1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * |
4 | * Bluetooth HCI UART driver |
5 | * |
6 | * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com> |
7 | * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org> |
8 | */ |
9 | |
10 | #include <linux/module.h> |
11 | |
12 | #include <linux/kernel.h> |
13 | #include <linux/init.h> |
14 | #include <linux/types.h> |
15 | #include <linux/fcntl.h> |
16 | #include <linux/interrupt.h> |
17 | #include <linux/ptrace.h> |
18 | #include <linux/poll.h> |
19 | |
20 | #include <linux/slab.h> |
21 | #include <linux/tty.h> |
22 | #include <linux/errno.h> |
23 | #include <linux/string.h> |
24 | #include <linux/signal.h> |
25 | #include <linux/ioctl.h> |
26 | #include <linux/skbuff.h> |
27 | #include <linux/bitrev.h> |
28 | #include <asm/unaligned.h> |
29 | |
30 | #include <net/bluetooth/bluetooth.h> |
31 | #include <net/bluetooth/hci_core.h> |
32 | |
33 | #include "hci_uart.h" |
34 | |
35 | static bool txcrc = true; |
36 | static bool hciextn = true; |
37 | |
38 | #define BCSP_TXWINSIZE 4 |
39 | |
40 | #define BCSP_ACK_PKT 0x05 |
41 | #define BCSP_LE_PKT 0x06 |
42 | |
43 | struct bcsp_struct { |
44 | struct sk_buff_head unack; /* Unack'ed packets queue */ |
45 | struct sk_buff_head rel; /* Reliable packets queue */ |
46 | struct sk_buff_head unrel; /* Unreliable packets queue */ |
47 | |
48 | unsigned long rx_count; |
49 | struct sk_buff *rx_skb; |
50 | u8 rxseq_txack; /* rxseq == txack. */ |
51 | u8 rxack; /* Last packet sent by us that the peer ack'ed */ |
52 | struct timer_list tbcsp; |
53 | struct hci_uart *hu; |
54 | |
55 | enum { |
56 | BCSP_W4_PKT_DELIMITER, |
57 | BCSP_W4_PKT_START, |
58 | BCSP_W4_BCSP_HDR, |
59 | BCSP_W4_DATA, |
60 | BCSP_W4_CRC |
61 | } rx_state; |
62 | |
63 | enum { |
64 | BCSP_ESCSTATE_NOESC, |
65 | BCSP_ESCSTATE_ESC |
66 | } rx_esc_state; |
67 | |
68 | u8 use_crc; |
69 | u16 message_crc; |
70 | u8 txack_req; /* Do we need to send ack's to the peer? */ |
71 | |
72 | /* Reliable packet sequence number - used to assign seq to each rel pkt. */ |
73 | u8 msgq_txseq; |
74 | }; |
75 | |
76 | /* ---- BCSP CRC calculation ---- */ |
77 | |
78 | /* Table for calculating CRC for polynomial 0x1021, LSB processed first, |
79 | * initial value 0xffff, bits shifted in reverse order. |
80 | */ |
81 | |
82 | static const u16 crc_table[] = { |
83 | 0x0000, 0x1081, 0x2102, 0x3183, |
84 | 0x4204, 0x5285, 0x6306, 0x7387, |
85 | 0x8408, 0x9489, 0xa50a, 0xb58b, |
86 | 0xc60c, 0xd68d, 0xe70e, 0xf78f |
87 | }; |
88 | |
89 | /* Initialise the crc calculator */ |
90 | #define BCSP_CRC_INIT(x) x = 0xffff |
91 | |
92 | /* Update crc with next data byte |
93 | * |
94 | * Implementation note |
95 | * The data byte is treated as two nibbles. The crc is generated |
96 | * in reverse, i.e., bits are fed into the register from the top. |
97 | */ |
98 | static void bcsp_crc_update(u16 *crc, u8 d) |
99 | { |
100 | u16 reg = *crc; |
101 | |
102 | reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f]; |
