1 /* 2 BlueCore Serial Protocol (BCSP) for Linux Bluetooth stack (BlueZ). 3 Copyright 2002 by Fabrizio Gennari <fabrizio.gennari@philips.com> 4 5 Based on 6 hci_h4.c by Maxim Krasnyansky <maxk@qualcomm.com> 7 ABCSP by Carl Orsborn <cjo@csr.com> 8 9 This program is free software; you can redistribute it and/or modify 10 it under the terms of the GNU General Public License version 2 as 11 published by the Free Software Foundation; 12 13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 24 SOFTWARE IS DISCLAIMED. 25 */ 26 27 /* 28 * $Id: hci_bcsp.c,v 1.2 2002/09/26 05:05:14 maxk Exp $ 29 */ 30 31 #define VERSION "0.2" 32 33 #include <linux/config.h> 34 #include <linux/module.h> 35 36 #include <linux/kernel.h> 37 #include <linux/init.h> 38 #include <linux/sched.h> 39 #include <linux/types.h> 40 #include <linux/fcntl.h> 41 #include <linux/interrupt.h> 42 #include <linux/ptrace.h> 43 #include <linux/poll.h> 44 45 #include <linux/slab.h> 46 #include <linux/tty.h> 47 #include <linux/errno.h> 48 #include <linux/string.h> 49 #include <linux/signal.h> 50 #include <linux/ioctl.h> 51 #include <linux/skbuff.h> 52 53 #include <net/bluetooth/bluetooth.h> 54 #include <net/bluetooth/hci_core.h> 55 #include "hci_uart.h" 56 #include "hci_bcsp.h" 57 58 #ifndef CONFIG_BT_HCIUART_DEBUG 59 #undef BT_DBG 60 #define BT_DBG( A... ) 61 #endif 62 63 static int hciextn = 1; 64 65 /* ---- BCSP CRC calculation ---- */ 66 67 /* Table for calculating CRC for polynomial 0x1021, LSB processed first, 68 initial value 0xffff, bits shifted in reverse order. */ 69 70 static const u16 crc_table[] = { 71 0x0000, 0x1081, 0x2102, 0x3183, 72 0x4204, 0x5285, 0x6306, 0x7387, 73 0x8408, 0x9489, 0xa50a, 0xb58b, 74 0xc60c, 0xd68d, 0xe70e, 0xf78f 75 }; 76 77 /* Initialise the crc calculator */ 78 #define BCSP_CRC_INIT(x) x = 0xffff 79 80 /* 81 Update crc with next data byte 82 83 Implementation note 84 The data byte is treated as two nibbles. The crc is generated 85 in reverse, i.e., bits are fed into the register from the top. 86 */ 87 static void bcsp_crc_update(u16 *crc, u8 d) 88 { 89 u16 reg = *crc; 90 91 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f]; 92 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f]; 93 94 *crc = reg; 95 } 96 97 /* 98 Get reverse of generated crc 99 100 Implementation note 101 The crc generator (bcsp_crc_init() and bcsp_crc_update()) 102 creates a reversed crc, so it needs to be swapped back before 103 being passed on. 104 */ 105 static u16 bcsp_crc_reverse(u16 crc) 106 { 107 u16 b, rev; 108 109 for (b = 0, rev = 0; b < 16; b++) { 110 rev = rev << 1; 111 rev |= (crc & 1); 112 crc = crc >> 1; 113 } 114 return (rev); 115 } 116 117 /* ---- BCSP core ---- */ 118 119 static void bcsp_slip_msgdelim(struct sk_buff *skb) 120 { 121 const char pkt_delim = 0xc0; 122 memcpy(skb_put(skb, 1), &pkt_delim, 1); 123 } 124 125 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c) 126 { 127 const char esc_c0[2] = { 0xdb, 0xdc }; 128 const char esc_db[2] = { 0xdb, 0xdd }; 129 130 switch (c) { 131 case 0xc0: 132 memcpy(skb_put(skb, 2), &esc_c0, 2); 133 break; 134 case 0xdb: 135 memcpy(skb_put(skb, 2), &esc_db, 2); 136 break; 137 default: 138 memcpy(skb_put(skb, 1), &c, 1); 139 } 140 } 141 142 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb) 143 { 144 struct bcsp_struct *bcsp = hu->priv; 145 146 if (skb->len > 0xFFF) { 147 BT_ERR("Packet too long"); 148 kfree_skb(skb); 149 return 0; 150 } 151 152 switch (bt_cb(skb)->pkt_type) { 153 case HCI_ACLDATA_PKT: 154 case HCI_COMMAND_PKT: 155 skb_queue_tail(&bcsp->rel, skb); 156 break; 157 158 case HCI_SCODATA_PKT: 159 skb_queue_tail(&bcsp->unrel, skb); 160 break; 161 162 default: 163 BT_ERR("Unknown packet type"); 164 kfree_skb(skb); 165 break; 166 } 167 168 return 0; 169 } 170 171 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data, 172 int len, int pkt_type) 173 { 174 struct sk_buff *nskb; 175 u8 hdr[4], chan; 176 int rel, i; 177 178 #ifdef CONFIG_BT_HCIUART_BCSP_TXCRC 179 u16 BCSP_CRC_INIT(bcsp_txmsg_crc); 180 #endif 181 182 switch (pkt_type) { 183 case HCI_ACLDATA_PKT: 184 chan = 6; /* BCSP ACL channel */ 185 rel = 1; /* reliable channel */ 186 break; 187 case HCI_COMMAND_PKT: 188 chan = 5; /* BCSP cmd/evt channel */ 189 rel = 1; /* reliable channel */ 190 break; 191 case HCI_SCODATA_PKT: 192 chan = 7; /* BCSP SCO channel */ 193 rel = 0; /* unreliable channel */ 194 break; 195 case BCSP_LE_PKT: 196 chan = 1; /* BCSP LE channel */ 197 rel = 0; /* unreliable channel */ 198 break; 199 case BCSP_ACK_PKT: 200 chan = 0; /* BCSP internal channel */ 201 rel = 0; /* unreliable channel */ 202 break; 203 default: 204 BT_ERR("Unknown packet type"); 205 return NULL; 206 } 207 208 if (hciextn && chan == 5) { 209 struct hci_command_hdr *hdr = (struct hci_command_hdr *) data; 210 211 if (hci_opcode_ogf(__le16_to_cpu(hdr->opcode)) == OGF_VENDOR_CMD) { 212 u8 desc = *(data + HCI_COMMAND_HDR_SIZE); 213 if ((desc & 0xf0) == 0xc0) { 214 data += HCI_COMMAND_HDR_SIZE + 1; 215 len -= HCI_COMMAND_HDR_SIZE + 1; 216 chan = desc & 0x0f; 217 } 218 } 219 } 220 221 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2 222 (because bytes 0xc0 and 0xdb are escaped, worst case is 223 when the packet is all made of 0xc0 and 0xdb :) ) 224 + 2 (0xc0 delimiters at start and end). */ 225 226 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC); 227 if (!nskb) 228 return NULL; 229 230 bt_cb(nskb)->pkt_type = pkt_type; 231 232 bcsp_slip_msgdelim(nskb); 233 234 hdr[0] = bcsp->rxseq_txack << 3; 235 bcsp->txack_req = 0; 236 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack); 237 238 if (rel) { 239 hdr[0] |= 0x80 + bcsp->msgq_txseq; 240 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq); 241 bcsp->msgq_txseq = ++(bcsp->msgq_txseq) & 0x07; 242 } 243 #ifdef CONFIG_BT_HCIUART_BCSP_TXCRC 244 hdr[0] |= 0x40; 245 #endif 246 247 hdr[1] = ((len << 4) & 0xff) | chan; 248 hdr[2] = len >> 4; 249 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]); 250 251 /* Put BCSP header */ 252 for (i = 0; i < 4; i++) { 253 bcsp_slip_one_byte(nskb, hdr[i]); 254 #ifdef CONFIG_BT_HCIUART_BCSP_TXCRC 255 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]); 256 #endif 257 } 258 259 /* Put payload */ 260 for (i = 0; i < len; i++) { 261 bcsp_slip_one_byte(nskb, data[i]); 262 #ifdef CONFIG_BT_HCIUART_BCSP_TXCRC 263 bcsp_crc_update(&bcsp_txmsg_crc, data[i]); 264 #endif 265 } 266 267 #ifdef CONFIG_BT_HCIUART_BCSP_TXCRC 268 /* Put CRC */ 269 bcsp_txmsg_crc = bcsp_crc_reverse(bcsp_txmsg_crc); 270 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff)); 271 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff)); 272 #endif 273 274 bcsp_slip_msgdelim(nskb); 275 return nskb; 276 } 277 