1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Bluetooth HCI UART driver 5 * 6 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com> 7 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org> 8 */ 9 10 #include <linux/module.h> 11 12 #include <linux/kernel.h> 13 #include <linux/init.h> 14 #include <linux/types.h> 15 #include <linux/fcntl.h> 16 #include <linux/interrupt.h> 17 #include <linux/ptrace.h> 18 #include <linux/poll.h> 19 20 #include <linux/slab.h> 21 #include <linux/tty.h> 22 #include <linux/errno.h> 23 #include <linux/string.h> 24 #include <linux/signal.h> 25 #include <linux/ioctl.h> 26 #include <linux/skbuff.h> 27 #include <linux/bitrev.h> 28 #include <asm/unaligned.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 33 #include "hci_uart.h" 34 35 static bool txcrc = true; 36 static bool hciextn = true; 37 38 #define BCSP_TXWINSIZE 4 39 40 #define BCSP_ACK_PKT 0x05 41 #define BCSP_LE_PKT 0x06 42 43 struct bcsp_struct { 44 struct sk_buff_head unack; /* Unack'ed packets queue */ 45 struct sk_buff_head rel; /* Reliable packets queue */ 46 struct sk_buff_head unrel; /* Unreliable packets queue */ 47 48 unsigned long rx_count; 49 struct sk_buff *rx_skb; 50 u8 rxseq_txack; /* rxseq == txack. */ 51 u8 rxack; /* Last packet sent by us that the peer ack'ed */ 52 struct timer_list tbcsp; 53 struct hci_uart *hu; 54 55 enum { 56 BCSP_W4_PKT_DELIMITER, 57 BCSP_W4_PKT_START, 58 BCSP_W4_BCSP_HDR, 59 BCSP_W4_DATA, 60 BCSP_W4_CRC 61 } rx_state; 62 63 enum { 64 BCSP_ESCSTATE_NOESC, 65 BCSP_ESCSTATE_ESC 66 } rx_esc_state; 67 68 u8 use_crc; 69 u16 message_crc; 70 u8 txack_req; /* Do we need to send ack's to the peer? */ 71 72 /* Reliable packet sequence number - used to assign seq to each rel pkt. */ 73 u8 msgq_txseq; 74 }; 75 76 /* ---- BCSP CRC calculation ---- */ 77 78 /* Table for calculating CRC for polynomial 0x1021, LSB processed first, 79 * initial value 0xffff, bits shifted in reverse order. 80 */ 81 82 static const u16 crc_table[] = { 83 0x0000, 0x1081, 0x2102, 0x3183, 84 0x4204, 0x5285, 0x6306, 0x7387, 85 0x8408, 0x9489, 0xa50a, 0xb58b, 86 0xc60c, 0xd68d, 0xe70e, 0xf78f 87 }; 88 89 /* Initialise the crc calculator */ 90 #define BCSP_CRC_INIT(x) x = 0xffff 91 92 /* Update crc with next data byte 93 * 94 * Implementation note 95 * The data byte is treated as two nibbles. The crc is generated 96 * in reverse, i.e., bits are fed into the register from the top. 97 */ 98 static void bcsp_crc_update(u16 *crc, u8 d) 99 { 100 u16 reg = *crc; 101 102 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f]; 103 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f]; 104 105 *crc = reg; 106 } 107 108 /* ---- BCSP core ---- */ 109 110 static void bcsp_slip_msgdelim(struct sk_buff *skb) 111 { 112 const char pkt_delim = 0xc0; 113 114 skb_put_data(skb, &pkt_delim, 1); 115 } 116 117 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c) 118 { 119 const char esc_c0[2] = { 0xdb, 0xdc }; 120 const char esc_db[2] = { 0xdb, 0xdd }; 121 122 switch (c) { 123 case 0xc0: 124 skb_put_data(skb, &esc_c0, 2); 125 break; 126 case 0xdb: 127 skb_put_data(skb, &esc_db, 2); 128 break; 129 default: 130 skb_put_data(skb, &c, 1); 131 } 132 } 133 134 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb) 135 { 136 struct bcsp_struct *bcsp = hu->priv; 137 138 if (skb->len > 0xFFF) { 139 BT_ERR("Packet too long"); 140 kfree_skb(skb); 141 return 0; 142 } 143 144 switch (hci_skb_pkt_type(skb)) { 145 case HCI_ACLDATA_PKT: 146 case HCI_COMMAND_PKT: 147 skb_queue_tail(&bcsp->rel, skb); 148 break; 149 150 case HCI_SCODATA_PKT: 151 skb_queue_tail(&bcsp->unrel, skb); 152 break; 153 154 default: 155 BT_ERR("Unknown packet type"); 156 kfree_skb(skb); 157 break; 158 } 159 160 return 0; 161 } 162 163 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data, 164 int len, int pkt_type) 165 { 166 struct sk_buff *nskb; 167 u8 hdr[4], chan; 168 u16 BCSP_CRC_INIT(bcsp_txmsg_crc); 169 int rel, i; 170 171 switch (pkt_type) { 172 case HCI_ACLDATA_PKT: 173 chan = 6; /* BCSP ACL channel */ 174 rel = 1; /* reliable channel */ 175 break; 176 case HCI_COMMAND_PKT: 177 chan = 5; /* BCSP cmd/evt channel */ 178 rel = 1; /* reliable channel */ 179 break; 180 case HCI_SCODATA_PKT: 181 chan = 7; /* BCSP SCO channel */ 182 rel = 0; /* unreliable channel */ 183 break; 184 case BCSP_LE_PKT: 185 chan = 1; /* BCSP LE channel */ 186 rel = 0; /* unreliable channel */ 187 break; 188 case BCSP_ACK_PKT: 189 chan = 0; /* BCSP internal channel */ 190 rel = 0; /* unreliable channel */ 191 break; 192 default: 193 BT_ERR("Unknown packet type"); 194 return NULL; 195 } 196 197 if (hciextn && chan == 5) { 198 __le16 opcode = ((struct hci_command_hdr *)data)->opcode; 199 200 /* Vendor specific commands */ 201 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) { 202 u8 desc = *(data + HCI_COMMAND_HDR_SIZE); 203 204 if ((desc & 0xf0) == 0xc0) { 205 data += HCI_COMMAND_HDR_SIZE + 1; 206 len -= HCI_COMMAND_HDR_SIZE + 1; 207 chan = desc & 0x0f; 208 } 209 } 210 } 211 212 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2 213 * (because bytes 0xc0 and 0xdb are escaped, worst case is 214 * when the packet is all made of 0xc0 and 0xdb :) ) 215 * + 2 (0xc0 delimiters at start and end). 216 */ 217 218 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC); 219 if (!nskb) 220 return NULL; 221 222 hci_skb_pkt_type(nskb) = pkt_type; 223 224 bcsp_slip_msgdelim(nskb); 225 226 hdr[0] = bcsp->rxseq_txack << 3; 227 bcsp->txack_req = 0; 228 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack); 229 230 if (rel) { 231 hdr[0] |= 0x80 + bcsp->msgq_txseq; 232 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq); 233 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07; 234 } 235 236 if (bcsp->use_crc) 237 hdr[0] |= 0x40; 238 239 hdr[1] = ((len << 4) & 0xff) | chan; 240 hdr[2] = len >> 4; 241 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]); 242 243 /* Put BCSP header */ 244 for (i = 0; i < 4; i++) { 245 bcsp_slip_one_byte(nskb, hdr[i]); 246 247 if (bcsp->use_crc) 248 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]); 249 } 250 251 /* Put payload */ 252 for (i = 0; i < len; i++) { 253 bcsp_slip_one_byte(nskb, data[i]); 254 255 if (bcsp->use_crc) 256 bcsp_crc_update(&bcsp_txmsg_crc, data[i]); 257 } 258 259 /* Put CRC */ 260 if (bcsp->use_crc) { 261 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc); 262 bcsp_slip_one_byte(nskb, (u8)((bcsp_txmsg_crc >> 8) & 0x00ff)); 263 bcsp_slip_one_byte(nskb, (u8)(bcsp_txmsg_crc & 0x00ff)); 264 } 265 266 bcsp_slip_msgdelim(nskb); 267 return nskb; 268 } 269 270 /* This is a rewrite of pkt_avail in ABCSP */ 271 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu) 272 { 273 struct bcsp_struct *bcsp = hu->priv; 274 unsigned long flags; 275 struct sk_buff *skb; 276 277 /* First of all, check for unreliable messages in the