103 | reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f]; |
104 | |
105 | *crc = reg; |
106 | } |
107 | |
108 | /* ---- BCSP core ---- */ |
109 | |
110 | static void bcsp_slip_msgdelim(struct sk_buff *skb) |
111 | { |
112 | const char pkt_delim = 0xc0; |
113 | |
114 | skb_put_data(skb, data: &pkt_delim, len: 1); |
115 | } |
116 | |
117 | static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c) |
118 | { |
119 | const char esc_c0[2] = { 0xdb, 0xdc }; |
120 | const char esc_db[2] = { 0xdb, 0xdd }; |
121 | |
122 | switch (c) { |
123 | case 0xc0: |
124 | skb_put_data(skb, data: &esc_c0, len: 2); |
125 | break; |
126 | case 0xdb: |
127 | skb_put_data(skb, data: &esc_db, len: 2); |
128 | break; |
129 | default: |
130 | skb_put_data(skb, data: &c, len: 1); |
131 | } |
132 | } |
133 | |
134 | static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb) |
135 | { |
136 | struct bcsp_struct *bcsp = hu->priv; |
137 | |
138 | if (skb->len > 0xFFF) { |
139 | BT_ERR("Packet too long" ); |
140 | kfree_skb(skb); |
141 | return 0; |
142 | } |
143 | |
144 | switch (hci_skb_pkt_type(skb)) { |
145 | case HCI_ACLDATA_PKT: |
146 | case HCI_COMMAND_PKT: |
147 | skb_queue_tail(list: &bcsp->rel, newsk: skb); |
148 | break; |
149 | |
150 | case HCI_SCODATA_PKT: |
151 | skb_queue_tail(list: &bcsp->unrel, newsk: skb); |
152 | break; |
153 | |
154 | default: |
155 | BT_ERR("Unknown packet type" ); |
156 | kfree_skb(skb); |
157 | break; |
158 | } |
159 | |
160 | return 0; |
161 | } |
162 | |
163 | static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data, |
164 | int len, int pkt_type) |
165 | { |
166 | struct sk_buff *nskb; |
167 | u8 hdr[4], chan; |
168 | u16 BCSP_CRC_INIT(bcsp_txmsg_crc); |
169 | int rel, i; |
170 | |
171 | switch (pkt_type) { |
172 | case HCI_ACLDATA_PKT: |
173 | chan = 6; /* BCSP ACL channel */ |
174 | rel = 1; /* reliable channel */ |
175 | break; |
176 | case HCI_COMMAND_PKT: |
177 | chan = 5; /* BCSP cmd/evt channel */ |
178 | rel = 1; /* reliable channel */ |
179 | break; |
180 | case HCI_SCODATA_PKT: |
181 | chan = 7; /* BCSP SCO channel */ |
182 | rel = 0; /* unreliable channel */ |
183 | break; |
184 | case BCSP_LE_PKT: |
185 | chan = 1; /* BCSP LE channel */ |
186 | rel = 0; /* unreliable channel */ |
187 | break; |
188 | case BCSP_ACK_PKT: |
189 | chan = 0; /* BCSP internal channel */ |
190 | rel = 0; /* unreliable channel */ |
191 | break; |
192 | default: |
193 | BT_ERR("Unknown packet type" ); |
194 | return NULL; |
195 | } |
196 | |
197 | if (hciextn && chan == 5) { |
198 | __le16 opcode = ((struct hci_command_hdr *)data)->opcode; |
199 | |
200 | /* Vendor specific commands */ |
201 | if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) { |
202 | u8 desc = *(data + HCI_COMMAND_HDR_SIZE); |
203 | |
204 | if ((desc & 0xf0) == 0xc0) { |
205 | data += HCI_COMMAND_HDR_SIZE + 1; |
206 | len -= HCI_COMMAND_HDR_SIZE + 1; |
207 | chan = desc & 0x0f; |
208 | } |
209 | } |
210 | } |
211 | |
212 | /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2 |