278 /* This is a rewrite of pkt_avail in ABCSP */ 279 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu) 280 { 281 struct bcsp_struct *bcsp = hu->priv; 282 unsigned long flags; 283 struct sk_buff *skb; 284 285 /* First of all, check for unreliable messages in the queue, 286 since they have priority */ 287 288 if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) { 289 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type); 290 if (nskb) { 291 kfree_skb(skb); 292 return nskb; 293 } else { 294 skb_queue_head(&bcsp->unrel, skb); 295 BT_ERR("Could not dequeue pkt because alloc_skb failed"); 296 } 297 } 298 299 /* Now, try to send a reliable pkt. We can only send a 300 reliable packet if the number of packets sent but not yet ack'ed 301 is < than the winsize */ 302 303 spin_lock_irqsave(&bcsp->unack.lock, flags); 304 305 if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) { 306 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type); 307 if (nskb) { 308 __skb_queue_tail(&bcsp->unack, skb); 309 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4); 310 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 311 return nskb; 312 } else { 313 skb_queue_head(&bcsp->rel, skb); 314 BT_ERR("Could not dequeue pkt because alloc_skb failed"); 315 } 316 } 317 318 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 319 320 321 /* We could not send a reliable packet, either because there are 322 none or because there are too many unack'ed pkts. Did we receive 323 any packets we have not acknowledged yet ? */ 324 325 if (bcsp->txack_req) { 326 /* if so, craft an empty ACK pkt and send it on BCSP unreliable 327 channel 0 */ 328 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT); 329 return nskb; 330 } 331 332 /* We have nothing to send */ 333 return NULL; 334 } 335 336 static int bcsp_flush(struct hci_uart *hu) 337 { 338 BT_DBG("hu %p", hu); 339 return 0; 340 } 341 342 /* Remove ack'ed packets */ 343 static void bcsp_pkt_cull(struct bcsp_struct *bcsp) 344 { 345 unsigned long flags; 346 struct sk_buff *skb; 347 int i, pkts_to_be_removed; 348 u8 seqno; 349 350 spin_lock_irqsave(&bcsp->unack.lock, flags); 351 352 pkts_to_be_removed = bcsp->unack.qlen; 353 seqno = bcsp->msgq_txseq; 354 355 while (pkts_to_be_removed) { 356 if (bcsp->rxack == seqno) 357 break; 358 pkts_to_be_removed--; 359 seqno = (seqno - 1) & 0x07; 360 } 361 362 if (bcsp->rxack != seqno) 363 BT_ERR("Peer acked invalid packet"); 364 365 BT_DBG("Removing %u pkts out of %u, up to seqno %u", 366 pkts_to_be_removed, bcsp->unack.qlen, (seqno - 1) & 0x07); 367 368 for (i = 0, skb = ((struct sk_buff *) &bcsp->unack)->next; i < pkts_to_be_removed 369 && skb != (struct sk_buff *) &bcsp->unack; i++) { 370 struct sk_buff *nskb; 371 372 nskb = skb->next; 373 __skb_unlink(skb, &bcsp->unack); 374 kfree_skb(skb); 375 skb = nskb; 376 } 377 if (bcsp->unack.qlen == 0) 378 del_timer(&bcsp->tbcsp); 379 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 380 381 if (i != pkts_to_be_removed) 382 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed); 383 } 384 385 /* Handle BCSP link-establishment packets. When we 386 detect a "sync" packet, symptom that the BT module has reset, 387 we do nothing :) (yet) */ 388 static void bcsp_handle_le_pkt(struct hci_uart *hu) 389 { 390 struct bcsp_struct *bcsp = hu->priv; 391 