf78f 100 }; 101 102 /* Initialise the crc calculator */ 103 #define BCSP_CRC_INIT(x) x = 0xffff 104 105 /* 106 Update crc with next data byte 107 108 Implementation note 109 The data byte is treated as two nibbles. The crc is generated 110 in reverse, i.e., bits are fed into the register from the top. 111 */ 112 static void bcsp_crc_update(u16 *crc, u8 d) 113 { 114 u16 reg = *crc; 115 116 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f]; 117 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f]; 118 119 *crc = reg; 120 } 121 122 /* ---- BCSP core ---- */ 123 124 static void bcsp_slip_msgdelim(struct sk_buff *skb) 125 { 126 const char pkt_delim = 0xc0; 127 128 memcpy(skb_put(skb, 1), &pkt_delim, 1); 129 } 130 131 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c) 132 { 133 const char esc_c0[2] = { 0xdb, 0xdc }; 134 const char esc_db[2] = { 0xdb, 0xdd }; 135 136 switch (c) { 137 case 0xc0: 138 memcpy(skb_put(skb, 2), &esc_c0, 2); 139 break; 140 case 0xdb: 141 memcpy(skb_put(skb, 2), &esc_db, 2); 142 break; 143 default: 144 memcpy(skb_put(skb, 1), &c, 1); 145 } 146 } 147 148 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb) 149 { 150 struct bcsp_struct *bcsp = hu->priv; 151 152 if (skb->len > 0xFFF) { 153 BT_ERR("Packet too long"); 154 kfree_skb(skb); 155 return 0; 156 } 157 158 switch (hci_skb_pkt_type(skb)) { 159 case HCI_ACLDATA_PKT: 160 case HCI_COMMAND_PKT: 161 skb_queue_tail(&bcsp->rel, skb); 162 break; 163 164 case HCI_SCODATA_PKT: 165 skb_queue_tail(&bcsp->unrel, skb); 166 break; 167 168 default: 169 BT_ERR("Unknown packet type"); 170 kfree_skb(skb); 171 break; 172 } 173 174 return 0; 175 } 176 177 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data, 178 int len, int pkt_type) 179 { 180 struct sk_buff *nskb; 181 u8 hdr[4], chan; 182 u16 BCSP_CRC_INIT(bcsp_txmsg_crc); 183 int rel, i; 184 185 switch (pkt_type) { 186 case HCI_ACLDATA_PKT: 187 chan = 6; /* BCSP ACL channel */ 188 rel = 1; /* reliable channel */ 189 break; 190 case HCI_COMMAND_PKT: 191 chan = 5; /* BCSP cmd/evt channel */ 192 rel = 1; /* reliable channel */ 193 break; 194 case HCI_SCODATA_PKT: 195 chan = 7; /* BCSP SCO channel */ 196 rel = 0; /* unreliable channel */ 197 break; 198 case BCSP_LE_PKT: 199 chan = 1; /* BCSP LE channel */ 200 rel = 0; /* unreliable channel */ 201 break; 202 case BCSP_ACK_PKT: 203 chan = 0; /* BCSP internal channel */ 204 rel = 0; /* unreliable channel */ 205 break; 206 default: 207 BT_ERR("Unknown packet type"); 208 return NULL; 209 } 210 211 if (hciextn && chan == 5) { 212 __le16 opcode = ((struct hci_command_hdr *)data)->opcode; 213 214 /* Vendor specific commands */ 215 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) { 216 u8 desc = *(data + HCI_COMMAND_HDR_SIZE); 217 if ((desc & 0xf0) == 0xc0) { 218 data += HCI_COMMAND_HDR_SIZE + 1; 219 len -= HCI_COMMAND_HDR_SIZE + 1; 220 chan = desc & 0x0f; 221 } 222 } 223 } 224 225 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2 226 (because bytes 0xc0 and 0xdb are escaped, worst case is 227 when the packet is all made of 0xc0 and 0xdb :) ) 228 + 2 (0xc0 delimiters at start and end). */ 229 230 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC); 231 if (!nskb) 232 return NULL; 233 234 hci_skb_pkt_type(nskb) = pkt_type; 235 236 bcsp_slip_msgdelim(nskb); 237 238 hdr[0] = bcsp->rxseq_txack << 3; 239 bcsp->txack_req = 0; 240 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack); 241 242 if (rel) { 243 hdr[0] |= 0x80 + bcsp->msgq_txseq; 244 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq); 245 