3
* Bluetooth HCI UART driver
5
* Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
6
* Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
9
* This program is free software; you can redistribute it and/or modify
10
* it under the terms of the GNU General Public License as published by
11
* the Free Software Foundation; either version 2 of the License, or
12
* (at your option) any later version.
14
* This program is distributed in the hope that it will be useful,
15
* but WITHOUT ANY WARRANTY; without even the implied warranty of
16
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17
* GNU General Public License for more details.
19
* You should have received a copy of the GNU General Public License
20
* along with this program; if not, write to the Free Software
21
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25
#include <linux/module.h>
27
#include <linux/kernel.h>
28
#include <linux/init.h>
29
#include <linux/types.h>
30
#include <linux/fcntl.h>
31
#include <linux/interrupt.h>
32
#include <linux/ptrace.h>
33
#include <linux/poll.h>
35
#include <linux/slab.h>
36
#include <linux/tty.h>
37
#include <linux/errno.h>
38
#include <linux/string.h>
39
#include <linux/signal.h>
40
#include <linux/ioctl.h>
41
#include <linux/skbuff.h>
42
#include <linux/bitrev.h>
43
#include <asm/unaligned.h>
45
#include <net/bluetooth/bluetooth.h>
46
#include <net/bluetooth/hci_core.h>
53
static int hciextn = 1;
55
#define BCSP_TXWINSIZE 4
57
#define BCSP_ACK_PKT 0x05
58
#define BCSP_LE_PKT 0x06
61
struct sk_buff_head unack; /* Unack'ed packets queue */
62
struct sk_buff_head rel; /* Reliable packets queue */
63
struct sk_buff_head unrel; /* Unreliable packets queue */
65
unsigned long rx_count;
66
struct sk_buff *rx_skb;
67
u8 rxseq_txack; /* rxseq == txack. */
68
u8 rxack; /* Last packet sent by us that the peer ack'ed */
69
struct timer_list tbcsp;
72
BCSP_W4_PKT_DELIMITER,
86
u8 txack_req; /* Do we need to send ack's to the peer? */
88
/* Reliable packet sequence number - used to assign seq to each rel pkt. */
92
/* ---- BCSP CRC calculation ---- */
94
/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
95
initial value 0xffff, bits shifted in reverse order. */
97
static const u16 crc_table[] = {
98
0x0000, 0x1081, 0x2102, 0x3183,
99
0x4204, 0x5285, 0x6306, 0x7387,
100
0x8408, 0x9489, 0xa50a, 0xb58b,
101
0xc60c, 0xd68d, 0xe70e, 0xf78f
104
/* Initialise the crc calculator */
105
#define BCSP_CRC_INIT(x) x = 0xffff
108
Update crc with next data byte
111
The data byte is treated as two nibbles. The crc is generated
112
in reverse, i.e., bits are fed into the register from the top.
114
static void bcsp_crc_update(u16 *crc, u8 d)
118
reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
119
reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
124
/* ---- BCSP core ---- */
126
static void bcsp_slip_msgdelim(struct sk_buff *skb)
128
const char pkt_delim = 0xc0;
130
memcpy(skb_put(skb, 1), &pkt_delim, 1);
133
static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
135
const char esc_c0[2] = { 0xdb, 0xdc };
136
const char esc_db[2] = { 0xdb, 0xdd };
140
memcpy(skb_put(skb, 2), &esc_c0, 2);
143
memcpy(skb_put(skb, 2), &esc_db, 2);
146
memcpy(skb_put(skb, 1), &c, 1);
150
static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
152
struct bcsp_struct *bcsp = hu->priv;
154
if (skb->len > 0xFFF) {
155
BT_ERR("Packet too long");
160
switch (bt_cb(skb)->pkt_type) {
161
case HCI_ACLDATA_PKT:
162
case HCI_COMMAND_PKT:
163
skb_queue_tail(&bcsp->rel, skb);
166
case HCI_SCODATA_PKT:
167
skb_queue_tail(&bcsp->unrel, skb);
171
BT_ERR("Unknown packet type");
179
static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
180
int len, int pkt_type)
182
struct sk_buff *nskb;
184
u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
188
case HCI_ACLDATA_PKT:
189
chan = 6; /* BCSP ACL channel */
190
rel = 1; /* reliable channel */
192
case HCI_COMMAND_PKT:
193
chan = 5; /* BCSP cmd/evt channel */
194
rel = 1; /* reliable channel */
196
case HCI_SCODATA_PKT:
197