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed }; 392 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 }; 393 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed }; 394 395 /* spot "conf" pkts and reply with a "conf rsp" pkt */ 396 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 && 397 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) { 398 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC); 399 400 BT_DBG("Found a LE conf pkt"); 401 if (!nskb) 402 return; 403 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4); 404 bt_cb(nskb)->pkt_type = BCSP_LE_PKT; 405 406 skb_queue_head(&bcsp->unrel, nskb); 407 hci_uart_tx_wakeup(hu); 408 } 409 /* Spot "sync" pkts. If we find one...disaster! */ 410 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 && 411 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) { 412 BT_ERR("Found a LE sync pkt, card has reset"); 413 } 414 } 415 416 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte) 417 { 418 const u8 c0 = 0xc0, db = 0xdb; 419 420 switch (bcsp->rx_esc_state) { 421 case BCSP_ESCSTATE_NOESC: 422 switch (byte) { 423 case 0xdb: 424 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC; 425 break; 426 default: 427 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1); 428 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 && 429 bcsp->rx_state != BCSP_W4_CRC) 430 bcsp_crc_update(&bcsp->message_crc, byte); 431 bcsp->rx_count--; 432 } 433 break; 434 435 case BCSP_ESCSTATE_ESC: 436 switch (byte) { 437 case 0xdc: 438 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1); 439 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 && 440 bcsp->rx_state != BCSP_W4_CRC) 441 bcsp_crc_update(&bcsp-> message_crc, 0xc0); 442 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 443 bcsp->rx_count--; 444 break; 445 446 case 0xdd: 447 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1); 448 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 && 449 bcsp->rx_state != BCSP_W4_CRC) 450 bcsp_crc_update(&bcsp-> message_crc, 0xdb); 451 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 452 bcsp->rx_count--; 453 break; 454 455 default: 456 BT_ERR ("Invalid byte %02x after esc byte", byte); 457 kfree_skb(bcsp->rx_skb); 458 bcsp->rx_skb = NULL; 459 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 460 bcsp->rx_count = 0; 461 } 462 } 463 } 464 465 static inline void bcsp_complete_rx_pkt(struct hci_uart *hu) 466 { 467 struct bcsp_struct *bcsp = hu->priv; 468 int pass_up; 469 470 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */ 471 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack); 472 bcsp->rxseq_txack++; 473 bcsp->rxseq_txack %= 0x8; 474 bcsp->txack_req = 1; 475 476 /* If needed, transmit an ack pkt */ 477 hci_uart_tx_wakeup(hu); 478 } 479 480 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07; 481 BT_DBG("Request for pkt %u from card", bcsp->rxack); 482 483 bcsp_pkt_cull(bcsp); 484 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 && 485 bcsp->rx_skb->data[0] & 0x80) { 486 bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT; 487 pass_up = 1; 488 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 && 489 bcsp->rx_skb->data[0] & 0x80) { 490 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT; 491 pass_up = 1; 492 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) { 493 bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT; 494 pass_up = 1; 495 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 && 496 !