1 // SPDX-License-Identifier: GPL-2.0-only 2 3 #include <linux/module.h> 4 #include <linux/virtio.h> 5 #include <linux/virtio_config.h> 6 #include <linux/skbuff.h> 7 8 #include <uapi/linux/virtio_ids.h> 9 #include <uapi/linux/virtio_bt.h> 10 11 #include <net/bluetooth/bluetooth.h> 12 #include <net/bluetooth/hci_core.h> 13 14 #define VERSION "0.1" 15 #define VIRTBT_RX_BUF_SIZE 1000 16 17 enum { 18 VIRTBT_VQ_TX, 19 VIRTBT_VQ_RX, 20 VIRTBT_NUM_VQS, 21 }; 22 23 struct virtio_bluetooth { 24 struct virtio_device *vdev; 25 struct virtqueue *vqs[VIRTBT_NUM_VQS]; 26 struct work_struct rx; 27 struct hci_dev *hdev; 28 }; 29 30 static int virtbt_add_inbuf(struct virtio_bluetooth *vbt) 31 { 32 struct virtqueue *vq = vbt->vqs[VIRTBT_VQ_RX]; 33 struct scatterlist sg[1]; 34 struct sk_buff *skb; 35 int err; 36 37 skb = alloc_skb(VIRTBT_RX_BUF_SIZE, GFP_KERNEL); 38 if (!skb) 39 return -ENOMEM; 40 41 sg_init_one(sg, skb->data, VIRTBT_RX_BUF_SIZE); 42 43 err = virtqueue_add_inbuf(vq, sg, 1, skb, GFP_KERNEL); 44 if (err < 0) { 45 kfree_skb(skb); 46 return err; 47 } 48 49 return 0; 50 } 51 52 static int virtbt_open(struct hci_dev *hdev) 53 { 54 return 0; 55 } 56 57 static int virtbt_open_vdev(struct virtio_bluetooth *vbt) 58 { 59 if (virtbt_add_inbuf(vbt) < 0) 60 return -EIO; 61 62 virtqueue_kick(vbt->vqs[VIRTBT_VQ_RX]); 63 return 0; 64 } 65 66 static int virtbt_close(struct hci_dev *hdev) 67 { 68 return 0; 69 } 70 71 static int virtbt_close_vdev(struct virtio_bluetooth *vbt) 72 { 73 int i; 74 75 cancel_work_sync(&vbt->rx); 76 77 for (i = 0; i < ARRAY_SIZE(vbt->vqs); i++) { 78 struct virtqueue *vq = vbt->vqs[i]; 79 struct sk_buff *skb; 80 81 while ((skb = virtqueue_detach_unused_buf(vq))) 82 kfree_skb(skb); 83 cond_resched(); 84 } 85 86 return 0; 87 } 88 89 static int virtbt_flush(struct hci_dev *hdev) 90 { 91 return 0; 92 } 93 94 static int virtbt_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 95 { 96 struct virtio_bluetooth *vbt = hci_get_drvdata(hdev); 97 struct scatterlist sg[1]; 98 int err; 99 100 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1); 101 102 sg_init_one(sg, skb->data, skb->len); 103 err = virtqueue_add_outbuf(vbt->vqs[VIRTBT_VQ_TX], sg, 1, skb, 104 GFP_KERNEL); 105 if (err) { 106 kfree_skb(skb); 107 return err; 108 } 109 110 virtqueue_kick(vbt->vqs[VIRTBT_VQ_TX]); 111 return 0; 112 } 113 114 static int virtbt_setup_zephyr(struct hci_dev *hdev) 115 { 116 struct sk_buff *skb; 117 118 /* Read Build Information */ 119 skb = __hci_cmd_sync(hdev, 0xfc08, 0, NULL, HCI_INIT_TIMEOUT); 120 if (IS_ERR(skb)) 121 return PTR_ERR(skb); 122 123 bt_dev_info(hdev, "%s", (char *)(skb->data + 1)); 124 125 hci_set_fw_info(hdev, "%s", skb->data + 1); 126 127 kfree_skb(skb); 128 return 0; 129 } 130 131 static int virtbt_set_bdaddr_zephyr(struct hci_dev *hdev, 132 const bdaddr_t *bdaddr) 133 { 134 struct sk_buff *skb; 135 136 /* Write BD_ADDR */ 137 skb = __hci_cmd_sync(hdev, 0xfc06, 6, bdaddr, HCI_INIT_TIMEOUT); 138 if (IS_ERR(skb)) 139 return PTR_ERR(skb); 140 141 kfree_skb(skb); 142 return 0; 143 } 144 145 static int virtbt_setup_intel(struct hci_dev *hdev) 146 { 147 struct sk_buff *skb; 148 149 /* Intel Read Version */ 150 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT); 151 if (IS_ERR(skb)) 152 return PTR_ERR(skb); 153 154 kfree_skb(skb); 155 return 0; 156 } 157 158 static int virtbt_set_bdaddr_intel(struct hci_dev *hdev, const bdaddr_t *bdaddr) 159 { 160 struct sk_buff *skb; 161 162 /* Intel Write BD Address */ 163 skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT); 