chan = 7; /* BCSP SCO channel */
198
rel = 0; /* unreliable channel */
201
chan = 1; /* BCSP LE channel */
202
rel = 0; /* unreliable channel */
205
chan = 0; /* BCSP internal channel */
206
rel = 0; /* unreliable channel */
209
BT_ERR("Unknown packet type");
213
if (hciextn && chan == 5) {
214
__le16 opcode = ((struct hci_command_hdr *)data)->opcode;
216
/* Vendor specific commands */
217
if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
218
u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
219
if ((desc & 0xf0) == 0xc0) {
220
data += HCI_COMMAND_HDR_SIZE + 1;
221
len -= HCI_COMMAND_HDR_SIZE + 1;
227
/* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
228
(because bytes 0xc0 and 0xdb are escaped, worst case is
229
when the packet is all made of 0xc0 and 0xdb :) )
230
+ 2 (0xc0 delimiters at start and end). */
232
nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
236
bt_cb(nskb)->pkt_type = pkt_type;
238
bcsp_slip_msgdelim(nskb);
240
hdr[0] = bcsp->rxseq_txack << 3;
242
BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
245
hdr[0] |= 0x80 + bcsp->msgq_txseq;
246
BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
247
bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
253
hdr[1] = ((len << 4) & 0xff) | chan;
255
hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
257
/* Put BCSP header */
258
for (i = 0; i < 4; i++) {
259
bcsp_slip_one_byte(nskb, hdr[i]);
262
bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
266
for (i = 0; i < len; i++) {
267
bcsp_slip_one_byte(nskb, data[i]);
270
bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
275
bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
276
bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
277
bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
280
bcsp_slip_msgdelim(nskb);
284
/* This is a rewrite of pkt_avail in ABCSP */
285
static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
287
struct bcsp_struct *bcsp = hu->priv;
291
/* First of all, check for unreliable messages in the queue,
292
since they have priority */
294
if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) {
295
struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
300
skb_queue_head(&bcsp->unrel, skb);
301
BT_ERR("Could not dequeue pkt because alloc_skb failed");
305
/* Now, try to send a reliable pkt. We can only send a
306
reliable packet if the number of packets sent but not yet ack'ed
307
is < than the winsize */
309
spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
311
if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) {
312
struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
314
__skb_queue_tail(&bcsp->unack, skb);
315
mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
316
spin_unlock_irqrestore(&bcsp->unack.lock, flags);
319
skb_queue_head(&bcsp->rel, skb);
320
BT_ERR("Could not dequeue pkt because alloc_skb failed");
324
spin_unlock_irqrestore(&bcsp->unack.lock, flags);
326
/* We could not send a reliable packet, either because there are
327
none or because there are too many unack'ed pkts. Did we receive
328
any packets we have not acknowledged yet ? */
330
if (bcsp->txack_req) {
331
/* if so, craft an empty ACK pkt and send it on BCSP unreliable
333
struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
337
/* We have nothing to send */
341
static int bcsp_flush(struct hci_uart *hu)
347
/* Remove ack'ed packets */
348
static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
350
struct sk_buff *skb, *tmp;
352
int i, pkts_to_be_removed;
355
spin_lock_irqsave(&bcsp->unack.lock, flags);
357
pkts_to_be_removed = skb_queue_len(&bcsp->unack);
358
seqno = bcsp->msgq_txseq;
360
while (pkts_to_be_removed) {
361
if (bcsp->rxack == seqno)
363
pkts_to_be_removed--;
364
seqno = (seqno - 1) & 0x07;
367
if (bcsp->rxack != seqno)
368
BT_ERR("Peer acked invalid packet");
370
BT_DBG("Removing %u pkts out of %u, up to seqno %u",
371
pkts_to_be_removed, skb_queue_len(&bcsp->unack),
375
skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
376