(bcsp->rx_skb->data[0] & 0x80)) { 497 bcsp_handle_le_pkt(hu); 498 pass_up = 0; 499 } else 500 pass_up = 0; 501 502 if (!pass_up) { 503 struct hci_event_hdr hdr; 504 u8 desc = (bcsp->rx_skb->data[1] & 0x0f); 505 506 if (desc != 0 && desc != 1) { 507 if (hciextn) { 508 desc |= 0xc0; 509 skb_pull(bcsp->rx_skb, 4); 510 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1); 511 512 hdr.evt = 0xff; 513 hdr.plen = bcsp->rx_skb->len; 514 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE); 515 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT; 516 517 hci_recv_frame(bcsp->rx_skb); 518 } else { 519 BT_ERR ("Packet for unknown channel (%u %s)", 520 bcsp->rx_skb->data[1] & 0x0f, 521 bcsp->rx_skb->data[0] & 0x80 ? 522 "reliable" : "unreliable"); 523 kfree_skb(bcsp->rx_skb); 524 } 525 } else 526 kfree_skb(bcsp->rx_skb); 527 } else { 528 /* Pull out BCSP hdr */ 529 skb_pull(bcsp->rx_skb, 4); 530 531 hci_recv_frame(bcsp->rx_skb); 532 } 533 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 534 bcsp->rx_skb = NULL; 535 } 536 537 /* Recv data */ 538 static int bcsp_recv(struct hci_uart *hu, void *data, int count) 539 { 540 struct bcsp_struct *bcsp = hu->priv; 541 register unsigned char *ptr; 542 543 BT_DBG("hu %p count %d rx_state %d rx_count %ld", 544 hu, count, bcsp->rx_state, bcsp->rx_count); 545 546 ptr = data; 547 while (count) { 548 if (bcsp->rx_count) { 549 if (*ptr == 0xc0) { 550 BT_ERR("Short BCSP packet"); 551 kfree_skb(bcsp->rx_skb); 552 bcsp->rx_state = BCSP_W4_PKT_START; 553 bcsp->rx_count = 0; 554 } else 555 bcsp_unslip_one_byte(bcsp, *ptr); 556 557 ptr++; count--; 558 continue; 559 } 560 561 switch (bcsp->rx_state) { 562 case BCSP_W4_BCSP_HDR: 563 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] + 564 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) { 565 BT_ERR("Error in BCSP hdr checksum"); 566 kfree_skb(bcsp->rx_skb); 567 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 568 bcsp->rx_count = 0; 569 continue; 570 } 571 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */ 572 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) { 573 BT_ERR ("Out-of-order packet arrived, got %u expected %u", 574 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack); 575 576 kfree_skb(bcsp->rx_skb); 577 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 578 bcsp->rx_count = 0; 579 continue; 580 } 581 bcsp->rx_state = BCSP_W4_DATA; 582 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) + 583 (bcsp->rx_skb->data[2] << 4); /* May be 0 */ 584 continue; 585 586 case BCSP_W4_DATA: 587 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */ 588 bcsp->rx_state = BCSP_W4_CRC; 589 bcsp->rx_count = 2; 590 } else 591 bcsp_complete_rx_pkt(hu); 592 continue; 593 594 case BCSP_W4_CRC: 595 if (bcsp_crc_reverse(bcsp->message_crc) != 596 (bcsp->rx_skb->data[bcsp->rx_skb->len - 2] << 8) + 597 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]) { 598 599 BT_ERR ("Checksum failed: computed %04x received %04x", 600 bcsp_crc_reverse(bcsp->message_crc), 601 (bcsp->rx_skb-> data[bcsp->rx_skb->len - 2] << 8) + 602 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]); 603 604 kfree_skb(bcsp->rx_skb); 605 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 606 