queue, 278 * since they have priority 279 */ 280 281 skb = skb_dequeue(&bcsp->unrel); 282 if (skb != NULL) { 283 struct sk_buff *nskb; 284 285 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, 286 hci_skb_pkt_type(skb)); 287 if (nskb) { 288 kfree_skb(skb); 289 return nskb; 290 } else { 291 skb_queue_head(&bcsp->unrel, skb); 292 BT_ERR("Could not dequeue pkt because alloc_skb failed"); 293 } 294 } 295 296 /* Now, try to send a reliable pkt. We can only send a 297 * reliable packet if the number of packets sent but not yet ack'ed 298 * is < than the winsize 299 */ 300 301 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING); 302 303 if (bcsp->unack.qlen < BCSP_TXWINSIZE) { 304 skb = skb_dequeue(&bcsp->rel); 305 if (skb != NULL) { 306 struct sk_buff *nskb; 307 308 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, 309 hci_skb_pkt_type(skb)); 310 if (nskb) { 311 __skb_queue_tail(&bcsp->unack, skb); 312 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4); 313 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 314 return nskb; 315 } else { 316 skb_queue_head(&bcsp->rel, skb); 317 BT_ERR("Could not dequeue pkt because alloc_skb failed"); 318 } 319 } 320 } 321 322 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 323 324 /* We could not send a reliable packet, either because there are 325 * none or because there are too many unack'ed pkts. Did we receive 326 * any packets we have not acknowledged yet ? 327 */ 328 329 if (bcsp->txack_req) { 330 /* if so, craft an empty ACK pkt and send it on BCSP unreliable 331 * channel 0 332 */ 333 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT); 334 return nskb; 335 } 336 337 /* We have nothing to send */ 338 return NULL; 339 } 340 341 static int bcsp_flush(struct hci_uart *hu) 342 { 343 BT_DBG("hu %p", hu); 344 return 0; 345 } 346 347 /* Remove ack'ed packets */ 348 static void bcsp_pkt_cull(struct bcsp_struct *bcsp) 349 { 350 struct sk_buff *skb, *tmp; 351 unsigned long flags; 352 int i, pkts_to_be_removed; 353 u8 seqno; 354 355 spin_lock_irqsave(&bcsp->unack.lock, flags); 356 357 pkts_to_be_removed = skb_queue_len(&bcsp->unack); 358 seqno = bcsp->msgq_txseq; 359 360 while (pkts_to_be_removed) { 361 if (bcsp->rxack == seqno) 362 break; 363 pkts_to_be_removed--; 364 seqno = (seqno - 1) & 0x07; 365 } 366 367 if (bcsp->rxack != seqno) 368 BT_ERR("Peer acked invalid packet"); 369 370 BT_DBG("Removing %u pkts out of %u, up to seqno %u", 371 pkts_to_be_removed, skb_queue_len(&bcsp->unack), 372 (seqno - 1) & 0x07); 373 374 i = 0; 375 skb_queue_walk_safe(&bcsp->unack, skb, tmp) { 376 if (i >= pkts_to_be_removed) 377 break; 378 i++; 379 380 __skb_unlink(skb, &bcsp->unack); 381 kfree_skb(skb); 382 } 383 384 if (skb_queue_empty(&bcsp->unack)) 385 del_timer(&bcsp->tbcsp); 386 387 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 388 389 if (i != pkts_to_be_removed) 390 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed); 391 } 392 393 /* Handle BCSP link-establishment packets. When we 394 * detect a "sync" packet, symptom that the BT module has reset, 395 * we do nothing :) (yet) 396 */ 397 static void bcsp_handle_le_pkt(struct hci_uart *hu) 398 { 399 struct bcsp_struct *bcsp = hu->priv; 400 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed }; 401 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 }; 402 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed }; 403 404 /* spot "conf" pkts