if (i >= pkts_to_be_removed)
380
__skb_unlink(skb, &bcsp->unack);
384
if (skb_queue_empty(&bcsp->unack))
385
del_timer(&bcsp->tbcsp);
387
spin_unlock_irqrestore(&bcsp->unack.lock, flags);
389
if (i != pkts_to_be_removed)
390
BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
393
/* Handle BCSP link-establishment packets. When we
394
detect a "sync" packet, symptom that the BT module has reset,
395
we do nothing :) (yet) */
396
static void bcsp_handle_le_pkt(struct hci_uart *hu)
398
struct bcsp_struct *bcsp = hu->priv;
399
u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
400
u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
401
u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
403
/* spot "conf" pkts and reply with a "conf rsp" pkt */
404
if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
405
!memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
406
struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
408
BT_DBG("Found a LE conf pkt");
411
memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
412
bt_cb(nskb)->pkt_type = BCSP_LE_PKT;
414
skb_queue_head(&bcsp->unrel, nskb);
415
hci_uart_tx_wakeup(hu);
417
/* Spot "sync" pkts. If we find one...disaster! */
418
else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
419
!memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
420
BT_ERR("Found a LE sync pkt, card has reset");
424
static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
426
const u8 c0 = 0xc0, db = 0xdb;
428
switch (bcsp->rx_esc_state) {
429
case BCSP_ESCSTATE_NOESC:
432
bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
435
memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
436
if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
437
bcsp->rx_state != BCSP_W4_CRC)
438
bcsp_crc_update(&bcsp->message_crc, byte);
443
case BCSP_ESCSTATE_ESC:
446
memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
447
if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
448
bcsp->rx_state != BCSP_W4_CRC)
449
bcsp_crc_update(&bcsp-> message_crc, 0xc0);
450
bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
455
memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
456
if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
457
bcsp->rx_state != BCSP_W4_CRC)
458
bcsp_crc_update(&bcsp-> message_crc, 0xdb);
459
bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
464
BT_ERR ("Invalid byte %02x after esc byte", byte);
465
kfree_skb(bcsp->rx_skb);
467
bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
473
static void bcsp_complete_rx_pkt(struct hci_uart *hu)
475
struct bcsp_struct *bcsp = hu->priv;
478
if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
479
BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
481
bcsp->rxseq_txack %= 0x8;
484
/* If needed, transmit an ack pkt */
485
hci_uart_tx_wakeup(hu);
488
bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
489
BT_DBG("Request for pkt %u from card", bcsp->rxack);
492
if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
493
bcsp->rx_skb->data[0] & 0x80) {
494
bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT;
496
} else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
497
bcsp->rx_skb->data[0] & 0x80) {
498
bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
500
} else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
501
bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT;
503
} else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
504
!(bcsp->rx_skb->data[0] & 0x80)) {
505
bcsp_handle_le_pkt(hu);
511
struct hci_event_hdr hdr;
512
u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
514
if (desc != 0 && desc != 1) {
517
skb_pull(bcsp->rx_skb, 4);
518
memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
521
hdr.plen = bcsp->rx_skb->len;
522
memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
523
bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
525
hci_recv_frame(bcsp->rx_skb);
527
BT_ERR ("Packet for unknown channel (%u %s)",
528
bcsp->rx_skb->data[1] & 0x0f,
529
bcsp->rx_skb->data[0] & 0x80 ?
