3 * Bluetooth HCI UART driver
5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 #include <linux/module.h>
27 #include <linux/kernel.h>
28 #include <linux/init.h>
29 #include <linux/types.h>
30 #include <linux/fcntl.h>
31 #include <linux/interrupt.h>
32 #include <linux/ptrace.h>
33 #include <linux/poll.h>
35 #include <linux/slab.h>
36 #include <linux/tty.h>
37 #include <linux/errno.h>
38 #include <linux/string.h>
39 #include <linux/signal.h>
40 #include <linux/ioctl.h>
41 #include <linux/skbuff.h>
42 #include <linux/bitrev.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
50 static bool txcrc = true;
51 static bool hciextn = true;
53 #define BCSP_TXWINSIZE 4
55 #define BCSP_ACK_PKT 0x05
56 #define BCSP_LE_PKT 0x06
59 struct sk_buff_head unack; /* Unack'ed packets queue */
60 struct sk_buff_head rel; /* Reliable packets queue */
61 struct sk_buff_head unrel; /* Unreliable packets queue */
63 unsigned long rx_count;
64 struct sk_buff *rx_skb;
65 u8 rxseq_txack; /* rxseq == txack. */
66 u8 rxack; /* Last packet sent by us that the peer ack'ed */
67 struct timer_list tbcsp;
71 BCSP_W4_PKT_DELIMITER,
85 u8 txack_req; /* Do we need to send ack's to the peer? */
87 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
91 /* ---- BCSP CRC calculation ---- */
93 /* Table for calculating CRC for polynomial 0x1021, LSB processed first,
94 * initial value 0xffff, bits shifted in reverse order.
97 static const u16 crc_table[] = {
98 0x0000, 0x1081, 0x2102, 0x3183,
99 0x4204, 0x5285, 0x6306, 0x7387,
100 0x8408, 0x9489, 0xa50a, 0xb58b,
101 0xc60c, 0xd68d, 0xe70e, 0xf78f
104 /* Initialise the crc calculator */
105 #define BCSP_CRC_INIT(x) x = 0xffff
107 /* Update crc with next data byte
109 * Implementation note
110 * The data byte is treated as two nibbles. The crc is generated
111 * in reverse, i.e., bits are fed into the register from the top.
113 static void bcsp_crc_update(u16 *crc, u8 d)
117 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
118 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
123 /* ---- BCSP core ---- */
125 static void bcsp_slip_msgdelim(struct sk_buff *skb)
127 const char pkt_delim = 0xc0;
129 skb_put_data(skb, &pkt_delim, 1);
132 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
134 const char esc_c0[2] = { 0xdb, 0xdc };
135 const char esc_db[2] = { 0xdb, 0xdd };
139 skb_put_data(skb, &esc_c0, 2);
142 skb_put_data(skb, &esc_db, 2);
145 skb_put_data(skb, &c, 1);
149 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
151 struct bcsp_struct *bcsp = hu->priv;
153 if (skb->len > 0xFFF) {
154 BT_ERR("Packet too long");
159 switch (hci_skb_pkt_type(skb)) {
160 case HCI_ACLDATA_PKT:
161 case HCI_COMMAND_PKT:
162 skb_queue_tail(&bcsp->rel, skb);
165 case HCI_SCODATA_PKT:
166 skb_queue_tail(&bcsp->unrel, skb);
170 BT_ERR("Unknown packet type");
178 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
179 int len, int pkt_type)
181 struct sk_buff *nskb;
183 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
187 case HCI_ACLDATA_PKT:
188 chan = 6; /* BCSP ACL channel */
189 rel = 1; /* reliable channel */
191 case HCI_COMMAND_PKT:
192 chan = 5; /* BCSP cmd/evt channel */
193 rel = 1; /* reliable channel */
195 case HCI_SCODATA_PKT:
196 chan = 7; /* BCSP SCO channel */
197 rel = 0; /* unreliable channel */
200 chan = 1; /* BCSP LE channel */
201 rel = 0; /* unreliable channel */
204 chan = 0; /* BCSP internal channel */
205 rel = 0; /* unreliable channel */
208 BT_ERR("Unknown packet type");
212 if (hciextn && chan == 5) {
213 __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
215 /* Vendor specific commands */
216 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
217 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
219 if ((desc & 0xf0) == 0xc0) {
220 data += HCI_COMMAND_HDR_SIZE + 1;
221 len -= HCI_COMMAND_HDR_SIZE + 1;
227 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
228 * (because bytes 0xc0 and 0xdb are escaped, worst case is
229 * when the packet is all made of 0xc0 and 0xdb :) )
230 * + 2 (0xc0 delimiters at start and end).