and reply with a "conf rsp" pkt */ 405 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 && 406 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) { 407 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC); 408 409 BT_DBG("Found a LE conf pkt"); 410 if (!nskb) 411 return; 412 skb_put_data(nskb, conf_rsp_pkt, 4); 413 hci_skb_pkt_type(nskb) = BCSP_LE_PKT; 414 415 skb_queue_head(&bcsp->unrel, nskb); 416 hci_uart_tx_wakeup(hu); 417 } 418 /* Spot "sync" pkts. If we find one...disaster! */ 419 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 && 420 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) { 421 BT_ERR("Found a LE sync pkt, card has reset"); 422 } 423 } 424 425 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte) 426 { 427 const u8 c0 = 0xc0, db = 0xdb; 428 429 switch (bcsp->rx_esc_state) { 430 case BCSP_ESCSTATE_NOESC: 431 switch (byte) { 432 case 0xdb: 433 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC; 434 break; 435 default: 436 skb_put_data(bcsp->rx_skb, &byte, 1); 437 if ((bcsp->rx_skb->data[0] & 0x40) != 0 && 438 bcsp->rx_state != BCSP_W4_CRC) 439 bcsp_crc_update(&bcsp->message_crc, byte); 440 bcsp->rx_count--; 441 } 442 break; 443 444 case BCSP_ESCSTATE_ESC: 445 switch (byte) { 446 case 0xdc: 447 skb_put_data(bcsp->rx_skb, &c0, 1); 448 if ((bcsp->rx_skb->data[0] & 0x40) != 0 && 449 bcsp->rx_state != BCSP_W4_CRC) 450 bcsp_crc_update(&bcsp->message_crc, 0xc0); 451 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 452 bcsp->rx_count--; 453 break; 454 455 case 0xdd: 456 skb_put_data(bcsp->rx_skb, &db, 1); 457 if ((bcsp->rx_skb->data[0] & 0x40) != 0 && 458 bcsp->rx_state != BCSP_W4_CRC) 459 bcsp_crc_update(&bcsp->message_crc, 0xdb); 460 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 461 bcsp->rx_count--; 462 break; 463 464 default: 465 BT_ERR("Invalid byte %02x after esc byte", byte); 466 kfree_skb(bcsp->rx_skb); 467 bcsp->rx_skb = NULL; 468 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 469 bcsp->rx_count = 0; 470 } 471 } 472 } 473 474 static void bcsp_complete_rx_pkt(struct hci_uart *hu) 475 { 476 struct bcsp_struct *bcsp = hu->priv; 477 int pass_up = 0; 478 479 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */ 480 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack); 481 482 /* check the rx sequence number is as expected */ 483 if ((bcsp->rx_skb->data[0] & 0x07) == bcsp->rxseq_txack) { 484 bcsp->rxseq_txack++; 485 bcsp->rxseq_txack %= 0x8; 486 } else { 487 /* handle re-transmitted packet or 488 * when packet was missed 489 */ 490 BT_ERR("Out-of-order packet arrived, got %u expected %u", 491 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack); 492 493 /* do not process out-of-order packet payload */ 494 pass_up = 2; 495 } 496 497 /* send current txack value to all received reliable packets */ 498 bcsp->txack_req = 1; 499 500 /* If needed, transmit an ack pkt */ 501 hci_uart_tx_wakeup(hu); 502 } 503 504 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07; 505 BT_DBG("Request for pkt %u from card", bcsp->rxack); 506 507 /* handle received ACK indications, 508 * including those from out-of-order packets 509 */ 510 bcsp_pkt_cull(bcsp); 511 512 if (pass_up != 2) { 513 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 && 514 (bcsp->rx_skb->data[0] & 0x80)) { 515 hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT; 516 pass_up = 1; 517 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 && 518 (bcsp->rx_skb->data[0] & 0x80)) { 519 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT; 520 pass_up = 1; 521 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) { 522 hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT; 523 pass_up = 1; 524 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 && 525 !