530
"reliable" : "unreliable");
531
kfree_skb(bcsp->rx_skb);
534
kfree_skb(bcsp->rx_skb);
536
/* Pull out BCSP hdr */
537
skb_pull(bcsp->rx_skb, 4);
539
hci_recv_frame(bcsp->rx_skb);
542
bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
546
static u16 bscp_get_crc(struct bcsp_struct *bcsp)
548
return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
552
static int bcsp_recv(struct hci_uart *hu, void *data, int count)
554
struct bcsp_struct *bcsp = hu->priv;
555
register unsigned char *ptr;
557
BT_DBG("hu %p count %d rx_state %d rx_count %ld",
558
hu, count, bcsp->rx_state, bcsp->rx_count);
562
if (bcsp->rx_count) {
564
BT_ERR("Short BCSP packet");
565
kfree_skb(bcsp->rx_skb);
566
bcsp->rx_state = BCSP_W4_PKT_START;
569
bcsp_unslip_one_byte(bcsp, *ptr);
575
switch (bcsp->rx_state) {
576
case BCSP_W4_BCSP_HDR:
577
if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
578
bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
579
BT_ERR("Error in BCSP hdr checksum");
580
kfree_skb(bcsp->rx_skb);
581
bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
585
if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */
586
&& (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
587
BT_ERR ("Out-of-order packet arrived, got %u expected %u",
588
bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
590
kfree_skb(bcsp->rx_skb);
591
bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
595
bcsp->rx_state = BCSP_W4_DATA;
596
bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
597
(bcsp->rx_skb->data[2] << 4); /* May be 0 */
601
if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
602
bcsp->rx_state = BCSP_W4_CRC;
605
bcsp_complete_rx_pkt(hu);
609
if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
610
BT_ERR ("Checksum failed: computed %04x received %04x",
611
bitrev16(bcsp->message_crc),
614
kfree_skb(bcsp->rx_skb);
615
bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
619
skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
620
bcsp_complete_rx_pkt(hu);
623
case BCSP_W4_PKT_DELIMITER:
626
bcsp->rx_state = BCSP_W4_PKT_START;
629
/*BT_ERR("Ignoring byte %02x", *ptr);*/
635
case BCSP_W4_PKT_START:
642
bcsp->rx_state = BCSP_W4_BCSP_HDR;
644
bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
645
BCSP_CRC_INIT(bcsp->message_crc);
647
/* Do not increment ptr or decrement count
648
* Allocate packet. Max len of a BCSP pkt=
649
* 0xFFF (payload) +4 (header) +2 (crc) */
651
bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
653
BT_ERR("Can't allocate mem for new packet");
654
bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
658
bcsp->rx_skb->dev = (void *) hu->hdev;
667
/* Arrange to retransmit all messages in the relq. */
668
static void bcsp_timed_event(unsigned long arg)
670
struct hci_uart *hu = (struct hci_uart *) arg;
671
struct bcsp_struct *bcsp = hu->priv;
675
BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
677
spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
679
while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
680
bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
681
skb_queue_head(&bcsp->rel, skb);
684
spin_unlock_irqrestore(&bcsp->unack.lock, flags);
686
hci_uart_tx_wakeup(hu);
689
static int bcsp_open(struct hci_uart *hu)
691
struct bcsp_struct *bcsp;
695
bcsp = kzalloc(sizeof(*bcsp), GFP_ATOMIC);
700
skb_queue_head_init(&bcsp->unack);
701
skb_queue_head_init(&bcsp->rel);
702
skb_queue_head_init(&bcsp->unrel);
704
init_timer(&bcsp->tbcsp);
705
bcsp->tbcsp.function = bcsp_timed_event;
706
bcsp->tbcsp.data = (u_long) hu;
708
bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
716
static int bcsp_close(struct hci_uart *hu)
718
struct bcsp_struct *bcsp = hu->priv;
723
skb_queue_purge(&bcsp->unack);
724
skb_queue_purge(&bcsp->rel);
725
skb_queue_purge(&bcsp->unrel);
726
del_timer(&bcsp->tbcsp);
732
static struct hci_uart_proto bcsp = {
736
.enqueue = bcsp_enqueue,
737
.dequeue = bcsp_dequeue,
742
int __init bcsp_init(void)
744
int err = hci_uart_register_proto(&bcsp);
747
BT_INFO("HCI BCSP protocol initialized");
749
BT_ERR("HCI BCSP protocol registration failed");
754
int __exit bcsp_deinit(void)
756
return hci_uart_unregister_proto(&bcsp);
759
module_param(txcrc, bool, 0644);
760
MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
762
module_param(hciextn, bool, 0644);
763
MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");