1 /* 2 * 3 * Bluetooth HCI UART driver 4 * 5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com> 6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org> 7 * 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program; if not, write to the Free Software 21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 22 * 23 */ 24 25 #include <linux/module.h> 26 27 #include <linux/kernel.h> 28 #include <linux/init.h> 29 #include <linux/types.h> 30 #include <linux/fcntl.h> 31 #include <linux/interrupt.h> 32 #include <linux/ptrace.h> 33 #include <linux/poll.h> 34 35 #include <linux/slab.h> 36 #include <linux/tty.h> 37 #include <linux/errno.h> 38 #include <linux/string.h> 39 #include <linux/signal.h> 40 #include <linux/ioctl.h> 41 #include <linux/skbuff.h> 42 #include <linux/bitrev.h> 43 #include <asm/unaligned.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 48 #include "hci_uart.h" 49 50 static bool txcrc = true; 51 static bool hciextn = true; 52 53 #define BCSP_TXWINSIZE 4 54 55 #define BCSP_ACK_PKT 0x05 56 #define BCSP_LE_PKT 0x06 57 58 struct bcsp_struct { 59 struct sk_buff_head unack; /* Unack'ed packets queue */ 60 struct sk_buff_head rel; /* Reliable packets queue */ 61 struct sk_buff_head unrel; /* Unreliable packets queue */ 62 63 unsigned long rx_count; 64 struct sk_buff *rx_skb; 65 u8 rxseq_txack; /* rxseq == txack. */ 66 u8 rxack; /* Last packet sent by us that the peer ack'ed */ 67 struct timer_list tbcsp; 68 struct hci_uart *hu; 69 70 enum { 71 BCSP_W4_PKT_DELIMITER, 72 BCSP_W4_PKT_START, 73 BCSP_W4_BCSP_HDR, 74 BCSP_W4_DATA, 75 BCSP_W4_CRC 76 } rx_state; 77 78 enum { 79 BCSP_ESCSTATE_NOESC, 80 BCSP_ESCSTATE_ESC 81 } rx_esc_state; 82 83 u8 use_crc; 84 u16 message_crc; 85 u8 txack_req; /* Do we need to send ack's to the peer? */ 86 87 /* Reliable packet sequence number - used to assign seq to each rel pkt. */ 88 u8 msgq_txseq; 89 }; 90 91 /* ---- BCSP CRC calculation ---- */ 92 93 /* Table for calculating CRC for polynomial 0x1021, LSB processed first, 94 * initial value 0xffff, bits shifted in reverse order. 95 */ 96 97 static const u16 crc_table[] = { 98 0x0000, 0x1081, 0x2102, 0x3183, 99 0x4204, 0x5285, 0x6306, 0x7387, 100 0x8408, 0x9489, 0xa50a, 0xb58b, 101 0xc60c, 0xd68d, 0xe70e, 0xf78f 102 }; 103 104 /* Initialise the crc calculator */ 105 #define BCSP_CRC_INIT(x) x = 0xffff 106 107 /* Update crc with next data byte 108 * 109 * Implementation note 110 * The data byte is treated as two nibbles. The crc is generated 111 * in reverse, i.e., bits are fed into the register from the top. 112 */ 113 static void bcsp_crc_update(u16 *crc, u8 d) 114 { 115 u16 reg = *crc; 116 117 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f]; 118 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f]; 119 120 *crc = reg; 121 } 122 123 /* ---- BCSP core ---- */ 124 125 static void bcsp_slip_msgdelim(struct sk_buff *skb) 126 { 127 const char pkt_delim = 0xc0; 128 129 skb_put_data(skb, &pkt_delim, 1); 130 } 131 132 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c) 133 { 134 const char esc_c0[2] = { 0xdb, 0xdc }; 135 const char esc_db[2] = { 0xdb, 0xdd }; 136 137 switch (c) { 138 case 0xc0: 139 skb_put_data(skb, &esc_c0, 2); 140 break; 141 case 0xdb: 142 skb_put_data(skb, &esc_db, 2); 143 break; 144 default: 145 skb_put_data(skb, &c, 1); 146 } 147 } 148 149 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb) 150 { 151 struct bcsp_struct *bcsp = hu->priv; 152 153 if (skb->len > 0xFFF) { 154 BT_ERR("Packet too long"); 155 kfree_skb(skb); 156 return 0; 157 } 158 159 switch (hci_skb_pkt_type(skb)) { 160 case HCI_ACLDATA_PKT: 161 case HCI_COMMAND_PKT: 162 skb_queue_tail(&bcsp->rel, skb); 163 break; 164 165 case HCI_SCODATA_PKT: 166 skb_queue_tail(&bcsp->unrel, skb); 167 break; 168 169 default: 170 BT_ERR("Unknown packet type"); 171 kfree_skb(skb); 172 break; 173 } 174 175 return 0; 176 } 177 178 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data, 179 int len, int pkt_type) 180 { 181 struct sk_buff *nskb; 182 u8 hdr[4], chan; 183 u16 BCSP_CRC_INIT(bcsp_txmsg_crc); 184 int rel, i; 185 186 switch (pkt_type) { 187 case HCI_ACLDATA_PKT: 188 chan = 6; /* BCSP ACL channel */ 189 rel = 1; /* reliable channel */ 190 break; 191 case HCI_COMMAND_PKT: 192 chan = 5; /* BCSP cmd/evt channel */ 193 rel = 1; /* reliable channel */ 194 break; 195 case HCI_SCODATA_PKT: 196 chan = 7; /* BCSP SCO channel */ 197 rel = 0; /* unreliable channel */ 198 break; 199 case BCSP_LE_PKT: 200 chan = 1; /* BCSP LE channel */ 201 rel = 0; /* unreliable channel */ 202 break; 203 case BCSP_ACK_PKT: 204 chan = 0; /* BCSP internal channel */ 205 rel = 0; /* unreliable channel */ 206 break; 207 default: 208 BT_ERR("Unknown packet type"); 209 return NULL; 210 } 211 212 if (hciextn && chan == 5) { 213 __le16 opcode = ((struct hci_command_hdr *)data)->opcode; 214 215 /* Vendor specific commands */ 216 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) { 217 u8 desc = *(data + HCI_COMMAND_HDR_SIZE); 218 219 if ((desc & 0xf0) == 0xc0) { 220 data += HCI_COMMAND_HDR_SIZE + 1; 221 len -= HCI_COMMAND_HDR_SIZE + 1; 222 chan = desc & 0x0f; 223 } 224 } 225 } 226 227 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2 228 * (because bytes 0xc0 and 0xdb are escaped, worst case is 229 * when the packet is all made of 0xc0 and 0xdb :) ) 230 * + 2 (0xc0 delimiters at start and end). 231 */ 232 233 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC); 234 if (!nskb) 235 return NULL; 236 237 hci_skb_pkt_type(nskb) = pkt_type; 238 239 bcsp_slip_msgdelim(nskb); 240 241 hdr[0] = bcsp->rxseq_txack << 3; 242 bcsp->txack_req = 0; 243 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack); 244 245 if (rel) { 246 hdr[0] |= 0x80 + bcsp->msgq_txseq; 247 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq); 248 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07; 249 } 250 251 if (bcsp->use_crc) 252 hdr[0] |= 0x40; 253 254 hdr[1] = ((len << 4) & 0xff) | chan; 255 hdr[2] = len >> 4; 256 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]); 257 258 /* Put BCSP header */ 259 for (i = 0; i < 4; i++) { 260 bcsp_slip_one_byte(nskb, hdr[i]); 261 262 if (bcsp->use_crc) 263 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]); 264 } 265 266 /* Put payload */ 267 for (i = 0; i < len; i++) { 268 bcsp_slip_one_byte(nskb, data[i]); 269 270 if (bcsp->use_crc) 271 bcsp_crc_update(&bcsp_txmsg_crc, data[i]); 272 } 273 274 /* Put CRC */ 275 if (bcsp->use_crc) { 276 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc); 277 bcsp_slip_one_byte(nskb, (u8)((bcsp_txmsg_crc >> 8) & 0x00ff)); 278 bcsp_slip_one_byte(nskb, (u8)(bcsp_txmsg_crc & 0x00ff)); 279 } 280 281 bcsp_slip_msgdelim(nskb); 282 return nskb; 283 } 284 285 /* This is a rewrite of pkt_avail in ABCSP */ 286 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu) 287 { 288 struct