164 if (IS_ERR(skb)) 165 return PTR_ERR(skb); 166 167 kfree_skb(skb); 168 return 0; 169 } 170 171 static int virtbt_setup_realtek(struct hci_dev *hdev) 172 { 173 struct sk_buff *skb; 174 175 /* Read ROM Version */ 176 skb = __hci_cmd_sync(hdev, 0xfc6d, 0, NULL, HCI_INIT_TIMEOUT); 177 if (IS_ERR(skb)) 178 return PTR_ERR(skb); 179 180 bt_dev_info(hdev, "ROM version %u", *((__u8 *) (skb->data + 1))); 181 182 kfree_skb(skb); 183 return 0; 184 } 185 186 static int virtbt_shutdown_generic(struct hci_dev *hdev) 187 { 188 struct sk_buff *skb; 189 190 /* Reset */ 191 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 192 if (IS_ERR(skb)) 193 return PTR_ERR(skb); 194 195 kfree_skb(skb); 196 return 0; 197 } 198 199 static void virtbt_rx_handle(struct virtio_bluetooth *vbt, struct sk_buff *skb) 200 { 201 size_t min_hdr; 202 __u8 pkt_type; 203 204 pkt_type = *((__u8 *) skb->data); 205 skb_pull(skb, 1); 206 207 switch (pkt_type) { 208 case HCI_EVENT_PKT: 209 min_hdr = sizeof(struct hci_event_hdr); 210 break; 211 case HCI_ACLDATA_PKT: 212 min_hdr = sizeof(struct hci_acl_hdr); 213 break; 214 case HCI_SCODATA_PKT: 215 min_hdr = sizeof(struct hci_sco_hdr); 216 break; 217 case HCI_ISODATA_PKT: 218 min_hdr = sizeof(struct hci_iso_hdr); 219 break; 220 default: 221 kfree_skb(skb); 222 return; 223 } 224 225 if (skb->len < min_hdr) { 226 bt_dev_err_ratelimited(vbt->hdev, 227 "rx pkt_type 0x%02x payload %u < hdr %zu\n", 228 pkt_type, skb->len, min_hdr); 229 kfree_skb(skb); 230 return; 231 } 232 233 hci_skb_pkt_type(skb) = pkt_type; 234 hci_recv_frame(vbt->hdev, skb); 235 } 236 237 static void virtbt_rx_work(struct work_struct *work) 238 { 239 struct virtio_bluetooth *vbt = container_of(work, 240 struct virtio_bluetooth, rx); 241 struct sk_buff *skb; 242 unsigned int len; 243 244 skb = virtqueue_get_buf(vbt->vqs[VIRTBT_VQ_RX], &len); 245 if (!skb) 246 return; 247 248 if (!len || len > VIRTBT_RX_BUF_SIZE) { 249 bt_dev_err_ratelimited(vbt->hdev, 250 "rx reply len %u outside [1, %u]\n", 251 len, VIRTBT_RX_BUF_SIZE); 252 kfree_skb(skb); 253 } else { 254 skb_put(skb, len); 255 virtbt_rx_handle(vbt, skb); 256 } 257 258 if (virtbt_add_inbuf(vbt) < 0) 259 return; 260 261 virtqueue_kick(vbt->vqs[VIRTBT_VQ_RX]); 262 } 263 264 static void virtbt_tx_done(struct virtqueue *vq) 265 { 266 struct sk_buff *skb; 267 unsigned int len; 268 269 while ((skb = virtqueue_get_buf(vq, &len))) 270 kfree_skb(skb); 271 } 272 273 static void virtbt_rx_done(struct virtqueue *vq) 274 { 275 struct virtio_bluetooth *vbt = vq->vdev->priv; 276 277 schedule_work(&vbt->rx); 278 } 279 280 static int virtbt_probe(struct virtio_device *vdev) 281 { 282 struct virtqueue_info vqs_info[VIRTBT_NUM_VQS] = { 283 [VIRTBT_VQ_TX] = { "tx", virtbt_tx_done }, 284 [VIRTBT_VQ_RX] = { "rx", virtbt_rx_done }, 285 }; 286 struct virtio_bluetooth *vbt; 287 struct hci_dev *hdev; 288 int err; 289 __u8 type; 290 291 if (!virtio_has_feature(vdev, VIRTIO_F_VERSION_1)) 292 return -ENODEV; 293 294 type = virtio_cread8(vdev, offsetof(struct virtio_bt_config, type)); 295 296 switch (type) { 297 case VIRTIO_BT_CONFIG_TYPE_PRIMARY: 298 break; 299 default: 300 return -EINVAL; 301 } 302 303 vbt = kzalloc_obj(*vbt); 304 if (!vbt) 305 return -ENOMEM; 306 307 vdev->priv = vbt; 308 vbt->vdev = vdev; 309 310 INIT_WORK(&vbt->rx, virtbt_rx_work); 311 312 err = virtio_find_vqs(vdev, VIRTBT_NUM_VQS, vbt->vqs, vqs_info, NULL); 313 if (err) 314 return err; 315 316 hdev = hci_alloc_dev(); 317 if (!hdev) { 318 err = -ENOMEM; 319 goto failed; 320 } 321 