3 * Bluetooth HCI UART driver
5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 #include <linux/module.h>
27 #include <linux/kernel.h>
28 #include <linux/init.h>
29 #include <linux/types.h>
30 #include <linux/fcntl.h>
31 #include <linux/interrupt.h>
32 #include <linux/ptrace.h>
33 #include <linux/poll.h>
35 #include <linux/slab.h>
36 #include <linux/tty.h>
37 #include <linux/errno.h>
38 #include <linux/string.h>
39 #include <linux/signal.h>
40 #include <linux/ioctl.h>
41 #include <linux/skbuff.h>
42 #include <linux/bitrev.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
50 static bool txcrc = true;
51 static bool hciextn = true;
53 #define BCSP_TXWINSIZE 4
55 #define BCSP_ACK_PKT 0x05
56 #define BCSP_LE_PKT 0x06
59 struct sk_buff_head unack; /* Unack'ed packets queue */
60 struct sk_buff_head rel; /* Reliable packets queue */
61 struct sk_buff_head unrel; /* Unreliable packets queue */
63 unsigned long rx_count;
64 struct sk_buff *rx_skb;
65 u8 rxseq_txack; /* rxseq == txack. */
66 u8 rxack; /* Last packet sent by us that the peer ack'ed */
67 struct timer_list tbcsp;
70 BCSP_W4_PKT_DELIMITER,
84 u8 txack_req; /* Do we need to send ack's to the peer? */
86 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
90 /* ---- BCSP CRC calculation ---- */
92 /* Table for calculating CRC for polynomial 0x1021, LSB processed first,
93 initial value 0xffff, bits shifted in reverse order. */
95 static const u16 crc_table[] = {
96 0x0000, 0x1081, 0x2102, 0x3183,
97 0x4204, 0x5285, 0x6306, 0x7387,
98 0x8408, 0x9489, 0xa50a, 0xb58b,
99 0xc60c, 0xd68d, 0xe70e, 0xf78f
102 /* Initialise the crc calculator */
103 #define BCSP_CRC_INIT(x) x = 0xffff
106 Update crc with next data byte
109 The data byte is treated as two nibbles. The crc is generated
110 in reverse, i.e., bits are fed into the register from the top.
112 static void bcsp_crc_update(u16 *crc, u8 d)
116 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
117 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
122 /* ---- BCSP core ---- */
124 static void bcsp_slip_msgdelim(struct sk_buff *skb)
126 const char pkt_delim = 0xc0;
128 memcpy(skb_put(skb, 1), &pkt_delim, 1);
131 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
133 const char esc_c0[2] = { 0xdb, 0xdc };
134 const char esc_db[2] = { 0xdb, 0xdd };
138 memcpy(skb_put(skb, 2), &esc_c0, 2);
141 memcpy(skb_put(skb, 2), &esc_db, 2);
144 memcpy(skb_put(skb, 1), &c, 1);
148 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
150 struct bcsp_struct *bcsp = hu->priv;
152 if (skb->len > 0xFFF) {
153 BT_ERR("Packet too long");
158 switch (hci_skb_pkt_type(skb)) {
159 case HCI_ACLDATA_PKT:
160 case HCI_COMMAND_PKT:
161 skb_queue_tail(&bcsp->rel, skb);
164 case HCI_SCODATA_PKT:
165 skb_queue_tail(&bcsp->unrel, skb);
169 BT_ERR("Unknown packet type");
177 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
178 int len, int pkt_type)
180 struct sk_buff *nskb;
182 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
186 case HCI_ACLDATA_PKT:
187 chan = 6; /* BCSP ACL channel */
188 rel = 1; /* reliable channel */
190 case HCI_COMMAND_PKT:
191 chan = 5; /* BCSP cmd/evt channel */
192 rel = 1; /* reliable channel */
194 case HCI_SCODATA_PKT:
195 chan = 7; /* BCSP SCO channel */
196 rel = 0; /* unreliable channel */
199 chan = 1; /* BCSP LE channel */
200 rel = 0; /* unreliable channel */
203 chan = 0; /* BCSP internal channel */
204 rel = 0; /* unreliable channel */
207 BT_ERR("Unknown packet type");
211 if (hciextn && chan == 5) {
212 __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
214 /* Vendor specific commands */
215 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
216 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
217 if ((desc & 0xf0) == 0xc0) {
218 data += HCI_COMMAND_HDR_SIZE + 1;
219 len -= HCI_COMMAND_HDR_SIZE + 1;
225 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
226 (because bytes 0xc0 and 0xdb are escaped, worst case is
227 when the packet is all made of 0xc0 and 0xdb :) )
228 + 2 (0xc0 delimiters at start and end). */
230 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
234 hci_skb_pkt_type(nskb) = pkt_type;
236 bcsp_slip_msgdelim(nskb);
238 hdr[0] = bcsp->rxseq_txack << 3;
240 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
243 hdr[0] |= 0x80 + bcsp->msgq_txseq;
244 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
245 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
251 hdr[1] = ((len << 4) & 0xff) | chan;
253 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
255 /* Put BCSP header */
256 for (i = 0; i < 4; i++) {
257 bcsp_slip_one_byte(nskb, hdr[i]);
260 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
264 for (i = 0; i < len; i++) {
265 bcsp_slip_one_byte(nskb, data[i]);
268 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
273 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
274 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
275 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
278 bcsp_slip_msgdelim(nskb);
282 /* This is a rewrite of pkt_avail in ABCSP */
283 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
285 struct bcsp_struct *bcsp = hu->priv;
289 /* First of all, check for unreliable messages in the queue,
290 since they have priority */
292 skb = skb_dequeue(&bcsp->unrel);
294 struct sk_buff *nskb;
296 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
297 hci_skb_pkt_type(skb));
302 skb_queue_head(&bcsp->unrel, skb);
303 BT_ERR("Could not dequeue pkt because alloc_skb failed");
307 /* Now, try to send a reliable pkt. We can only send a
308 reliable packet if the number of packets sent but not yet ack'ed