213 | * (because bytes 0xc0 and 0xdb are escaped, worst case is |
214 | * when the packet is all made of 0xc0 and 0xdb :) ) |
215 | * + 2 (0xc0 delimiters at start and end). |
216 | */ |
217 | |
218 | nskb = alloc_skb(size: (len + 6) * 2 + 2, GFP_ATOMIC); |
219 | if (!nskb) |
220 | return NULL; |
221 | |
222 | hci_skb_pkt_type(nskb) = pkt_type; |
223 | |
224 | bcsp_slip_msgdelim(skb: nskb); |
225 | |
226 | hdr[0] = bcsp->rxseq_txack << 3; |
227 | bcsp->txack_req = 0; |
228 | BT_DBG("We request packet no %u to card" , bcsp->rxseq_txack); |
229 | |
230 | if (rel) { |
231 | hdr[0] |= 0x80 + bcsp->msgq_txseq; |
232 | BT_DBG("Sending packet with seqno %u" , bcsp->msgq_txseq); |
233 | bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07; |
234 | } |
235 | |
236 | if (bcsp->use_crc) |
237 | hdr[0] |= 0x40; |
238 | |
239 | hdr[1] = ((len << 4) & 0xff) | chan; |
240 | hdr[2] = len >> 4; |
241 | hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]); |
242 | |
243 | /* Put BCSP header */ |
244 | for (i = 0; i < 4; i++) { |
245 | bcsp_slip_one_byte(skb: nskb, c: hdr[i]); |
246 | |
247 | if (bcsp->use_crc) |
248 | bcsp_crc_update(crc: &bcsp_txmsg_crc, d: hdr[i]); |
249 | } |
250 | |
251 | /* Put payload */ |
252 | for (i = 0; i < len; i++) { |
253 | bcsp_slip_one_byte(skb: nskb, c: data[i]); |
254 | |
255 | if (bcsp->use_crc) |
256 | bcsp_crc_update(crc: &bcsp_txmsg_crc, d: data[i]); |
257 | } |
258 | |
259 | /* Put CRC */ |
260 | if (bcsp->use_crc) { |
261 | bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc); |
262 | bcsp_slip_one_byte(skb: nskb, c: (u8)((bcsp_txmsg_crc >> 8) & 0x00ff)); |
263 | bcsp_slip_one_byte(skb: nskb, c: (u8)(bcsp_txmsg_crc & 0x00ff)); |
264 | } |
265 | |
266 | bcsp_slip_msgdelim(skb: nskb); |
267 | return nskb; |
268 | } |
269 | |
270 | /* This is a rewrite of pkt_avail in ABCSP */ |
271 | static struct sk_buff *bcsp_dequeue(struct hci_uart *hu) |
272 | { |
273 | struct bcsp_struct *bcsp = hu->priv; |
274 | unsigned long flags; |
275 | struct sk_buff *skb; |
276 | |
277 | /* First of all, check for unreliable messages in the queue, |
278 | * since they have priority |
279 | */ |
280 | |
281 | skb = skb_dequeue(list: &bcsp->unrel); |
282 | if (skb != NULL) { |
283 | struct sk_buff *nskb; |
284 | |
285 | nskb = bcsp_prepare_pkt(bcsp, data: skb->data, len: skb->len, |
286 | hci_skb_pkt_type(skb)); |
287 | if (nskb) { |
288 | kfree_skb(skb); |
289 | return nskb; |
290 | } else { |
291 | skb_queue_head(list: &bcsp->unrel, newsk: skb); |
292 | BT_ERR("Could not dequeue pkt because alloc_skb failed" ); |
293 | } |
294 | } |
295 | |
296 | /* Now, try to send a reliable pkt. We can only send a |
297 | * reliable packet if the number of packets sent but not yet ack'ed |
298 | * is < than the winsize |
299 | */ |
300 | |
301 | spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING); |
302 | |
303 | if (bcsp->unack.qlen < BCSP_TXWINSIZE) { |
304 | skb = skb_dequeue(list: &bcsp->rel); |
305 | if (skb != NULL) { |
306 | struct sk_buff *nskb; |
307 | |
