1 /* 2 * Texas Instruments' Bluetooth HCILL UART protocol 3 * 4 * HCILL (HCI Low Level) is a Texas Instruments' power management 5 * protocol extension to H4. 6 * 7 * Copyright (C) 2007 Texas Instruments, Inc. 8 * 9 * Written by Ohad Ben-Cohen <ohad@bencohen.org> 10 * 11 * Acknowledgements: 12 * This file is based on hci_h4.c, which was written 13 * by Maxim Krasnyansky and Marcel Holtmann. 14 * 15 * This program is free software; you can redistribute it and/or modify 16 * it under the terms of the GNU General Public License version 2 17 * as published by the Free Software Foundation 18 * 19 * This program is distributed in the hope that it will be useful, 20 * but WITHOUT ANY WARRANTY; without even the implied warranty of 21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 * GNU General Public License for more details. 23 * 24 * You should have received a copy of the GNU General Public License 25 * along with this program; if not, write to the Free Software 26 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 27 * 28 */ 29 30 #include <linux/module.h> 31 #include <linux/kernel.h> 32 33 #include <linux/init.h> 34 #include <linux/sched.h> 35 #include <linux/types.h> 36 #include <linux/fcntl.h> 37 #include <linux/interrupt.h> 38 #include <linux/ptrace.h> 39 #include <linux/poll.h> 40 41 #include <linux/slab.h> 42 #include <linux/tty.h> 43 #include <linux/errno.h> 44 #include <linux/string.h> 45 #include <linux/signal.h> 46 #include <linux/ioctl.h> 47 #include <linux/skbuff.h> 48 49 #include <net/bluetooth/bluetooth.h> 50 #include <net/bluetooth/hci_core.h> 51 52 #include "hci_uart.h" 53 54 /* HCILL commands */ 55 #define HCILL_GO_TO_SLEEP_IND 0x30 56 #define HCILL_GO_TO_SLEEP_ACK 0x31 57 #define HCILL_WAKE_UP_IND 0x32 58 #define HCILL_WAKE_UP_ACK 0x33 59 60 /* HCILL receiver States */ 61 #define HCILL_W4_PACKET_TYPE 0 62 #define HCILL_W4_EVENT_HDR 1 63 #define HCILL_W4_ACL_HDR 2 64 #define HCILL_W4_SCO_HDR 3 65 #define HCILL_W4_DATA 4 66 67 /* HCILL states */ 68 enum hcill_states_e { 69 HCILL_ASLEEP, 70 HCILL_ASLEEP_TO_AWAKE, 71 HCILL_AWAKE, 72 HCILL_AWAKE_TO_ASLEEP 73 }; 74 75 struct hcill_cmd { 76 u8 cmd; 77 } __packed; 78 79 struct ll_struct { 80 unsigned long rx_state; 81 unsigned long rx_count; 82 struct sk_buff *rx_skb; 83 struct sk_buff_head txq; 84 spinlock_t hcill_lock; /* HCILL state lock */ 85 unsigned long hcill_state; /* HCILL power state */ 86 struct sk_buff_head tx_wait_q; /* HCILL wait queue */ 87 }; 88 89 /* 90 * Builds and sends an HCILL command packet. 91 * These are very simple packets with only 1 cmd byte 92 */ 93 static int send_hcill_cmd(u8 cmd, struct hci_uart *hu) 94 { 95 int err = 0; 96 struct sk_buff *skb = NULL; 97 struct ll_struct *ll = hu->priv; 98 struct hcill_cmd *hcill_packet; 99 100 BT_DBG("hu %p cmd 0x%x", hu, cmd); 101 102 /* allocate packet */ 103 skb = bt_skb_alloc(1, GFP_ATOMIC); 104 if (!skb) { 105 BT_ERR("cannot allocate memory for HCILL packet"); 106 err = -ENOMEM; 107 goto out; 108 } 109 110 /* prepare packet */ 111 hcill_packet = (struct hcill_cmd *) skb_put(skb, 1); 112 hcill_packet->cmd = cmd; 113 skb->dev = (void *) hu->hdev; 114 115 /* send packet */ 116 skb_queue_tail(&ll->txq, skb); 117 out: 118 return err; 119 } 120 121 /* Initialize protocol */ 122 static int ll_open(struct hci_uart *hu) 123 { 124 struct ll_struct *ll; 125 126 BT_DBG("hu %p", hu); 127 128 