233 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
237 hci_skb_pkt_type(nskb) = pkt_type;
239 bcsp_slip_msgdelim(nskb);
241 hdr[0] = bcsp->rxseq_txack << 3;
243 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
246 hdr[0] |= 0x80 + bcsp->msgq_txseq;
247 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
248 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
254 hdr[1] = ((len << 4) & 0xff) | chan;
256 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
258 /* Put BCSP header */
259 for (i = 0; i < 4; i++) {
260 bcsp_slip_one_byte(nskb, hdr[i]);
263 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
267 for (i = 0; i < len; i++) {
268 bcsp_slip_one_byte(nskb, data[i]);
271 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
276 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
277 bcsp_slip_one_byte(nskb, (u8)((bcsp_txmsg_crc >> 8) & 0x00ff));
278 bcsp_slip_one_byte(nskb, (u8)(bcsp_txmsg_crc & 0x00ff));
281 bcsp_slip_msgdelim(nskb);
285 /* This is a rewrite of pkt_avail in ABCSP */
286 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
288 struct bcsp_struct *bcsp = hu->priv;
292 /* First of all, check for unreliable messages in the queue,
293 * since they have priority
296 skb = skb_dequeue(&bcsp->unrel);
298 struct sk_buff *nskb;
300 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
301 hci_skb_pkt_type(skb));
306 skb_queue_head(&bcsp->unrel, skb);
307 BT_ERR("Could not dequeue pkt because alloc_skb failed");
311 /* Now, try to send a reliable pkt. We can only send a
312 * reliable packet if the number of packets sent but not yet ack'ed
313 * is < than the winsize
316 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
318 if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
319 skb = skb_dequeue(&bcsp->rel);
321 struct sk_buff *nskb;
323 nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
324 hci_skb_pkt_type(skb));
326 __skb_queue_tail(&bcsp->unack, skb);
327 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
328 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
331 skb_queue_head(&bcsp->rel, skb);
332 BT_ERR("Could not dequeue pkt because alloc_skb failed");
337 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
339 /* We could not send a reliable packet, either because there are
340 * none or because there are too many unack'ed pkts. Did we receive
341 * any packets we have not acknowledged yet ?
344 if (bcsp->txack_req) {
345 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
348 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
352 /* We have nothing to send */
356 static int bcsp_flush(struct hci_uart *hu)
362 /* Remove ack'ed packets */
363 static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
365 struct sk_buff *skb, *tmp;
367 int i, pkts_to_be_removed;
370 spin_lock_irqsave(&bcsp->unack.lock, flags);
372 pkts_to_be_removed = skb_queue_len(&bcsp->unack);
373 seqno = bcsp->msgq_txseq;
375 while (pkts_to_be_removed) {
376 if (bcsp->rxack == seqno)
378 pkts_to_be_removed--;
379 seqno = (seqno - 1) & 0x07;
382 if (bcsp->rxack != seqno)
383 BT_ERR("Peer acked invalid packet");
385 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
386 pkts_to_be_removed, skb_queue_len(&bcsp->unack),
390 skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
391 if (i >= pkts_to_be_removed)
395 __skb_unlink(skb, &bcsp->unack);
396 dev_kfree_skb_irq(skb);
399 if (skb_queue_empty(&bcsp->unack))
400 del_timer(&bcsp->tbcsp);
402 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
404 if (i != pkts_to_be_removed)
405 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
408 /* Handle BCSP link-establishment packets. When we
409 * detect a "sync" packet, symptom that the BT module has reset,
410 * we do nothing :) (yet)
412 static void bcsp_handle_le_pkt(struct hci_uart *hu)
414 struct bcsp_struct *bcsp = hu->priv;
415 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
416 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
417 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
419 /* spot "conf" pkts and reply with a "conf rsp" pkt */
420 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
421 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
422 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
424 BT_DBG("Found a LE conf pkt");
427 skb_put_data(nskb, conf_rsp_pkt, 4);
428 hci_skb_pkt_type(nskb) = BCSP_LE_PKT;
430 skb_queue_head(&bcsp->unrel, nskb);
431 hci_uart_tx_wakeup(hu);
433 /* Spot "sync" pkts. If we find one...disaster! */
434 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
435 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
436 BT_ERR("Found a LE sync pkt, card has reset");
440 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
442 const u8 c0 = 0xc0, db = 0xdb;
444 switch (bcsp->rx_esc_state) {
445 case BCSP_ESCSTATE_NOESC:
448 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
451 skb_put_data(bcsp->rx_skb, &byte, 1);
452 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
453 bcsp->rx_state != BCSP_W4_CRC)
454 bcsp_crc_update(&bcsp->message_crc, byte);
459 case BCSP_ESCSTATE_ESC:
462 skb_put_data(bcsp->rx_skb, &c0, 1);
463 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
464 bcsp->rx_state != BCSP_W4_CRC)
465 bcsp_crc_update(&bcsp->message_crc, 0xc0);
466 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
471 skb_put_data(bcsp->rx_skb, &db, 1);
472 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
473 bcsp->rx_state != BCSP_W4_CRC)