308 | nskb = bcsp_prepare_pkt(bcsp, data: skb->data, len: skb->len, |
309 | hci_skb_pkt_type(skb)); |
310 | if (nskb) { |
311 | __skb_queue_tail(list: &bcsp->unack, newsk: skb); |
312 | mod_timer(timer: &bcsp->tbcsp, expires: jiffies + HZ / 4); |
313 | spin_unlock_irqrestore(lock: &bcsp->unack.lock, flags); |
314 | return nskb; |
315 | } else { |
316 | skb_queue_head(list: &bcsp->rel, newsk: skb); |
317 | BT_ERR("Could not dequeue pkt because alloc_skb failed" ); |
318 | } |
319 | } |
320 | } |
321 | |
322 | spin_unlock_irqrestore(lock: &bcsp->unack.lock, flags); |
323 | |
324 | /* We could not send a reliable packet, either because there are |
325 | * none or because there are too many unack'ed pkts. Did we receive |
326 | * any packets we have not acknowledged yet ? |
327 | */ |
328 | |
329 | if (bcsp->txack_req) { |
330 | /* if so, craft an empty ACK pkt and send it on BCSP unreliable |
331 | * channel 0 |
332 | */ |
333 | struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, len: 0, BCSP_ACK_PKT); |
334 | return nskb; |
335 | } |
336 | |
337 | /* We have nothing to send */ |
338 | return NULL; |
339 | } |
340 | |
341 | static int bcsp_flush(struct hci_uart *hu) |
342 | { |
343 | BT_DBG("hu %p" , hu); |
344 | return 0; |
345 | } |
346 | |
347 | /* Remove ack'ed packets */ |
348 | static void bcsp_pkt_cull(struct bcsp_struct *bcsp) |
349 | { |
350 | struct sk_buff *skb, *tmp; |
351 | unsigned long flags; |
352 | int i, pkts_to_be_removed; |
353 | u8 seqno; |
354 | |
355 | spin_lock_irqsave(&bcsp->unack.lock, flags); |
356 | |
357 | pkts_to_be_removed = skb_queue_len(list_: &bcsp->unack); |
358 | seqno = bcsp->msgq_txseq; |
359 | |
360 | while (pkts_to_be_removed) { |
361 | if (bcsp->rxack == seqno) |
362 | break; |
363 | pkts_to_be_removed--; |
364 | seqno = (seqno - 1) & 0x07; |
365 | } |
366 | |
367 | if (bcsp->rxack != seqno) |
368 | BT_ERR("Peer acked invalid packet" ); |
369 | |
370 | BT_DBG("Removing %u pkts out of %u, up to seqno %u" , |
371 | pkts_to_be_removed, skb_queue_len(&bcsp->unack), |
372 | (seqno - 1) & 0x07); |
373 | |
374 | i = 0; |
375 | skb_queue_walk_safe(&bcsp->unack, skb, tmp) { |
376 | if (i >= pkts_to_be_removed) |
377 | break; |
378 | i++; |
379 | |
380 | __skb_unlink(skb, list: &bcsp->unack); |
381 | dev_kfree_skb_irq(skb); |
382 | } |
383 | |
384 | if (skb_queue_empty(list: &bcsp->unack)) |
385 | del_timer(timer: &bcsp->tbcsp); |
386 | |
387 | spin_unlock_irqrestore(lock: &bcsp->unack.lock, flags); |
388 | |
389 | if (i != pkts_to_be_removed) |
390 | BT_ERR("Removed only %u out of %u pkts" , i, pkts_to_be_removed); |
391 | } |
392 | |
393 | /* Handle BCSP link-establishment packets. When we |
394 | * detect a "sync" packet, symptom that the BT module has reset, |
395 | * we do nothing :) (yet) |
396 | */ |
397 | static void bcsp_handle_le_pkt(struct hci_uart *hu) |
398 | { |
399 | struct bcsp_struct *bcsp = hu->priv; |
400 | u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed }; |
401 | u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 }; |