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07; 246 } 247 248 if (bcsp->use_crc) 249 hdr[0] |= 0x40; 250 251 hdr[1] = ((len << 4) & 0xff) | chan; 252 hdr[2] = len >> 4; 253 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]); 254 255 /* Put BCSP header */ 256 for (i = 0; i < 4; i++) { 257 bcsp_slip_one_byte(nskb, hdr[i]); 258 259 if (bcsp->use_crc) 260 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]); 261 } 262 263 /* Put payload */ 264 for (i = 0; i < len; i++) { 265 bcsp_slip_one_byte(nskb, data[i]); 266 267 if (bcsp->use_crc) 268 bcsp_crc_update(&bcsp_txmsg_crc, data[i]); 269 } 270 271 /* Put CRC */ 272 if (bcsp->use_crc) { 273 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc); 274 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff)); 275 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff)); 276 } 277 278 bcsp_slip_msgdelim(nskb); 279 return nskb; 280 } 281 282 /* This is a rewrite of pkt_avail in ABCSP */ 283 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu) 284 { 285 struct bcsp_struct *bcsp = hu->priv; 286 unsigned long flags; 287 struct sk_buff *skb; 288 289 /* First of all, check for unreliable messages in the queue, 290 since they have priority */ 291 292 skb = skb_dequeue(&bcsp->unrel); 293 if (skb != NULL) { 294 struct sk_buff *nskb; 295 296 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, 297 hci_skb_pkt_type(skb)); 298 if (nskb) { 299 kfree_skb(skb); 300 return nskb; 301 } else { 302 skb_queue_head(&bcsp->unrel, skb); 303 BT_ERR("Could not dequeue pkt because alloc_skb failed"); 304 } 305 } 306 307 /* Now, try to send a reliable pkt. We can only send a 308 reliable packet if the number of packets sent but not yet ack'ed 309 is < than the winsize */ 310 311 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING); 312 313 if (bcsp->unack.qlen < BCSP_TXWINSIZE) { 314 skb = skb_dequeue(&bcsp->rel); 315 if (skb != NULL) { 316 struct sk_buff *nskb; 317 318 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, 319 hci_skb_pkt_type(skb)); 320 if (nskb) { 321 __skb_queue_tail(&bcsp->unack, skb); 322 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4); 323 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 324 return nskb; 325 } else { 326 skb_queue_head(&bcsp->rel, skb); 327 BT_ERR("Could not dequeue pkt because alloc_skb failed"); 328 } 329 } 330 } 331 332 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 333 334 /* We could not send a reliable packet, either because there are 335 none or because there are too many unack'ed pkts. Did we receive 336 any packets we have not acknowledged yet ? */ 337 338 if (bcsp->txack_req) { 339 /* if so, craft an empty ACK pkt and send it on BCSP unreliable 340 channel 0 */ 341 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT); 342 return nskb; 343 } 344 345 /* We have nothing to send */ 346 return NULL; 347 } 348 349 static int bcsp_flush(struct hci_uart *hu) 350 { 351 BT_DBG("hu %p", hu); 352 return 0; 353 } 354 355 /* Remove ack'ed packets */ 356 static void bcsp_pkt_cull(struct bcsp_struct *bcsp) 357 { 358 struct sk_buff *skb, *tmp; 359 unsigned long flags; 360 int i, pkts_to_be_removed; 361 u8 seqno; 362 363 spin_lock_irqsave(&bcsp->unack.lock, flags); 364 365 pkts_to_be_removed = skb_queue_len(&bcsp->unack); 366 seqno = bcsp->msgq_txseq; 367 368 while (pkts_to_be_removed) { 369 if (bcsp->rxack == seqno) 370 break; 371 pkts_to_be_removed--; 372 seqno = (seqno - 1) & 0x07; 373 } 374 375 if (bcsp->rxack != seqno) 376 BT_ERR("Peer acked invalid packet"); 377 378 BT_DBG("Removing %u pkts out of %u, up to seqno %u", 379 