309 is < than the winsize */
311 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
313 if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
314 skb = skb_dequeue(&bcsp->rel);
316 struct sk_buff *nskb;
318 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
319 hci_skb_pkt_type(skb));
321 __skb_queue_tail(&bcsp->unack, skb);
322 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
323 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
326 skb_queue_head(&bcsp->rel, skb);
327 BT_ERR("Could not dequeue pkt because alloc_skb failed");
332 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
334 /* We could not send a reliable packet, either because there are
335 none or because there are too many unack'ed pkts. Did we receive
336 any packets we have not acknowledged yet ? */
338 if (bcsp->txack_req) {
339 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
341 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
345 /* We have nothing to send */
349 static int bcsp_flush(struct hci_uart *hu)
355 /* Remove ack'ed packets */
356 static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
358 struct sk_buff *skb, *tmp;
360 int i, pkts_to_be_removed;
363 spin_lock_irqsave(&bcsp->unack.lock, flags);
365 pkts_to_be_removed = skb_queue_len(&bcsp->unack);
366 seqno = bcsp->msgq_txseq;
368 while (pkts_to_be_removed) {
369 if (bcsp->rxack == seqno)
371 pkts_to_be_removed--;
372 seqno = (seqno - 1) & 0x07;
375 if (bcsp->rxack != seqno)
376 BT_ERR("Peer acked invalid packet");
378 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
379 pkts_to_be_removed, skb_queue_len(&bcsp->unack),
383 skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
384 if (i >= pkts_to_be_removed)
388 __skb_unlink(skb, &bcsp->unack);
392 if (skb_queue_empty(&bcsp->unack))
393 del_timer(&bcsp->tbcsp);
395 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
397 if (i != pkts_to_be_removed)
398 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
401 /* Handle BCSP link-establishment packets. When we
402 detect a "sync" packet, symptom that the BT module has reset,
403 we do nothing :) (yet) */
404 static void bcsp_handle_le_pkt(struct hci_uart *hu)
406 struct bcsp_struct *bcsp = hu->priv;
407 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
408 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
409 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
411 /* spot "conf" pkts and reply with a "conf rsp" pkt */
412 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
413 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
414 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
416 BT_DBG("Found a LE conf pkt");
419 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
420 hci_skb_pkt_type(nskb) = BCSP_LE_PKT;
422 skb_queue_head(&bcsp->unrel, nskb);
423 hci_uart_tx_wakeup(hu);
425 /* Spot "sync" pkts. If we find one...disaster! */
426 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
427 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
428 BT_ERR("Found a LE sync pkt, card has reset");
432 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
434 const u8 c0 = 0xc0, db = 0xdb;
436 switch (bcsp->rx_esc_state) {
437 case BCSP_ESCSTATE_NOESC:
440 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
443 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
444 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
445 bcsp->rx_state != BCSP_W4_CRC)
446 bcsp_crc_update(&bcsp->message_crc, byte);
451 case BCSP_ESCSTATE_ESC:
454 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
455 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
456 bcsp->rx_state != BCSP_W4_CRC)
457 bcsp_crc_update(&bcsp->message_crc, 0xc0);
458 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
463 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
464 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
465 bcsp->rx_state != BCSP_W4_CRC)
466 bcsp_crc_update(&bcsp->message_crc, 0xdb);
467 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
472 BT_ERR("Invalid byte %02x after esc byte", byte);
473 kfree_skb(bcsp->rx_skb);
475 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
481 static void bcsp_complete_rx_pkt(struct hci_uart *hu)
483 struct bcsp_struct *bcsp = hu->priv;
486 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
487 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
489 bcsp->rxseq_txack %= 0x8;
492 /* If needed, transmit an ack pkt */
493 hci_uart_tx_wakeup(hu);
496 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
497 BT_DBG("Request for pkt %u from card", bcsp->rxack);
500 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
501 bcsp->rx_skb->data[0] & 0x80) {
502 hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT;
504 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
505 bcsp->rx_skb->data[0] & 0x80) {
506 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
508 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
509 hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT;
511 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
512 !(bcsp->rx_skb->data[0] & 0x80)) {
513 bcsp_handle_le_pkt(hu);
519 struct hci_event_hdr hdr;
520 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
522 if (desc != 0 && desc != 1) {
525 skb_pull(bcsp->rx_skb, 4);
526 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
529 hdr.plen = bcsp->rx_skb->len;
530 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
531 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
533 hci_recv_frame(hu->hdev, bcsp->rx_skb);
535 BT_ERR("Packet for unknown channel (%u %s)",
536 bcsp->rx_skb->data[1] & 0x0f,
537 bcsp->rx_skb->data[0] & 0x80 ?