402 | u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed }; |
403 | |
404 | /* spot "conf" pkts and reply with a "conf rsp" pkt */ |
405 | if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 && |
406 | !memcmp(p: &bcsp->rx_skb->data[4], q: conf_pkt, size: 4)) { |
407 | struct sk_buff *nskb = alloc_skb(size: 4, GFP_ATOMIC); |
408 | |
409 | BT_DBG("Found a LE conf pkt" ); |
410 | if (!nskb) |
411 | return; |
412 | skb_put_data(skb: nskb, data: conf_rsp_pkt, len: 4); |
413 | hci_skb_pkt_type(nskb) = BCSP_LE_PKT; |
414 | |
415 | skb_queue_head(list: &bcsp->unrel, newsk: nskb); |
416 | hci_uart_tx_wakeup(hu); |
417 | } |
418 | /* Spot "sync" pkts. If we find one...disaster! */ |
419 | else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 && |
420 | !memcmp(p: &bcsp->rx_skb->data[4], q: sync_pkt, size: 4)) { |
421 | BT_ERR("Found a LE sync pkt, card has reset" ); |
422 | } |
423 | } |
424 | |
425 | static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte) |
426 | { |
427 | const u8 c0 = 0xc0, db = 0xdb; |
428 | |
429 | switch (bcsp->rx_esc_state) { |
430 | case BCSP_ESCSTATE_NOESC: |
431 | switch (byte) { |
432 | case 0xdb: |
433 | bcsp->rx_esc_state = BCSP_ESCSTATE_ESC; |
434 | break; |
435 | default: |
436 | skb_put_data(skb: bcsp->rx_skb, data: &byte, len: 1); |
437 | if ((bcsp->rx_skb->data[0] & 0x40) != 0 && |
438 | bcsp->rx_state != BCSP_W4_CRC) |
439 | bcsp_crc_update(crc: &bcsp->message_crc, d: byte); |
440 | bcsp->rx_count--; |
441 | } |
442 | break; |
443 | |
444 | case BCSP_ESCSTATE_ESC: |
445 | switch (byte) { |
446 | case 0xdc: |
447 | skb_put_data(skb: bcsp->rx_skb, data: &c0, len: 1); |
448 | if ((bcsp->rx_skb->data[0] & 0x40) != 0 && |
449 | bcsp->rx_state != BCSP_W4_CRC) |
450 | bcsp_crc_update(crc: &bcsp->message_crc, d: 0xc0); |
451 | bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; |
452 | bcsp->rx_count--; |
453 | break; |
454 | |
455 | case 0xdd: |
456 | skb_put_data(skb: bcsp->rx_skb, data: &db, len: 1); |
457 | if ((bcsp->rx_skb->data[0] & 0x40) != 0 && |
458 | bcsp->rx_state != BCSP_W4_CRC) |
459 | bcsp_crc_update(crc: &bcsp->message_crc, d: 0xdb); |
460 | bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; |
461 | bcsp->rx_count--; |
462 | break; |
463 | |
464 | default: |
465 | BT_ERR("Invalid byte %02x after esc byte" , byte); |
466 | kfree_skb(skb: bcsp->rx_skb); |
467 | bcsp->rx_skb = NULL; |
468 | bcsp->rx_state = BCSP_W4_PKT_DELIMITER; |
469 | bcsp->rx_count = 0; |
470 | } |
471 | } |
472 | } |
473 | |
474 | static void bcsp_complete_rx_pkt(struct hci_uart *hu) |
475 | { |
476 | struct bcsp_struct *bcsp = hu->priv; |
477 | int pass_up = 0; |
478 | |
479 | if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */ |
480 | BT_DBG("Received seqno %u from card" , bcsp->rxseq_txack); |
481 | |
482 | /* check the rx sequence number is as expected */ |
483 | if ((bcsp->rx_skb->data[0] & 0x07) == bcsp->rxseq_txack) { |
484 | bcsp->rxseq_txack++; |
485 | bcsp->rxseq_txack %= 0x8; |
486 | } else { |
487 | /* handle re-transmitted packet or |