322 vbt->hdev = hdev; 323 324 hdev->bus = HCI_VIRTIO; 325 hci_set_drvdata(hdev, vbt); 326 327 hdev->open = virtbt_open; 328 hdev->close = virtbt_close; 329 hdev->flush = virtbt_flush; 330 hdev->send = virtbt_send_frame; 331 332 if (virtio_has_feature(vdev, VIRTIO_BT_F_VND_HCI)) { 333 __u16 vendor; 334 335 if (virtio_has_feature(vdev, VIRTIO_BT_F_CONFIG_V2)) 336 virtio_cread(vdev, struct virtio_bt_config_v2, 337 vendor, &vendor); 338 else 339 virtio_cread(vdev, struct virtio_bt_config, 340 vendor, &vendor); 341 342 switch (vendor) { 343 case VIRTIO_BT_CONFIG_VENDOR_ZEPHYR: 344 hdev->manufacturer = 1521; 345 hdev->setup = virtbt_setup_zephyr; 346 hdev->shutdown = virtbt_shutdown_generic; 347 hdev->set_bdaddr = virtbt_set_bdaddr_zephyr; 348 break; 349 350 case VIRTIO_BT_CONFIG_VENDOR_INTEL: 351 hdev->manufacturer = 2; 352 hdev->setup = virtbt_setup_intel; 353 hdev->shutdown = virtbt_shutdown_generic; 354 hdev->set_bdaddr = virtbt_set_bdaddr_intel; 355 hci_set_quirk(hdev, HCI_QUIRK_STRICT_DUPLICATE_FILTER); 356 hci_set_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY); 357 hci_set_quirk(hdev, HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED); 358 break; 359 360 case VIRTIO_BT_CONFIG_VENDOR_REALTEK: 361 hdev->manufacturer = 93; 362 hdev->setup = virtbt_setup_realtek; 363 hdev->shutdown = virtbt_shutdown_generic; 364 hci_set_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY); 365 hci_set_quirk(hdev, HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED); 366 break; 367 } 368 } 369 370 if (virtio_has_feature(vdev, VIRTIO_BT_F_MSFT_EXT)) { 371 __u16 msft_opcode; 372 373 if (virtio_has_feature(vdev, VIRTIO_BT_F_CONFIG_V2)) 374 virtio_cread(vdev, struct virtio_bt_config_v2, 375 msft_opcode, &msft_opcode); 376 else 377 virtio_cread(vdev, struct virtio_bt_config, 378 msft_opcode, &msft_opcode); 379 380 hci_set_msft_opcode(hdev, msft_opcode); 381 } 382 383 if (virtio_has_feature(vdev, VIRTIO_BT_F_AOSP_EXT)) 384 hci_set_aosp_capable(hdev); 385 386 if (hci_register_dev(hdev) < 0) { 387 hci_free_dev(hdev); 388 err = -EBUSY; 389 goto failed; 390 } 391 392 virtio_device_ready(vdev); 393 err = virtbt_open_vdev(vbt); 394 if (err) 395 goto open_failed; 396 397 return 0; 398 399 open_failed: 400 hci_free_dev(hdev); 401 failed: 402 vdev->config->del_vqs(vdev); 403 return err; 404 } 405 406 static void virtbt_remove(struct virtio_device *vdev) 407 { 408 struct virtio_bluetooth *vbt = vdev->priv; 409 struct hci_dev *hdev = vbt->hdev; 410 411 hci_unregister_dev(hdev); 412 virtio_reset_device(vdev); 413 virtbt_close_vdev(vbt); 414 415 hci_free_dev(hdev); 416 vbt->hdev = NULL; 417 418 vdev->config->del_vqs(vdev); 419 kfree(vbt); 420 } 421 422 static struct virtio_device_id virtbt_table[] = { 423 { VIRTIO_ID_BT, VIRTIO_DEV_ANY_ID }, 424 { 0 }, 425 }; 426 427 MODULE_DEVICE_TABLE(virtio, virtbt_table); 428 429 static const unsigned int virtbt_features[] = { 430 VIRTIO_BT_F_VND_HCI, 431 VIRTIO_BT_F_MSFT_EXT, 432 VIRTIO_BT_F_AOSP_EXT, 433 VIRTIO_BT_F_CONFIG_V2, 434 }; 435 436 static struct virtio_driver virtbt_driver = { 437 .driver.name = KBUILD_MODNAME, 438 .feature_table = virtbt_features, 439 .feature_table_size = ARRAY_SIZE(virtbt_features), 440 .id_table = virtbt_table, 441 .probe = virtbt_probe, 442 .remove = virtbt_remove, 443 }; 444 445 module_virtio_driver(virtbt_driver); 446 447 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 448 MODULE_DESCRIPTION("Generic Bluetooth VIRTIO driver ver " VERSION); 449 MODULE_VERSION(VERSION); 450 MODULE_LICENSE("GPL"); 451