bcsp_struct *bcsp = hu->priv; 289 unsigned long flags; 290 struct sk_buff *skb; 291 292 /* First of all, check for unreliable messages in the queue, 293 * since they have priority 294 */ 295 296 skb = skb_dequeue(&bcsp->unrel); 297 if (skb != NULL) { 298 struct sk_buff *nskb; 299 300 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, 301 hci_skb_pkt_type(skb)); 302 if (nskb) { 303 kfree_skb(skb); 304 return nskb; 305 } else { 306 skb_queue_head(&bcsp->unrel, skb); 307 BT_ERR("Could not dequeue pkt because alloc_skb failed"); 308 } 309 } 310 311 /* Now, try to send a reliable pkt. We can only send a 312 * reliable packet if the number of packets sent but not yet ack'ed 313 * is < than the winsize 314 */ 315 316 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING); 317 318 if (bcsp->unack.qlen < BCSP_TXWINSIZE) { 319 skb = skb_dequeue(&bcsp->rel); 320 if (skb != NULL) { 321 struct sk_buff *nskb; 322 323 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, 324 hci_skb_pkt_type(skb)); 325 if (nskb) { 326 __skb_queue_tail(&bcsp->unack, skb); 327 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4); 328 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 329 return nskb; 330 } else { 331 skb_queue_head(&bcsp->rel, skb); 332 BT_ERR("Could not dequeue pkt because alloc_skb failed"); 333 } 334 } 335 } 336 337 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 338 339 /* We could not send a reliable packet, either because there are 340 * none or because there are too many unack'ed pkts. Did we receive 341 * any packets we have not acknowledged yet ? 342 */ 343 344 if (bcsp->txack_req) { 345 /* if so, craft an empty ACK pkt and send it on BCSP unreliable 346 * channel 0 347 */ 348 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT); 349 return nskb; 350 } 351 352 /* We have nothing to send */ 353 return NULL; 354 } 355 356 static int bcsp_flush(struct hci_uart *hu) 357 { 358 BT_DBG("hu %p", hu); 359 return 0; 360 } 361 362 /* Remove ack'ed packets */ 363 static void bcsp_pkt_cull(struct bcsp_struct *bcsp) 364 { 365 struct sk_buff *skb, *tmp; 366 unsigned long flags; 367 int i, pkts_to_be_removed; 368 u8 seqno; 369 370 spin_lock_irqsave(&bcsp->unack.lock, flags); 371 372 pkts_to_be_removed = skb_queue_len(&bcsp->unack); 373 seqno = bcsp->msgq_txseq; 374 375 while (pkts_to_be_removed) { 376 if (bcsp->rxack == seqno) 377 break; 378 pkts_to_be_removed--; 379 seqno = (seqno - 1) & 0x07; 380 } 381 382 if (bcsp->rxack != seqno) 383 BT_ERR("Peer acked invalid packet"); 384 385 BT_DBG("Removing %u pkts out of %u, up to seqno %u", 386 pkts_to_be_removed, skb_queue_len(&bcsp->unack), 387 (seqno - 1) & 0x07); 388 389 i = 0; 390 skb_queue_walk_safe(&bcsp->unack, skb, tmp) { 391 if (i >= pkts_to_be_removed) 392 break; 393 i++; 394 395 __skb_unlink(skb, &bcsp->unack); 396 kfree_skb(skb); 397 } 398 399 if (skb_queue_empty(&bcsp->unack)) 400 del_timer(&bcsp->tbcsp); 401 402 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 403 404 if (i != pkts_to_be_removed) 405 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed); 406 } 407 408 /* Handle BCSP link-establishment packets. When we 409 * detect a "sync" packet, symptom that the BT module has reset, 410 * we do nothing :) (yet) 411 */ 412 static void bcsp_handle_le_pkt(struct hci_uart *hu) 413 { 414 struct bcsp_struct *bcsp = hu->priv; 415 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed }; 416 