488 | * when packet was missed |
489 | */ |
490 | BT_ERR("Out-of-order packet arrived, got %u expected %u" , |
491 | bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack); |
492 | |
493 | /* do not process out-of-order packet payload */ |
494 | pass_up = 2; |
495 | } |
496 | |
497 | /* send current txack value to all received reliable packets */ |
498 | bcsp->txack_req = 1; |
499 | |
500 | /* If needed, transmit an ack pkt */ |
501 | hci_uart_tx_wakeup(hu); |
502 | } |
503 | |
504 | bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07; |
505 | BT_DBG("Request for pkt %u from card" , bcsp->rxack); |
506 | |
507 | /* handle received ACK indications, |
508 | * including those from out-of-order packets |
509 | */ |
510 | bcsp_pkt_cull(bcsp); |
511 | |
512 | if (pass_up != 2) { |
513 | if ((bcsp->rx_skb->data[1] & 0x0f) == 6 && |
514 | (bcsp->rx_skb->data[0] & 0x80)) { |
515 | hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT; |
516 | pass_up = 1; |
517 | } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 && |
518 | (bcsp->rx_skb->data[0] & 0x80)) { |
519 | hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT; |
520 | pass_up = 1; |
521 | } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) { |
522 | hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT; |
523 | pass_up = 1; |
524 | } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 && |
525 | !(bcsp->rx_skb->data[0] & 0x80)) { |
526 | bcsp_handle_le_pkt(hu); |
527 | pass_up = 0; |
528 | } else { |
529 | pass_up = 0; |
530 | } |
531 | } |
532 | |
533 | if (pass_up == 0) { |
534 | struct hci_event_hdr hdr; |
535 | u8 desc = (bcsp->rx_skb->data[1] & 0x0f); |
536 | |
537 | if (desc != 0 && desc != 1) { |
538 | if (hciextn) { |
539 | desc |= 0xc0; |
540 | skb_pull(skb: bcsp->rx_skb, len: 4); |
541 | memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1); |
542 | |
543 | hdr.evt = 0xff; |
544 | hdr.plen = bcsp->rx_skb->len; |
545 | memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE); |
546 | hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT; |
547 | |
548 | hci_recv_frame(hdev: hu->hdev, skb: bcsp->rx_skb); |
549 | } else { |
550 | BT_ERR("Packet for unknown channel (%u %s)" , |
551 | bcsp->rx_skb->data[1] & 0x0f, |
552 | bcsp->rx_skb->data[0] & 0x80 ? |
553 | "reliable" : "unreliable" ); |
554 | kfree_skb(skb: bcsp->rx_skb); |
555 | } |
556 | } else |
557 | kfree_skb(skb: bcsp->rx_skb); |
558 | } else if (pass_up == 1) { |
559 | /* Pull out BCSP hdr */ |
560 | skb_pull(skb: bcsp->rx_skb, len: 4); |
561 | |
562 | hci_recv_frame(hdev: hu->hdev, skb: bcsp->rx_skb); |
563 | } else { |
564 | /* ignore packet payload of already ACKed re-transmitted |
565 | * packets or when a packet was missed in the BCSP window |
566 | */ |
567 | kfree_skb(skb: bcsp->rx_skb); |
568 | } |
569 | |
570 | bcsp->rx_state = BCSP_W4_PKT_DELIMITER; |
571 | bcsp->rx_skb = NULL; |
572 | } |
573 | |
574 | static u16 bscp_get_crc(struct bcsp_struct *bcsp) |
575 | { |
576 | return get_unaligned_be16(p: &bcsp->rx_skb->data[bcsp->rx_skb->len - 2]); |