ll = kzalloc(sizeof(*ll), GFP_KERNEL); 129 if (!ll) 130 return -ENOMEM; 131 132 skb_queue_head_init(&ll->txq); 133 skb_queue_head_init(&ll->tx_wait_q); 134 spin_lock_init(&ll->hcill_lock); 135 136 ll->hcill_state = HCILL_AWAKE; 137 138 hu->priv = ll; 139 140 return 0; 141 } 142 143 /* Flush protocol data */ 144 static int ll_flush(struct hci_uart *hu) 145 { 146 struct ll_struct *ll = hu->priv; 147 148 BT_DBG("hu %p", hu); 149 150 skb_queue_purge(&ll->tx_wait_q); 151 skb_queue_purge(&ll->txq); 152 153 return 0; 154 } 155 156 /* Close protocol */ 157 static int ll_close(struct hci_uart *hu) 158 { 159 struct ll_struct *ll = hu->priv; 160 161 BT_DBG("hu %p", hu); 162 163 skb_queue_purge(&ll->tx_wait_q); 164 skb_queue_purge(&ll->txq); 165 166 kfree_skb(ll->rx_skb); 167 168 hu->priv = NULL; 169 170 kfree(ll); 171 172 return 0; 173 } 174 175 /* 176 * internal function, which does common work of the device wake up process: 177 * 1. places all pending packets (waiting in tx_wait_q list) in txq list. 178 * 2. changes internal state to HCILL_AWAKE. 179 * Note: assumes that hcill_lock spinlock is taken, 180 * shouldn't be called otherwise! 181 */ 182 static void __ll_do_awake(struct ll_struct *ll) 183 { 184 struct sk_buff *skb = NULL; 185 186 while ((skb = skb_dequeue(&ll->tx_wait_q))) 187 skb_queue_tail(&ll->txq, skb); 188 189 ll->hcill_state = HCILL_AWAKE; 190 } 191 192 /* 193 * Called upon a wake-up-indication from the device 194 */ 195 static void ll_device_want_to_wakeup(struct hci_uart *hu) 196 { 197 unsigned long flags; 198 struct ll_struct *ll = hu->priv; 199 200 BT_DBG("hu %p", hu); 201 202 /* lock hcill state */ 203 spin_lock_irqsave(&ll->hcill_lock, flags); 204 205 switch (ll->hcill_state) { 206 case HCILL_ASLEEP_TO_AWAKE: 207 /* 208 * This state means that both the host and the BRF chip 209 * have simultaneously sent a wake-up-indication packet. 210 * Traditionally, in this case, receiving a wake-up-indication 211 * was enough and an additional wake-up-ack wasn't needed. 212 * This has changed with the BRF6350, which does require an 213 * explicit wake-up-ack. Other BRF versions, which do not 214 * require an explicit ack here, do accept it, thus it is 215 * perfectly safe to always send one. 216 */ 217 BT_DBG("dual wake-up-indication"); 218 /* deliberate fall-through - do not add break */ 219 case HCILL_ASLEEP: 220 /* acknowledge device wake up */ 221 if (send_hcill_cmd(HCILL_WAKE_UP_ACK, hu) < 0) { 222 BT_ERR("cannot acknowledge device wake up"); 223 goto out; 224 } 225 break; 226 default: 227 /* any other state is illegal */ 228 BT_ERR("received HCILL_WAKE_UP_IND in state %ld", ll->hcill_state); 229 break; 230 } 231 232 /* send pending packets and change state to HCILL_AWAKE */ 233 __ll_do_awake(ll); 234 235 out: 236 spin_unlock_irqrestore(&ll->hcill_lock, flags); 237 238 /* actually send the packets */ 239 hci_uart_tx_wakeup(hu); 240 } 241 242 /* 243 * Called upon a sleep-indication from the device 244 */ 245 static void ll_device_want_to_sleep(struct hci_uart *hu) 246 { 247 unsigned long flags; 248 struct ll_struct *ll = hu->priv; 249 250 BT_DBG("hu %p", hu); 251 252 /* lock hcill state */ 253 spin_lock_irqsave(&ll->hcill_lock, flags); 254 255 /* sanity check */ 256 if (ll->hcill_state != HCILL_AWAKE) 257 BT_ERR("ERR: HCILL_GO_TO_SLEEP_IND in state %ld", ll->hcill_state); 258 259 /* acknowledge device sleep */ 260 if (send_hcill_cmd(HCILL_GO_TO_SLEEP_ACK, hu) < 0) { 261 BT_ERR("cannot acknowledge device sleep"); 262 goto out; 263 } 264 265 /* update state */ 266 ll->hcill_state = HCILL_ASLEEP; 267 268 out: 269 spin_unlock_irqrestore(&ll->hcill_lock, flags); 270 271 /* actually send the sleep ack packet */ 272 hci_uart_tx_wakeup(hu); 273 } 274 275 /* 276 * Called upon wake-up-acknowledgement from the device 277 */ 278 static void ll_device_woke_up(struct hci_uart *hu) 279 { 280 unsigned long flags; 281 struct ll_struct *ll = hu->priv; 282 283 BT_DBG("hu %p", hu); 284 285 /* lock hcill state */ 286 spin_lock_irqsave(&ll->hcill_lock, flags); 287 288 /* sanity check */ 289 if (ll->hcill_state != HCILL_ASLEEP_TO_AWAKE) 290 BT_ERR("received HCILL_WAKE_UP_ACK in state %ld", ll->hcill_state); 291 292 /* send pending packets and change state to HCILL_AWAKE */ 293 __ll_do_awake(ll); 294 295 spin_unlock_irqrestore(&ll->hcill_lock, flags); 296 297 /* actually send the packets */ 298 hci_uart_tx_wakeup(hu); 299 } 300 301 /* Enqueue frame for transmittion (padding, crc, etc) */ 302 /* may be called from two simultaneous tasklets */ 303 static int ll_enqueue(struct hci_uart *hu, struct sk_buff *skb) 304 { 305 unsigned long flags = 0; 306 struct ll_struct *ll = hu->priv; 307 308 BT_DBG("hu %p skb %p", hu, skb); 309 310 /* Prepend skb with frame type */ 311 memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1); 312 313 /* lock hcill state */ 314 spin_lock_irqsave(&ll->hcill_lock, flags); 315 316 /* act according to current state */ 317 switch (ll->hcill_state) { 318 case HCILL_AWAKE: 319 BT_DBG("device awake, sending normally"); 320 skb_queue_tail(&ll->txq, skb); 321 break; 322 case HCILL_ASLEEP: 323 BT_DBG("device asleep, waking up and queueing packet"); 324 /* save packet for later */ 325 skb_queue_tail(&ll->tx_wait_q, skb); 326 /* awake device */ 327 if (send_hcill_cmd(HCILL_WAKE_UP_IND, hu) < 0) { 328 BT_ERR("cannot wake up device"); 329 break; 330 } 331 ll->hcill_state = HCILL_ASLEEP_TO_AWAKE; 332 break; 333 case HCILL_ASLEEP_TO_AWAKE: 334 BT_DBG("device waking up, queueing packet"); 335 /* transient state; just keep packet for later */ 336 skb_queue_tail(&ll->tx_wait_q, skb); 337 break; 338 default: 339 BT_ERR("illegal hcill state: %ld (losing packet)", ll->hcill_state); 340 kfree_skb(skb); 341 break; 342 } 343 344 spin_unlock_irqrestore(&ll->hcill_lock, flags); 345 346 return 0; 347 } 348 349 static inline int ll_check_data_len(struct ll_struct *ll, int len) 350 { 351 int room = skb_tailroom(ll->rx_skb); 352 353 BT_DBG("len %d room %d", len, room); 354 355 if (!len) { 356 hci_recv_frame(ll->rx_skb); 357 } else if (len > room) { 358 BT_ERR("Data length is too large"); 359 kfree_skb(ll->rx_skb); 360 } else { 361 ll->rx_state = HCILL_W4_DATA; 362 ll->rx_count = len; 363 return len; 364 } 365 366 ll->rx_state = HCILL_W4_PACKET_TYPE; 367 ll->rx_skb = NULL; 368 ll->rx_count = 0; 369 370 return 0; 371 } 372 373 /* Recv data */ 374 static int ll_recv(struct hci_uart *hu, void *data, int count) 375 { 376 struct ll_struct *ll = hu->priv; 377 char *ptr; 378 struct hci_event_hdr *eh; 379 struct hci_acl_hdr *ah; 380 struct hci_sco_hdr *sh; 381 int len, type, dlen; 382 383 BT_DBG("hu %p count %d rx_state %ld rx_count %ld", hu, count, ll->rx_state, ll->rx_count); 384 385 ptr = data; 386 while (count) { 387 if (ll->rx_count) { 388 