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 }; 417 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed }; 418 419 /* spot "conf" pkts and reply with a "conf rsp" pkt */ 420 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 && 421 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) { 422 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC); 423 424 BT_DBG("Found a LE conf pkt"); 425 if (!nskb) 426 return; 427 skb_put_data(nskb, conf_rsp_pkt, 4); 428 hci_skb_pkt_type(nskb) = BCSP_LE_PKT; 429 430 skb_queue_head(&bcsp->unrel, nskb); 431 hci_uart_tx_wakeup(hu); 432 } 433 /* Spot "sync" pkts. If we find one...disaster! */ 434 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 && 435 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) { 436 BT_ERR("Found a LE sync pkt, card has reset"); 437 } 438 } 439 440 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte) 441 { 442 const u8 c0 = 0xc0, db = 0xdb; 443 444 switch (bcsp->rx_esc_state) { 445 case BCSP_ESCSTATE_NOESC: 446 switch (byte) { 447 case 0xdb: 448 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC; 449 break; 450 default: 451 skb_put_data(bcsp->rx_skb, &byte, 1); 452 if ((bcsp->rx_skb->data[0] & 0x40) != 0 && 453 bcsp->rx_state != BCSP_W4_CRC) 454 bcsp_crc_update(&bcsp->message_crc, byte); 455 bcsp->rx_count--; 456 } 457 break; 458 459 case BCSP_ESCSTATE_ESC: 460 switch (byte) { 461 case 0xdc: 462 skb_put_data(bcsp->rx_skb, &c0, 1); 463 if ((bcsp->rx_skb->data[0] & 0x40) != 0 && 464 bcsp->rx_state != BCSP_W4_CRC) 465 bcsp_crc_update(&bcsp->message_crc, 0xc0); 466 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 467 bcsp->rx_count--; 468 break; 469 470 case 0xdd: 471 skb_put_data(bcsp->rx_skb, &db, 1); 472 if ((bcsp->rx_skb->data[0] & 0x40) != 0 && 473 bcsp->rx_state != BCSP_W4_CRC) 474 bcsp_crc_update(&bcsp->message_crc, 0xdb); 475 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 476 bcsp->rx_count--; 477 break; 478 479 default: 480 BT_ERR("Invalid byte %02x after esc byte", byte); 481 kfree_skb(bcsp->rx_skb); 482 bcsp->rx_skb = NULL; 483 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 484 bcsp->rx_count = 0; 485 } 486 } 487 } 488 489 static void bcsp_complete_rx_pkt(struct hci_uart *hu) 490 { 491 struct bcsp_struct *bcsp = hu->priv; 492 int pass_up = 0; 493 494 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */ 495 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack); 496 497 /* check the rx sequence number is as expected */ 498 if ((bcsp->rx_skb->data[0] & 0x07) == bcsp->rxseq_txack) { 499 bcsp->rxseq_txack++; 500 bcsp->rxseq_txack %= 0x8; 501 } else { 502 /* handle re-transmitted packet or 503 * when packet was missed 504 */ 505 BT_ERR("Out-of-order packet arrived, got %u expected %u", 506 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack); 507 508 /* do not process out-of-order packet payload */ 509 pass_up = 2; 510 } 511 512 /* send current txack value to all received reliable packets */ 513 bcsp->txack_req = 1; 514 515 /* If needed, transmit an ack pkt */ 516 hci_uart_tx_wakeup(hu); 517 } 518 519 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07; 520 BT_DBG("Request for pkt %u from card", bcsp->rxack); 521 522 /* handle received ACK indications, 523 * including those from out-of-order packets 524 */ 525 bcsp_pkt_cull(bcsp); 526 527 if (pass_up != 2) { 528 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 && 529 (bcsp->rx_skb->data[0] & 0x80)) { 530 hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT; 531 pass_up = 1; 532 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 && 533 (bcsp->rx_skb->data[0] & 0x80)) { 534 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT; 535 pass_up = 1; 536 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) { 537 hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT; 538 pass_up = 1; 539 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 && 540 !