577 | } |
578 | |
579 | /* Recv data */ |
580 | static int bcsp_recv(struct hci_uart *hu, const void *data, int count) |
581 | { |
582 | struct bcsp_struct *bcsp = hu->priv; |
583 | const unsigned char *ptr; |
584 | |
585 | BT_DBG("hu %p count %d rx_state %d rx_count %ld" , |
586 | hu, count, bcsp->rx_state, bcsp->rx_count); |
587 | |
588 | ptr = data; |
589 | while (count) { |
590 | if (bcsp->rx_count) { |
591 | if (*ptr == 0xc0) { |
592 | BT_ERR("Short BCSP packet" ); |
593 | kfree_skb(skb: bcsp->rx_skb); |
594 | bcsp->rx_skb = NULL; |
595 | bcsp->rx_state = BCSP_W4_PKT_START; |
596 | bcsp->rx_count = 0; |
597 | } else |
598 | bcsp_unslip_one_byte(bcsp, byte: *ptr); |
599 | |
600 | ptr++; count--; |
601 | continue; |
602 | } |
603 | |
604 | switch (bcsp->rx_state) { |
605 | case BCSP_W4_BCSP_HDR: |
606 | if ((0xff & (u8)~(bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] + |
607 | bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) { |
608 | BT_ERR("Error in BCSP hdr checksum" ); |
609 | kfree_skb(skb: bcsp->rx_skb); |
610 | bcsp->rx_skb = NULL; |
611 | bcsp->rx_state = BCSP_W4_PKT_DELIMITER; |
612 | bcsp->rx_count = 0; |
613 | continue; |
614 | } |
615 | bcsp->rx_state = BCSP_W4_DATA; |
616 | bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) + |
617 | (bcsp->rx_skb->data[2] << 4); /* May be 0 */ |
618 | continue; |
619 | |
620 | case BCSP_W4_DATA: |
621 | if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */ |
622 | bcsp->rx_state = BCSP_W4_CRC; |
623 | bcsp->rx_count = 2; |
624 | } else |
625 | bcsp_complete_rx_pkt(hu); |
626 | continue; |
627 | |
628 | case BCSP_W4_CRC: |
629 | if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) { |
630 | BT_ERR("Checksum failed: computed %04x received %04x" , |
631 | bitrev16(bcsp->message_crc), |
632 | bscp_get_crc(bcsp)); |
633 | |
634 | kfree_skb(skb: bcsp->rx_skb); |
635 | bcsp->rx_skb = NULL; |
636 | bcsp->rx_state = BCSP_W4_PKT_DELIMITER; |
637 | bcsp->rx_count = 0; |
638 | continue; |
639 | } |
640 | skb_trim(skb: bcsp->rx_skb, len: bcsp->rx_skb->len - 2); |
641 | bcsp_complete_rx_pkt(hu); |
642 | continue; |
643 | |
644 | case BCSP_W4_PKT_DELIMITER: |
645 | switch (*ptr) { |
646 | case 0xc0: |
647 | bcsp->rx_state = BCSP_W4_PKT_START; |
648 | break; |
649 | default: |
650 | /*BT_ERR("Ignoring byte %02x", *ptr);*/ |
651 | break; |
652 | } |
653 | ptr++; count--; |
654 | break; |
655 | |
656 | case BCSP_W4_PKT_START: |
657 | switch (*ptr) { |
658 | case 0xc0: |
659 | ptr++; count--; |
660 | break; |
661 | |
662 | default: |
663 | bcsp->rx_state = BCSP_W4_BCSP_HDR; |
664 | bcsp->rx_count = 4; |
665 | bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC; |
666 | BCSP_CRC_INIT(bcsp->message_crc); |
667 | |
668 | /* Do not increment ptr or decrement count |
669 | * Allocate packet. Max len of a BCSP pkt= |
670 | * 0xFFF (payload) +4 (header) +2 (crc) |
671 | */ |
672 | |
673 | bcsp->rx_skb = bt_skb_alloc(len: 0x1005, GFP_ATOMIC); |
674 | if (!bcsp->rx_skb) { |
