1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Bluetooth HCI UART driver 5 * 6 * Copyright (C) 2000-2001 Qualcomm Incorporated 7 * Copyright (C) 2002-2003 Maxim Krasnyansky <maxk@qualcomm.com> 8 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org> 9 */ 10 11 #include <linux/module.h> 12 13 #include <linux/kernel.h> 14 #include <linux/init.h> 15 #include <linux/types.h> 16 #include <linux/fcntl.h> 17 #include <linux/interrupt.h> 18 #include <linux/ptrace.h> 19 #include <linux/poll.h> 20 21 #include <linux/slab.h> 22 #include <linux/tty.h> 23 #include <linux/errno.h> 24 #include <linux/string.h> 25 #include <linux/signal.h> 26 #include <linux/ioctl.h> 27 #include <linux/skbuff.h> 28 #include <asm/unaligned.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 33 #include "hci_uart.h" 34 35 struct h4_struct { 36 struct sk_buff *rx_skb; 37 struct sk_buff_head txq; 38 }; 39 40 /* Initialize protocol */ 41 static int h4_open(struct hci_uart *hu) 42 { 43 struct h4_struct *h4; 44 45 BT_DBG("hu %p", hu); 46 47 h4 = kzalloc(sizeof(*h4), GFP_KERNEL); 48 if (!h4) 49 return -ENOMEM; 50 51 skb_queue_head_init(&h4->txq); 52 53 hu->priv = h4; 54 return 0; 55 } 56 57 /* Flush protocol data */ 58 static int h4_flush(struct hci_uart *hu) 59 { 60 struct h4_struct *h4 = hu->priv; 61 62 BT_DBG("hu %p", hu); 63 64 skb_queue_purge(&h4->txq); 65 66 return 0; 67 } 68 69 /* Close protocol */ 70 static int h4_close(struct hci_uart *hu) 71 { 72 struct h4_struct *h4 = hu->priv; 73 74 hu->priv = NULL; 75 76 BT_DBG("hu %p", hu); 77 78 skb_queue_purge(&h4->txq); 79 80 kfree_skb(h4->rx_skb); 81 82 hu->priv = NULL; 83 kfree(h4); 84 85 return 0; 86 } 87 88 /* Enqueue frame for transmittion (padding, crc, etc) */ 89 static int h4_enqueue(struct hci_uart *hu, struct sk_buff *skb) 90 { 91 struct h4_struct *h4 = hu->priv; 92 93 BT_DBG("hu %p skb %p", hu, skb); 94 95 /* Prepend skb with frame type */ 96 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1); 97 skb_queue_tail(&h4->txq, skb); 98 99 return 0; 100 } 101 102 static const struct h4_recv_pkt h4_recv_pkts[] = { 103 { H4_RECV_ACL, .recv = hci_recv_frame }, 104 { H4_RECV_SCO, .recv = hci_recv_frame }, 105 { H4_RECV_EVENT, .recv = hci_recv_frame }, 106 { H4_RECV_ISO, .recv = hci_recv_frame }, 107 }; 108 109 /* Recv data */ 110 static int h4_recv(struct hci_uart *hu, const void *data, int count) 111 { 112 struct h4_struct *h4 = hu->priv; 113 114 if (!test_bit(HCI_UART_REGISTERED, &hu->flags)) 115 return -EUNATCH; 116 117 h4->rx_skb = h4_recv_buf(hu->hdev, h4->rx_skb, data, count, 118 h4_recv_pkts, ARRAY_SIZE(h4_recv_pkts)); 119 if (IS_ERR(h4->rx_skb)) { 120 int err = PTR_ERR(h4->rx_skb); 121 bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err); 122 h4->rx_skb = NULL; 123 return err; 124 } 125 126 return count; 127 } 128 129 static struct sk_buff *h4_dequeue(struct hci_uart *hu) 130 { 131 struct h4_struct *h4 = hu->priv; 132 return skb_dequeue(&h4->txq); 133 } 134 135 static const struct hci_uart_proto h4p = { 136 .id = HCI_UART_H4, 137 .name = "H4", 138 .open = h4_open, 139 .close = h4_close, 140 .recv = h4_recv, 141 .enqueue = h4_enqueue, 142 .dequeue = h4_dequeue, 143 .flush = h4_flush, 144 }; 145 146 int __init h4_init(void) 147 { 148 return hci_uart_register_proto(&h4p); 149 } 150 151 int __exit h4_deinit(void) 152 { 153 return hci_uart_unregister_proto(&h4p); 154 } 155 156 struct sk_buff *h4_recv_buf(struct hci_dev *hdev, struct sk_buff *skb, 157 const unsigned char *buffer, int count, 158 const struct h4_recv_pkt *pkts, int pkts_count) 159 { 160 struct hci_uart *hu = hci_get_drvdata(hdev); 161 u8 alignment = hu->alignment ? hu->alignment : 1; 162 163 /* Check for error from previous call */ 164 if (IS_ERR(skb)) 165 skb = NULL; 166 167 while (count) { 168 int i, len; 169 170 /* remove padding bytes from buffer */ 171 for (; hu->padding && count > 0; hu->padding--) { 172 count--; 173 buffer++; 174 } 175 if (!count) 176 break; 177 178 if (!skb) { 179 for (i = 0; i < pkts_count; i++) { 180 if (buffer[0] != (&pkts[i])->type) 181 continue; 182 183 skb = bt_skb_alloc((&pkts[i])->maxlen, 184 GFP_ATOMIC); 185 if (!skb) 186 return ERR_PTR(-ENOMEM); 187 188 hci_skb_pkt_type(skb) = (&pkts[i])->type; 189 hci_skb_expect(skb) = (&pkts[i])->hlen; 190 break; 191 } 192 193 /* Check for invalid packet type */ 194 if (!skb) 195 return ERR_PTR(-EILSEQ); 196 197 count -= 1; 198 buffer += 1; 199 } 200 201 len = min_t(uint, hci_skb_expect(skb) - skb->len, count); 202 skb_put_data(skb, buffer, len); 203 204 count -= len; 205 buffer += len; 206 207 /* Check for partial packet */ 208 if (skb->len < hci_skb_expect(skb)) 209 continue; 210 211 for (i = 0; i < pkts_count; i++) { 212 if (hci_skb_pkt_type(skb) == (&pkts[i])->type) 213 break; 214 } 215 216 if (i >= pkts_count) { 217 kfree_skb(skb); 218 return ERR_PTR(-EILSEQ); 219 } 220 221 if (skb->len == (&pkts[i])->hlen) { 222 u16 dlen; 223 224 switch ((&pkts[i])->lsize) { 225 case 0: 226 /* No variable data length */ 227 dlen = 0; 228 break; 229 case 1: 230 /* Single octet variable length */ 231 dlen = skb->data[(&pkts[i])->loff]; 232 hci_skb_expect(skb) += dlen; 233 234 if (skb_tailroom(skb) < dlen) { 235 kfree_skb(skb); 236 return ERR_PTR(-EMSGSIZE); 237 } 238 break; 239 case 2: 240 /* Double octet variable length */ 241 dlen = get_unaligned_le16(skb->data + 242 (&pkts[i])->loff); 243 hci_skb_expect(skb) += dlen; 244 245 if (skb_tailroom(skb) < dlen) { 246 kfree_skb(skb); 247 return ERR_PTR(-EMSGSIZE); 248 } 249 break; 250 default: 251 /* Unsupported variable length */ 252 kfree_skb(skb); 253 return ERR_PTR(-EILSEQ); 254 } 255 256 if (!dlen) { 257 hu->padding = (skb->len - 1) % alignment; 258 hu->padding = (alignment - hu->padding) % alignment; 259 260 /* No more data, complete frame */ 261 (&pkts[i])->recv(hdev, skb); 262 skb = NULL; 263 } 264 } else { 265 hu->padding = (skb->len - 1) % alignment; 266 hu->padding = (alignment - hu->padding) % alignment; 267 268 /* Complete frame */ 269 (&pkts[i])->recv(hdev, skb); 270 skb = NULL; 271 } 272 } 273 274 return skb; 275 } 276 EXPORT_SYMBOL_GPL(h4_recv_buf); 277