(bcsp->rx_skb->data[0] & 0x80)) { 541 bcsp_handle_le_pkt(hu); 542 pass_up = 0; 543 } else { 544 pass_up = 0; 545 } 546 } 547 548 if (pass_up == 0) { 549 struct hci_event_hdr hdr; 550 u8 desc = (bcsp->rx_skb->data[1] & 0x0f); 551 552 if (desc != 0 && desc != 1) { 553 if (hciextn) { 554 desc |= 0xc0; 555 skb_pull(bcsp->rx_skb, 4); 556 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1); 557 558 hdr.evt = 0xff; 559 hdr.plen = bcsp->rx_skb->len; 560 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE); 561 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT; 562 563 hci_recv_frame(hu->hdev, bcsp->rx_skb); 564 } else { 565 BT_ERR("Packet for unknown channel (%u %s)", 566 bcsp->rx_skb->data[1] & 0x0f, 567 bcsp->rx_skb->data[0] & 0x80 ? 568 "reliable" : "unreliable"); 569 kfree_skb(bcsp->rx_skb); 570 } 571 } else 572 kfree_skb(bcsp->rx_skb); 573 } else if (pass_up == 1) { 574 /* Pull out BCSP hdr */ 575 skb_pull(bcsp->rx_skb, 4); 576 577 hci_recv_frame(hu->hdev, bcsp->rx_skb); 578 } else { 579 /* ignore packet payload of already ACKed re-transmitted 580 * packets or when a packet was missed in the BCSP window 581 */ 582 kfree_skb(bcsp->rx_skb); 583 } 584 585 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 586 bcsp->rx_skb = NULL; 587 } 588 589 static u16 bscp_get_crc(struct bcsp_struct *bcsp) 590 { 591 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]); 592 } 593 594 /* Recv data */ 595 static int bcsp_recv(struct hci_uart *hu, const void *data, int count) 596 { 597 struct bcsp_struct *bcsp = hu->priv; 598 const unsigned char *ptr; 599 600 BT_DBG("hu %p count %d rx_state %d rx_count %ld", 601 hu, count, bcsp->rx_state, bcsp->rx_count); 602 603 ptr = data; 604 while (count) { 605 if (bcsp->rx_count) { 606 if (*ptr == 0xc0) { 607 BT_ERR("Short BCSP packet"); 608 kfree_skb(bcsp->rx_skb); 609 bcsp->rx_state = BCSP_W4_PKT_START; 610 bcsp->rx_count = 0; 611 } else 612 bcsp_unslip_one_byte(bcsp, *ptr); 613 614 ptr++; count--; 615 continue; 616 } 617 618 switch (bcsp->rx_state) { 619 case BCSP_W4_BCSP_HDR: 620 if ((0xff & (u8)~(bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] + 621 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) { 622 BT_ERR("Error in BCSP hdr checksum"); 623 kfree_skb(bcsp->rx_skb); 624 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 625 bcsp->rx_count = 0; 626 continue; 627 } 628 bcsp->rx_state = BCSP_W4_DATA; 629 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) + 630 (bcsp->rx_skb->data[2] << 4); /* May be 0 */ 631 continue; 632 633 case BCSP_W4_DATA: 634 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */ 635 bcsp->rx_state = BCSP_W4_CRC; 636 bcsp->rx_count = 2; 637 } else 638 bcsp_complete_rx_pkt(hu); 639 continue; 640 641 case BCSP_W4_CRC: 642 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) { 643 BT_ERR("Checksum failed: computed %04x received %04x", 644 bitrev16(bcsp->message_crc), 645 bscp_get_crc(bcsp)); 646 