675 | BT_ERR("Can't allocate mem for new packet" ); |
676 | bcsp->rx_state = BCSP_W4_PKT_DELIMITER; |
677 | bcsp->rx_count = 0; |
678 | return 0; |
679 | } |
680 | break; |
681 | } |
682 | break; |
683 | } |
684 | } |
685 | return count; |
686 | } |
687 | |
688 | /* Arrange to retransmit all messages in the relq. */ |
689 | static void bcsp_timed_event(struct timer_list *t) |
690 | { |
691 | struct bcsp_struct *bcsp = from_timer(bcsp, t, tbcsp); |
692 | struct hci_uart *hu = bcsp->hu; |
693 | struct sk_buff *skb; |
694 | unsigned long flags; |
695 | |
696 | BT_DBG("hu %p retransmitting %u pkts" , hu, bcsp->unack.qlen); |
697 | |
698 | spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING); |
699 | |
700 | while ((skb = __skb_dequeue_tail(list: &bcsp->unack)) != NULL) { |
701 | bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07; |
702 | skb_queue_head(list: &bcsp->rel, newsk: skb); |
703 | } |
704 | |
705 | spin_unlock_irqrestore(lock: &bcsp->unack.lock, flags); |
706 | |
707 | hci_uart_tx_wakeup(hu); |
708 | } |
709 | |
710 | static int bcsp_open(struct hci_uart *hu) |
711 | { |
712 | struct bcsp_struct *bcsp; |
713 | |
714 | BT_DBG("hu %p" , hu); |
715 | |
716 | bcsp = kzalloc(size: sizeof(*bcsp), GFP_KERNEL); |
717 | if (!bcsp) |
718 | return -ENOMEM; |
719 | |
720 | hu->priv = bcsp; |
721 | bcsp->hu = hu; |
722 | skb_queue_head_init(list: &bcsp->unack); |
723 | skb_queue_head_init(list: &bcsp->rel); |
724 | skb_queue_head_init(list: &bcsp->unrel); |
725 | |
726 | timer_setup(&bcsp->tbcsp, bcsp_timed_event, 0); |
727 | |
728 | bcsp->rx_state = BCSP_W4_PKT_DELIMITER; |
729 | |
730 | if (txcrc) |
731 | bcsp->use_crc = 1; |
732 | |
733 | return 0; |
734 | } |
735 | |
736 | static int bcsp_close(struct hci_uart *hu) |
737 | { |
738 | struct bcsp_struct *bcsp = hu->priv; |
739 | |
740 | timer_shutdown_sync(timer: &bcsp->tbcsp); |
741 | |
742 | hu->priv = NULL; |
743 | |
744 | BT_DBG("hu %p" , hu); |
745 | |
746 | skb_queue_purge(list: &bcsp->unack); |
747 | skb_queue_purge(list: &bcsp->rel); |
748 | skb_queue_purge(list: &bcsp->unrel); |
749 | |
750 | if (bcsp->rx_skb) { |
751 | kfree_skb(skb: bcsp->rx_skb); |
752 | bcsp->rx_skb = NULL; |
753 | } |
754 | |
755 | kfree(objp: bcsp); |
756 | return 0; |
757 | } |
758 | |
759 | static const struct hci_uart_proto bcsp = { |
760 | .id = HCI_UART_BCSP, |
761 | .name = "BCSP" , |
762 | .open = bcsp_open, |
763 | .close = bcsp_close, |
764 | .enqueue = bcsp_enqueue, |
765 | .dequeue = bcsp_dequeue, |
766 | .recv = bcsp_recv, |
767 | .flush = bcsp_flush |
768 | }; |
769 | |
770 | int __init bcsp_init(void) |
771 | { |
772 | return hci_uart_register_proto(p: &bcsp); |
773 | } |
774 | |
775 | int __exit bcsp_deinit(void) |
776 | { |
777 | return hci_uart_unregister_proto(p: &bcsp); |
778 | } |
779 | |
780 | module_param(txcrc, bool, 0644); |
781 | MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet" ); |
782 | |
783 | module_param(hciextn, bool, 0644); |
784 | MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets" ); |
785 | |