pkts_to_be_removed, skb_queue_len(&bcsp->unack), 380 (seqno - 1) & 0x07); 381 382 i = 0; 383 skb_queue_walk_safe(&bcsp->unack, skb, tmp) { 384 if (i >= pkts_to_be_removed) 385 break; 386 i++; 387 388 __skb_unlink(skb, &bcsp->unack); 389 kfree_skb(skb); 390 } 391 392 if (skb_queue_empty(&bcsp->unack)) 393 del_timer(&bcsp->tbcsp); 394 395 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 396 397 if (i != pkts_to_be_removed) 398 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed); 399 } 400 401 /* Handle BCSP link-establishment packets. When we 402 detect a "sync" packet, symptom that the BT module has reset, 403 we do nothing :) (yet) */ 404 static void bcsp_handle_le_pkt(struct hci_uart *hu) 405 { 406 struct bcsp_struct *bcsp = hu->priv; 407 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed }; 408 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 }; 409 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed }; 410 411 /* spot "conf" pkts and reply with a "conf rsp" pkt */ 412 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 && 413 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) { 414 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC); 415 416 BT_DBG("Found a LE conf pkt"); 417 if (!nskb) 418 return; 419 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4); 420 hci_skb_pkt_type(nskb) = BCSP_LE_PKT; 421 422 skb_queue_head(&bcsp->unrel, nskb); 423 hci_uart_tx_wakeup(hu); 424 } 425 /* Spot "sync" pkts. If we find one...disaster! */ 426 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 && 427 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) { 428 BT_ERR("Found a LE sync pkt, card has reset"); 429 } 430 } 431 432 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte) 433 { 434 const u8 c0 = 0xc0, db = 0xdb; 435 436 switch (bcsp->rx_esc_state) { 437 case BCSP_ESCSTATE_NOESC: 438 switch (byte) { 439 case 0xdb: 440 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC; 441 break; 442 default: 443 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1); 444 if ((bcsp->rx_skb->data[0] & 0x40) != 0 && 445 bcsp->rx_state != BCSP_W4_CRC) 446 bcsp_crc_update(&bcsp->message_crc, byte); 447 bcsp->rx_count--; 448 } 449 break; 450 451 case BCSP_ESCSTATE_ESC: 452 switch (byte) { 453 case 0xdc: 454 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1); 455 if ((bcsp->rx_skb->data[0] & 0x40) != 0 && 456 bcsp->rx_state != BCSP_W4_CRC) 457 bcsp_crc_update(&bcsp->message_crc, 0xc0); 458 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 459 bcsp->rx_count--; 460 break; 461 462 case 0xdd: 463 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1); 464 if ((bcsp->rx_skb->data[0] & 0x40) != 0 && 465 bcsp->rx_state != BCSP_W4_CRC) 466 bcsp_crc_update(&bcsp->message_crc, 0xdb); 467 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 468 bcsp->rx_count--; 469 break; 470 471 default: 472 BT_ERR("Invalid byte %02x after esc byte", byte); 473 kfree_skb(bcsp->rx_skb); 474 bcsp->rx_skb = NULL; 475 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 476 bcsp->rx_count = 0; 477 } 478 } 479 } 480 481 static void bcsp_complete_rx_pkt(struct hci_uart *hu) 482 { 483 struct bcsp_struct *bcsp = hu->priv; 484 int pass_up; 485 486 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */ 487 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack); 488 bcsp->rxseq_txack++; 489 bcsp->rxseq_txack %= 0x8; 490 bcsp->txack_req = 1; 491 492 /* If needed, transmit an ack pkt */ 493 hci_uart_tx_wakeup(hu); 494 } 495 496 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07; 497 BT_DBG("Request for pkt %u from card", bcsp->rxack); 498 499 bcsp_pkt_cull(bcsp); 500 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 && 501 bcsp->rx_skb->data[0] & 0x80) { 502 hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT; 503 pass_up = 1; 504 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 && 505 bcsp->rx_skb->data[0] & 0x80) { 506 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT; 507 pass_up = 1; 508 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) { 509 hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT; 510 pass_up = 1; 511 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 && 512 !(bcsp->rx_skb->data[0] & 0x80)) { 513 bcsp_handle_le_pkt(hu); 514 pass_up = 0; 515 } else 516 pass_up = 0; 517 518 if (!pass_up) { 519 struct hci_event_hdr hdr; 520 u8 desc = (bcsp->rx_skb->data[1] & 0x0f); 521 522 if (desc != 0 && desc != 1) { 523 if (hciextn) { 524 desc |= 0xc0; 525 skb_pull(bcsp->rx_skb, 4); 526 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1); 527 528 hdr.evt = 0xff; 529 hdr.plen = bcsp->rx_skb->len; 530 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE); 531 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT; 532 533 hci_recv_frame(hu->hdev, bcsp->rx_skb); 534 } else { 535 BT_ERR("Packet for unknown channel (%u %s)", 536 bcsp->rx_skb->data[1] & 0x0f, 537 bcsp->rx_skb->data[0] & 0x80 ? 538 "reliable" : "unreliable"); 539 kfree_skb(bcsp->rx_skb); 540 } 541 } else 542 kfree_skb(bcsp->rx_skb); 543 } else { 544 /* Pull out BCSP hdr */ 545 skb_pull(bcsp->rx_skb, 4); 546 547 hci_recv_frame(hu->hdev, bcsp->rx_skb); 548 } 549 550 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 551 bcsp->rx_skb = NULL; 552 } 553 554 static u16 bscp_get_crc(struct bcsp_struct *bcsp) 555 { 556 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]); 557 } 558 559 /* Recv data */ 560 static int bcsp_recv(struct hci_uart *hu, const void *data, int count) 561 { 562 struct bcsp_struct *bcsp = hu->priv; 563 const unsigned char *ptr; 564 565 BT_DBG("hu %p count %d rx_state %d rx_count %ld", 566 hu, count, bcsp->rx_state, bcsp->rx_count); 567 568 ptr = data; 569 while (count) { 570 if (bcsp->rx_count) { 571 if (*ptr == 0xc0) { 572 BT_ERR("Short BCSP packet"); 573 kfree_skb(bcsp->rx_skb); 574 bcsp->rx_state = BCSP_W4_PKT_START; 575 bcsp->rx_count = 0; 576 } else 577 bcsp_unslip_one_byte(bcsp, *ptr); 578 579 ptr++; count--; 580 continue; 581 } 582 583 switch (bcsp->rx_state) { 584 case BCSP_W4_BCSP_HDR: 585 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] + 586 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) { 587 BT_ERR("Error in BCSP hdr checksum"); 588 kfree_skb(bcsp->rx_skb); 589 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 590 bcsp->rx_count = 0; 591 continue; 592 } 593 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */ 594 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) { 595 BT_ERR("Out-of-order packet arrived, got %u expected %u", 596 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack); 597 598 kfree_skb(bcsp->rx_skb); 599 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 600 bcsp->rx_count = 0; 601 continue; 602 } 603 bcsp->rx_state = BCSP_W4_DATA; 604 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) + 605 (bcsp->rx_skb->data[2] << 4); /* May be 0 */ 606 continue; 607 608 case BCSP_W4_DATA: 609 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */ 610 bcsp->rx_state = BCSP_W4_CRC; 611 bcsp->rx_count = 2; 612 } else 613 bcsp_complete_rx_pkt(hu); 614 continue; 615 616 case BCSP_W4_CRC: 617 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) { 