647 kfree_skb(bcsp->rx_skb); 648 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 649 bcsp->rx_count = 0; 650 continue; 651 } 652 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2); 653 bcsp_complete_rx_pkt(hu); 654 continue; 655 656 case BCSP_W4_PKT_DELIMITER: 657 switch (*ptr) { 658 case 0xc0: 659 bcsp->rx_state = BCSP_W4_PKT_START; 660 break; 661 default: 662 /*BT_ERR("Ignoring byte %02x", *ptr);*/ 663 break; 664 } 665 ptr++; count--; 666 break; 667 668 case BCSP_W4_PKT_START: 669 switch (*ptr) { 670 case 0xc0: 671 ptr++; count--; 672 break; 673 674 default: 675 bcsp->rx_state = BCSP_W4_BCSP_HDR; 676 bcsp->rx_count = 4; 677 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 678 BCSP_CRC_INIT(bcsp->message_crc); 679 680 /* Do not increment ptr or decrement count 681 * Allocate packet. Max len of a BCSP pkt= 682 * 0xFFF (payload) +4 (header) +2 (crc) 683 */ 684 685 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC); 686 if (!bcsp->rx_skb) { 687 BT_ERR("Can't allocate mem for new packet"); 688 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 689 bcsp->rx_count = 0; 690 return 0; 691 } 692 break; 693 } 694 break; 695 } 696 } 697 return count; 698 } 699 700 /* Arrange to retransmit all messages in the relq. */ 701 static void bcsp_timed_event(struct timer_list *t) 702 { 703 struct bcsp_struct *bcsp = from_timer(bcsp, t, tbcsp); 704 struct hci_uart *hu = bcsp->hu; 705 struct sk_buff *skb; 706 unsigned long flags; 707 708 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen); 709 710 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING); 711 712 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) { 713 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07; 714 skb_queue_head(&bcsp->rel, skb); 715 } 716 717 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 718 719 hci_uart_tx_wakeup(hu); 720 } 721 722 static int bcsp_open(struct hci_uart *hu) 723 { 724 struct bcsp_struct *bcsp; 725 726 BT_DBG("hu %p", hu); 727 728 bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL); 729 if (!bcsp) 730 return -ENOMEM; 731 732 hu->priv = bcsp; 733 bcsp->hu = hu; 734 skb_queue_head_init(&bcsp->unack); 735 skb_queue_head_init(&bcsp->rel); 736 skb_queue_head_init(&bcsp->unrel); 737 738 timer_setup(&bcsp->tbcsp, bcsp_timed_event, 0); 739 740 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 741 742 if (txcrc) 743 bcsp->use_crc = 1; 744 745 return 0; 746 } 747 748 static int bcsp_close(struct hci_uart *hu) 749 { 750 struct bcsp_struct *bcsp = hu->priv; 751 752 del_timer_sync(&bcsp->tbcsp); 753 754 hu->priv = NULL; 755 756 BT_DBG("hu %p", hu); 757 758 skb_queue_purge(&bcsp->unack); 759 skb_queue_purge(&bcsp->rel); 760 skb_queue_purge(&bcsp->unrel); 761 762 kfree(bcsp); 763 return 0; 764 } 765 766 static const struct hci_uart_proto bcsp = { 767 .id = HCI_UART_BCSP, 768 .name = "BCSP", 769 .open = bcsp_open, 770 .close = bcsp_close, 771 .enqueue = bcsp_enqueue, 772 .dequeue = bcsp_dequeue, 773 .recv = bcsp_recv, 774 .flush = bcsp_flush 775 }; 776 777 int __init bcsp_init(void) 778 { 779 return hci_uart_register_proto(&bcsp); 780 } 781 782 int __exit bcsp_deinit(void) 783 { 784 return hci_uart_unregister_proto(&bcsp); 785 } 786 787 module_param(txcrc, bool, 0644); 788 MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet"); 789 790 module_param(hciextn, bool, 0644); 791 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets"); 792