(bcsp->rx_skb->data[0] & 0x80)) { 526 bcsp_handle_le_pkt(hu); 527 pass_up = 0; 528 } else { 529 pass_up = 0; 530 } 531 } 532 533 if (pass_up == 0) { 534 struct hci_event_hdr hdr; 535 u8 desc = (bcsp->rx_skb->data[1] & 0x0f); 536 537 if (desc != 0 && desc != 1) { 538 if (hciextn) { 539 desc |= 0xc0; 540 skb_pull(bcsp->rx_skb, 4); 541 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1); 542 543 hdr.evt = 0xff; 544 hdr.plen = bcsp->rx_skb->len; 545 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE); 546 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT; 547 548 hci_recv_frame(hu->hdev, bcsp->rx_skb); 549 } else { 550 BT_ERR("Packet for unknown channel (%u %s)", 551 bcsp->rx_skb->data[1] & 0x0f, 552 bcsp->rx_skb->data[0] & 0x80 ? 553 "reliable" : "unreliable"); 554 kfree_skb(bcsp->rx_skb); 555 } 556 } else 557 kfree_skb(bcsp->rx_skb); 558 } else if (pass_up == 1) { 559 /* Pull out BCSP hdr */ 560 skb_pull(bcsp->rx_skb, 4); 561 562 hci_recv_frame(hu->hdev, bcsp->rx_skb); 563 } else { 564 /* ignore packet payload of already ACKed re-transmitted 565 * packets or when a packet was missed in the BCSP window 566 */ 567 kfree_skb(bcsp->rx_skb); 568 } 569 570 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 571 bcsp->rx_skb = NULL; 572 } 573 574 static u16 bscp_get_crc(struct bcsp_struct *bcsp) 575 { 576 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]); 577 } 578 579 /* Recv data */ 580 static int bcsp_recv(struct hci_uart *hu, const void *data, int count) 581 { 582 struct bcsp_struct *bcsp = hu->priv; 583 const unsigned char *ptr; 584 585 BT_DBG("hu %p count %d rx_state %d rx_count %ld", 586 hu, count, bcsp->rx_state, bcsp->rx_count); 587 588 ptr = data; 589 while (count) { 590 if (bcsp->rx_count) { 591 if (*ptr == 0xc0) { 592 BT_ERR("Short BCSP packet"); 593 kfree_skb(bcsp->rx_skb); 594 bcsp->rx_skb = NULL; 595 bcsp->rx_state = BCSP_W4_PKT_START; 596 bcsp->rx_count = 0; 597 } else 598 bcsp_unslip_one_byte(bcsp, *ptr); 599 600 ptr++; count--; 601 continue; 602 } 603 604 switch (bcsp->rx_state) { 605 case BCSP_W4_BCSP_HDR: 606 if ((0xff & (u8)~(bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] + 607 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) { 608 BT_ERR("Error in BCSP hdr checksum"); 609 kfree_skb(bcsp->rx_skb); 610 bcsp->rx_skb = NULL; 611 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 612 bcsp->rx_count = 0; 613 continue; 614 } 615 bcsp->rx_state = BCSP_W4_DATA; 616 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) + 617 (bcsp->rx_skb->data[2] << 4); /* May be 0 */ 618 continue; 619 620 case BCSP_W4_DATA: 621 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */ 622 bcsp->rx_state = BCSP_W4_CRC; 623 bcsp->rx_count = 2; 624 } else 625 bcsp_complete_rx_pkt(hu); 626 continue; 627 628 case BCSP_W4_CRC: 629 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) { 630 BT_ERR("Checksum failed: computed %04x received %04x", 631 bitrev16(bcsp->message_crc), 632 bscp_get_crc(bcsp)); 633 634 kfree_skb(bcsp->rx_skb); 635 bcsp->rx_skb = NULL; 636 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 