618 BT_ERR ("Checksum failed: computed %04x received %04x", 619 bitrev16(bcsp->message_crc), 620 bscp_get_crc(bcsp)); 621 622 kfree_skb(bcsp->rx_skb); 623 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 624 bcsp->rx_count = 0; 625 continue; 626 } 627 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2); 628 bcsp_complete_rx_pkt(hu); 629 continue; 630 631 case BCSP_W4_PKT_DELIMITER: 632 switch (*ptr) { 633 case 0xc0: 634 bcsp->rx_state = BCSP_W4_PKT_START; 635 break; 636 default: 637 /*BT_ERR("Ignoring byte %02x", *ptr);*/ 638 break; 639 } 640 ptr++; count--; 641 break; 642 643 case BCSP_W4_PKT_START: 644 switch (*ptr) { 645 case 0xc0: 646 ptr++; count--; 647 break; 648 649 default: 650 bcsp->rx_state = BCSP_W4_BCSP_HDR; 651 bcsp->rx_count = 4; 652 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 653 BCSP_CRC_INIT(bcsp->message_crc); 654 655 /* Do not increment ptr or decrement count 656 * Allocate packet. Max len of a BCSP pkt= 657 * 0xFFF (payload) +4 (header) +2 (crc) */ 658 659 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC); 660 if (!bcsp->rx_skb) { 661 BT_ERR("Can't allocate mem for new packet"); 662 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 663 bcsp->rx_count = 0; 664 return 0; 665 } 666 break; 667 } 668 break; 669 } 670 } 671 return count; 672 } 673 674 /* Arrange to retransmit all messages in the relq. */ 675 static void bcsp_timed_event(unsigned long arg) 676 { 677 struct hci_uart *hu = (struct hci_uart *) arg; 678 struct bcsp_struct *bcsp = hu->priv; 679 struct sk_buff *skb; 680 unsigned long flags; 681 682 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen); 683 684 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING); 685 686 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) { 687 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07; 688 skb_queue_head(&bcsp->rel, skb); 689 } 690 691 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 692 693 hci_uart_tx_wakeup(hu); 694 } 695 696 static int bcsp_open(struct hci_uart *hu) 697 { 698 struct bcsp_struct *bcsp; 699 700 BT_DBG("hu %p", hu); 701 702 bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL); 703 if (!bcsp) 704 return -ENOMEM; 705 706 hu->priv = bcsp; 707 skb_queue_head_init(&bcsp->unack); 708 skb_queue_head_init(&bcsp->rel); 709 skb_queue_head_init(&bcsp->unrel); 710 711 init_timer(&bcsp->tbcsp); 712 bcsp->tbcsp.function = bcsp_timed_event; 713 bcsp->tbcsp.data = (u_long) hu; 714 715 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 716 717 if (txcrc) 718 bcsp->use_crc = 1; 719 720 return 0; 721 } 722 723 static int bcsp_close(struct hci_uart *hu) 724 { 725 struct bcsp_struct *bcsp = hu->priv; 726 727 del_timer_sync(&bcsp->tbcsp); 728 729 hu->priv = NULL; 730 731 BT_DBG("hu %p", hu); 732 733 skb_queue_purge(&bcsp->unack); 734 skb_queue_purge(&bcsp->rel); 735 skb_queue_purge(&bcsp->unrel); 736 737 kfree(bcsp); 738 return 0; 739 } 740 741 static const struct hci_uart_proto bcsp = { 742 .id = HCI_UART_BCSP, 743 .name = "BCSP", 744 .open = bcsp_open, 745 .close = bcsp_close, 746 .enqueue = bcsp_enqueue, 747 .dequeue = bcsp_dequeue, 748 .recv = bcsp_recv, 749 .flush = bcsp_flush 750 }; 751 752 int __init bcsp_init(void) 753 { 754 return hci_uart_register_proto(&bcsp); 755 } 756 757 int __exit bcsp_deinit(void) 758 { 759 return hci_uart_unregister_proto(&bcsp); 760 } 761 762 module_param(txcrc, bool, 0644); 763 MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet"); 764 765 module_param(hciextn, bool, 0644); 766 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets"); 767