bcsp->rx_count = 0; 607 continue; 608 } 609 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2); 610 bcsp_complete_rx_pkt(hu); 611 continue; 612 613 case BCSP_W4_PKT_DELIMITER: 614 switch (*ptr) { 615 case 0xc0: 616 bcsp->rx_state = BCSP_W4_PKT_START; 617 break; 618 default: 619 /*BT_ERR("Ignoring byte %02x", *ptr);*/ 620 break; 621 } 622 ptr++; count--; 623 break; 624 625 case BCSP_W4_PKT_START: 626 switch (*ptr) { 627 case 0xc0: 628 ptr++; count--; 629 break; 630 631 default: 632 bcsp->rx_state = BCSP_W4_BCSP_HDR; 633 bcsp->rx_count = 4; 634 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 635 BCSP_CRC_INIT(bcsp->message_crc); 636 637 /* Do not increment ptr or decrement count 638 * Allocate packet. Max len of a BCSP pkt= 639 * 0xFFF (payload) +4 (header) +2 (crc) */ 640 641 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC); 642 if (!bcsp->rx_skb) { 643 BT_ERR("Can't allocate mem for new packet"); 644 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 645 bcsp->rx_count = 0; 646 return 0; 647 } 648 bcsp->rx_skb->dev = (void *) hu->hdev; 649 break; 650 } 651 break; 652 } 653 } 654 return count; 655 } 656 657 /* Arrange to retransmit all messages in the relq. */ 658 static void bcsp_timed_event(unsigned long arg) 659 { 660 struct hci_uart *hu = (struct hci_uart *) arg; 661 struct bcsp_struct *bcsp = hu->priv; 662 struct sk_buff *skb; 663 unsigned long flags; 664 665 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen); 666 667 spin_lock_irqsave(&bcsp->unack.lock, flags); 668 669 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) { 670 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07; 671 skb_queue_head(&bcsp->rel, skb); 672 } 673 674 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 675 676 hci_uart_tx_wakeup(hu); 677 } 678 679 static int bcsp_open(struct hci_uart *hu) 680 { 681 struct bcsp_struct *bcsp; 682 683 BT_DBG("hu %p", hu); 684 685 bcsp = kmalloc(sizeof(*bcsp), GFP_ATOMIC); 686 if (!bcsp) 687 return -ENOMEM; 688 memset(bcsp, 0, sizeof(*bcsp)); 689 690 hu->priv = bcsp; 691 skb_queue_head_init(&bcsp->unack); 692 skb_queue_head_init(&bcsp->rel); 693 skb_queue_head_init(&bcsp->unrel); 694 695 init_timer(&bcsp->tbcsp); 696 bcsp->tbcsp.function = bcsp_timed_event; 697 bcsp->tbcsp.data = (u_long) hu; 698 699 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 700 701 return 0; 702 } 703 704 static int bcsp_close(struct hci_uart *hu) 705 { 706 struct bcsp_struct *bcsp = hu->priv; 707 hu->priv = NULL; 708 709 BT_DBG("hu %p", hu); 710 711 skb_queue_purge(&bcsp->unack); 712 skb_queue_purge(&bcsp->rel); 713 skb_queue_purge(&bcsp->unrel); 714 del_timer(&bcsp->tbcsp); 715 716 kfree(bcsp); 717 return 0; 718 } 719 720 static struct hci_uart_proto bcsp = { 721 .id = HCI_UART_BCSP, 722 .open = bcsp_open, 723 .close = bcsp_close, 724 .enqueue = bcsp_enqueue, 725 .dequeue = bcsp_dequeue, 726 .recv = bcsp_recv, 727 .flush = bcsp_flush 728 }; 729 730 int bcsp_init(void) 731 { 732 int err = hci_uart_register_proto(&bcsp); 733 if (!err) 734 BT_INFO("HCI BCSP protocol initialized"); 735 else 736 BT_ERR("HCI BCSP protocol registration failed"); 737 738 return err; 739 } 740 741 int bcsp_deinit(void) 742 { 743 return hci_uart_unregister_proto(&bcsp); 744 } 745 746 module_param(hciextn, bool, 0644); 747 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets"); 748