637 bcsp->rx_count = 0; 638 continue; 639 } 640 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2); 641 bcsp_complete_rx_pkt(hu); 642 continue; 643 644 case BCSP_W4_PKT_DELIMITER: 645 switch (*ptr) { 646 case 0xc0: 647 bcsp->rx_state = BCSP_W4_PKT_START; 648 break; 649 default: 650 /*BT_ERR("Ignoring byte %02x", *ptr);*/ 651 break; 652 } 653 ptr++; count--; 654 break; 655 656 case BCSP_W4_PKT_START: 657 switch (*ptr) { 658 case 0xc0: 659 ptr++; count--; 660 break; 661 662 default: 663 bcsp->rx_state = BCSP_W4_BCSP_HDR; 664 bcsp->rx_count = 4; 665 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; 666 BCSP_CRC_INIT(bcsp->message_crc); 667 668 /* Do not increment ptr or decrement count 669 * Allocate packet. Max len of a BCSP pkt= 670 * 0xFFF (payload) +4 (header) +2 (crc) 671 */ 672 673 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC); 674 if (!bcsp->rx_skb) { 675 BT_ERR("Can't allocate mem for new packet"); 676 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 677 bcsp->rx_count = 0; 678 return 0; 679 } 680 break; 681 } 682 break; 683 } 684 } 685 return count; 686 } 687 688 /* Arrange to retransmit all messages in the relq. */ 689 static void bcsp_timed_event(struct timer_list *t) 690 { 691 struct bcsp_struct *bcsp = from_timer(bcsp, t, tbcsp); 692 struct hci_uart *hu = bcsp->hu; 693 struct sk_buff *skb; 694 unsigned long flags; 695 696 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen); 697 698 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING); 699 700 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) { 701 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07; 702 skb_queue_head(&bcsp->rel, skb); 703 } 704 705 spin_unlock_irqrestore(&bcsp->unack.lock, flags); 706 707 hci_uart_tx_wakeup(hu); 708 } 709 710 static int bcsp_open(struct hci_uart *hu) 711 { 712 struct bcsp_struct *bcsp; 713 714 BT_DBG("hu %p", hu); 715 716 bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL); 717 if (!bcsp) 718 return -ENOMEM; 719 720 hu->priv = bcsp; 721 bcsp->hu = hu; 722 skb_queue_head_init(&bcsp->unack); 723 skb_queue_head_init(&bcsp->rel); 724 skb_queue_head_init(&bcsp->unrel); 725 726 timer_setup(&bcsp->tbcsp, bcsp_timed_event, 0); 727 728 bcsp->rx_state = BCSP_W4_PKT_DELIMITER; 729 730 if (txcrc) 731 bcsp->use_crc = 1; 732 733 return 0; 734 } 735 736 static int bcsp_close(struct hci_uart *hu) 737 { 738 struct bcsp_struct *bcsp = hu->priv; 739 740 del_timer_sync(&bcsp->tbcsp); 741 742 hu->priv = NULL; 743 744 BT_DBG("hu %p", hu); 745 746 skb_queue_purge(&bcsp->unack); 747 skb_queue_purge(&bcsp->rel); 748 skb_queue_purge(&bcsp->unrel); 749 750 if (bcsp->rx_skb) { 751 kfree_skb(bcsp->rx_skb); 752 bcsp->rx_skb = NULL; 753 } 754 755 kfree(bcsp); 756 return 0; 757 } 758 759 static const struct hci_uart_proto bcsp = { 760 .id = HCI_UART_BCSP, 761 .name = "BCSP", 762 .open = bcsp_open, 763 .close = bcsp_close, 764 .enqueue = bcsp_enqueue, 765 .dequeue = bcsp_dequeue, 766 .recv = bcsp_recv, 767 .flush = bcsp_flush 768 }; 769 770 int __init bcsp_init(void) 771 { 772 return hci_uart_register_proto(&bcsp); 773 } 774 775 int __exit bcsp_deinit(void) 776 { 777 return hci_uart_unregister_proto(&bcsp); 778 } 779 780 module_param(txcrc, bool, 0644); 781 MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet"); 782 783 module_param(hciextn, bool, 0644); 784 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets"); 785