len = min_t(unsigned int, ll->rx_count, count); 389 memcpy(skb_put(ll->rx_skb, len), ptr, len); 390 ll->rx_count -= len; count -= len; ptr += len; 391 392 if (ll->rx_count) 393 continue; 394 395 switch (ll->rx_state) { 396 case HCILL_W4_DATA: 397 BT_DBG("Complete data"); 398 hci_recv_frame(ll->rx_skb); 399 400 ll->rx_state = HCILL_W4_PACKET_TYPE; 401 ll->rx_skb = NULL; 402 continue; 403 404 case HCILL_W4_EVENT_HDR: 405 eh = hci_event_hdr(ll->rx_skb); 406 407 BT_DBG("Event header: evt 0x%2.2x plen %d", eh->evt, eh->plen); 408 409 ll_check_data_len(ll, eh->plen); 410 continue; 411 412 case HCILL_W4_ACL_HDR: 413 ah = hci_acl_hdr(ll->rx_skb); 414 dlen = __le16_to_cpu(ah->dlen); 415 416 BT_DBG("ACL header: dlen %d", dlen); 417 418 ll_check_data_len(ll, dlen); 419 continue; 420 421 case HCILL_W4_SCO_HDR: 422 sh = hci_sco_hdr(ll->rx_skb); 423 424 BT_DBG("SCO header: dlen %d", sh->dlen); 425 426 ll_check_data_len(ll, sh->dlen); 427 continue; 428 } 429 } 430 431 /* HCILL_W4_PACKET_TYPE */ 432 switch (*ptr) { 433 case HCI_EVENT_PKT: 434 BT_DBG("Event packet"); 435 ll->rx_state = HCILL_W4_EVENT_HDR; 436 ll->rx_count = HCI_EVENT_HDR_SIZE; 437 type = HCI_EVENT_PKT; 438 break; 439 440 case HCI_ACLDATA_PKT: 441 BT_DBG("ACL packet"); 442 ll->rx_state = HCILL_W4_ACL_HDR; 443 ll->rx_count = HCI_ACL_HDR_SIZE; 444 type = HCI_ACLDATA_PKT; 445 break; 446 447 case HCI_SCODATA_PKT: 448 BT_DBG("SCO packet"); 449 ll->rx_state = HCILL_W4_SCO_HDR; 450 ll->rx_count = HCI_SCO_HDR_SIZE; 451 type = HCI_SCODATA_PKT; 452 break; 453 454 /* HCILL signals */ 455 case HCILL_GO_TO_SLEEP_IND: 456 BT_DBG("HCILL_GO_TO_SLEEP_IND packet"); 457 ll_device_want_to_sleep(hu); 458 ptr++; count--; 459 continue; 460 461 case HCILL_GO_TO_SLEEP_ACK: 462 /* shouldn't happen */ 463 BT_ERR("received HCILL_GO_TO_SLEEP_ACK (in state %ld)", ll->hcill_state); 464 ptr++; count--; 465 continue; 466 467 case HCILL_WAKE_UP_IND: 468 BT_DBG("HCILL_WAKE_UP_IND packet"); 469 ll_device_want_to_wakeup(hu); 470 ptr++; count--; 471 continue; 472 473 case HCILL_WAKE_UP_ACK: 474 BT_DBG("HCILL_WAKE_UP_ACK packet"); 475 ll_device_woke_up(hu); 476 ptr++; count--; 477 continue; 478 479 default: 480 BT_ERR("Unknown HCI packet type %2.2x", (__u8)*ptr); 481 hu->hdev->stat.err_rx++; 482 ptr++; count--; 483 continue; 484 }; 485 486 ptr++; count--; 487 488 /* Allocate packet */ 489 ll->rx_skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC); 490 if (!ll->rx_skb) { 491 BT_ERR("Can't allocate mem for new packet"); 492 ll->rx_state = HCILL_W4_PACKET_TYPE; 493 ll->rx_count = 0; 494 return -ENOMEM; 495 } 496 497 ll->rx_skb->dev = (void *) hu->hdev; 498 bt_cb(ll->rx_skb)->pkt_type = type; 499 } 500 501 return count; 502 } 503 504 static struct sk_buff *ll_dequeue(struct hci_uart *hu) 505 { 506 struct ll_struct *ll = hu->priv; 507 return skb_dequeue(&ll->txq); 508 } 509 510 static struct hci_uart_proto llp = { 511 .id = HCI_UART_LL, 512 .open = ll_open, 513 .close = ll_close, 514 .recv = ll_recv, 515 .enqueue = ll_enqueue, 516 .dequeue = ll_dequeue, 517 .flush = ll_flush, 518 }; 519 520 int __init ll_init(void) 521 { 522 int err = hci_uart_register_proto(&llp); 523 524 if (!err) 525 BT_INFO("HCILL protocol initialized"); 526 else 527 BT_ERR("HCILL protocol registration failed"); 528 529 return err; 530 } 531 532 int __exit ll_deinit(void) 533 { 534 return hci_uart_unregister_proto(&llp); 535 } 536