538 "reliable" : "unreliable");
539 kfree_skb(bcsp->rx_skb);
542 kfree_skb(bcsp->rx_skb);
544 /* Pull out BCSP hdr */
545 skb_pull(bcsp->rx_skb, 4);
547 hci_recv_frame(hu->hdev, bcsp->rx_skb);
550 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
554 static u16 bscp_get_crc(struct bcsp_struct *bcsp)
556 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
560 static int bcsp_recv(struct hci_uart *hu, const void *data, int count)
562 struct bcsp_struct *bcsp = hu->priv;
563 const unsigned char *ptr;
565 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
566 hu, count, bcsp->rx_state, bcsp->rx_count);
570 if (bcsp->rx_count) {
572 BT_ERR("Short BCSP packet");
573 kfree_skb(bcsp->rx_skb);
574 bcsp->rx_state = BCSP_W4_PKT_START;
577 bcsp_unslip_one_byte(bcsp, *ptr);
583 switch (bcsp->rx_state) {
584 case BCSP_W4_BCSP_HDR:
585 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
586 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
587 BT_ERR("Error in BCSP hdr checksum");
588 kfree_skb(bcsp->rx_skb);
589 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
593 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */
594 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
595 BT_ERR("Out-of-order packet arrived, got %u expected %u",
596 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
598 kfree_skb(bcsp->rx_skb);
599 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
603 bcsp->rx_state = BCSP_W4_DATA;
604 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
605 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
609 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
610 bcsp->rx_state = BCSP_W4_CRC;
613 bcsp_complete_rx_pkt(hu);
617 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
618 BT_ERR ("Checksum failed: computed %04x received %04x",
619 bitrev16(bcsp->message_crc),
622 kfree_skb(bcsp->rx_skb);
623 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
627 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
628 bcsp_complete_rx_pkt(hu);
631 case BCSP_W4_PKT_DELIMITER:
634 bcsp->rx_state = BCSP_W4_PKT_START;
637 /*BT_ERR("Ignoring byte %02x", *ptr);*/
643 case BCSP_W4_PKT_START:
650 bcsp->rx_state = BCSP_W4_BCSP_HDR;
652 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
653 BCSP_CRC_INIT(bcsp->message_crc);
655 /* Do not increment ptr or decrement count
656 * Allocate packet. Max len of a BCSP pkt=
657 * 0xFFF (payload) +4 (header) +2 (crc) */
659 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
661 BT_ERR("Can't allocate mem for new packet");
662 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
674 /* Arrange to retransmit all messages in the relq. */
675 static void bcsp_timed_event(unsigned long arg)
677 struct hci_uart *hu = (struct hci_uart *) arg;
678 struct bcsp_struct *bcsp = hu->priv;
682 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
684 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
686 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
687 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
688 skb_queue_head(&bcsp->rel, skb);
691 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
693 hci_uart_tx_wakeup(hu);
696 static int bcsp_open(struct hci_uart *hu)
698 struct bcsp_struct *bcsp;
702 bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
707 skb_queue_head_init(&bcsp->unack);
708 skb_queue_head_init(&bcsp->rel);
709 skb_queue_head_init(&bcsp->unrel);
711 init_timer(&bcsp->tbcsp);
712 bcsp->tbcsp.function = bcsp_timed_event;
713 bcsp->tbcsp.data = (u_long) hu;
715 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
723 static int bcsp_close(struct hci_uart *hu)
725 struct bcsp_struct *bcsp = hu->priv;
727 del_timer_sync(&bcsp->tbcsp);
733 skb_queue_purge(&bcsp->unack);
734 skb_queue_purge(&bcsp->rel);
735 skb_queue_purge(&bcsp->unrel);
741 static const struct hci_uart_proto bcsp = {
746 .enqueue = bcsp_enqueue,
747 .dequeue = bcsp_dequeue,
752 int __init bcsp_init(void)
754 return hci_uart_register_proto(&bcsp);
757 int __exit bcsp_deinit(void)
759 return hci_uart_unregister_proto(&bcsp);
762 module_param(txcrc, bool, 0644);
763 MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
765 module_param(hciextn, bool, 0644);
766 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");
projects / cascardo / linux.git / blob