474 bcsp_crc_update(&bcsp->message_crc, 0xdb);
475 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
480 BT_ERR("Invalid byte %02x after esc byte", byte);
481 kfree_skb(bcsp->rx_skb);
483 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
489 static void bcsp_complete_rx_pkt(struct hci_uart *hu)
491 struct bcsp_struct *bcsp = hu->priv;
494 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
495 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
497 /* check the rx sequence number is as expected */
498 if ((bcsp->rx_skb->data[0] & 0x07) == bcsp->rxseq_txack) {
500 bcsp->rxseq_txack %= 0x8;
502 /* handle re-transmitted packet or
503 * when packet was missed
505 BT_ERR("Out-of-order packet arrived, got %u expected %u",
506 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
508 /* do not process out-of-order packet payload */
512 /* send current txack value to all received reliable packets */
515 /* If needed, transmit an ack pkt */
516 hci_uart_tx_wakeup(hu);
519 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
520 BT_DBG("Request for pkt %u from card", bcsp->rxack);
522 /* handle received ACK indications,
523 * including those from out-of-order packets
528 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
529 (bcsp->rx_skb->data[0] & 0x80)) {
530 hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT;
532 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
533 (bcsp->rx_skb->data[0] & 0x80)) {
534 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
536 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
537 hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT;
539 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
540 !(bcsp->rx_skb->data[0] & 0x80)) {
541 bcsp_handle_le_pkt(hu);
549 struct hci_event_hdr hdr;
550 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
552 if (desc != 0 && desc != 1) {
555 skb_pull(bcsp->rx_skb, 4);
556 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
559 hdr.plen = bcsp->rx_skb->len;
560 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
561 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
563 hci_recv_frame(hu->hdev, bcsp->rx_skb);
565 BT_ERR("Packet for unknown channel (%u %s)",
566 bcsp->rx_skb->data[1] & 0x0f,
567 bcsp->rx_skb->data[0] & 0x80 ?
568 "reliable" : "unreliable");
569 kfree_skb(bcsp->rx_skb);
572 kfree_skb(bcsp->rx_skb);
573 } else if (pass_up == 1) {
574 /* Pull out BCSP hdr */
575 skb_pull(bcsp->rx_skb, 4);
577 hci_recv_frame(hu->hdev, bcsp->rx_skb);
579 /* ignore packet payload of already ACKed re-transmitted
580 * packets or when a packet was missed in the BCSP window
582 kfree_skb(bcsp->rx_skb);
585 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
589 static u16 bscp_get_crc(struct bcsp_struct *bcsp)
591 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
595 static int bcsp_recv(struct hci_uart *hu, const void *data, int count)
597 struct bcsp_struct *bcsp = hu->priv;
598 const unsigned char *ptr;
600 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
601 hu, count, bcsp->rx_state, bcsp->rx_count);
605 if (bcsp->rx_count) {
607 BT_ERR("Short BCSP packet");
608 kfree_skb(bcsp->rx_skb);
610 bcsp->rx_state = BCSP_W4_PKT_START;
613 bcsp_unslip_one_byte(bcsp, *ptr);
619 switch (bcsp->rx_state) {
620 case BCSP_W4_BCSP_HDR:
621 if ((0xff & (u8)~(bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
622 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
623 BT_ERR("Error in BCSP hdr checksum");
624 kfree_skb(bcsp->rx_skb);
626 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
630 bcsp->rx_state = BCSP_W4_DATA;
631 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
632 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
636 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
637 bcsp->rx_state = BCSP_W4_CRC;
640 bcsp_complete_rx_pkt(hu);
644 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
645 BT_ERR("Checksum failed: computed %04x received %04x",
646 bitrev16(bcsp->message_crc),
649 kfree_skb(bcsp->rx_skb);
651 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
655 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
656 bcsp_complete_rx_pkt(hu);
659 case BCSP_W4_PKT_DELIMITER:
662 bcsp->rx_state = BCSP_W4_PKT_START;
665 /*BT_ERR("Ignoring byte %02x", *ptr);*/
671 case BCSP_W4_PKT_START:
678 bcsp->rx_state = BCSP_W4_BCSP_HDR;
680 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
681 BCSP_CRC_INIT(bcsp->message_crc);
683 /* Do not increment ptr or decrement count
684 * Allocate packet. Max len of a BCSP pkt=
685 * 0xFFF (payload) +4 (header) +2 (crc)
688 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
690 BT_ERR("Can't allocate mem for new packet");
691 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
703 /* Arrange to retransmit all messages in the relq. */
704 static void bcsp_timed_event(struct timer_list *t)
706 struct bcsp_struct *bcsp = from_timer(bcsp, t, tbcsp);
707 struct hci_uart *hu = bcsp->hu;
711 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
713 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
715 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
716 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
717 skb_queue_head(&bcsp->rel, skb);
720 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
722 hci_uart_tx_wakeup(hu);
725 static int bcsp_open(struct hci_uart *hu)
727 struct bcsp_struct *bcsp;
731 bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
737 skb_queue_head_init(&bcsp->unack);
738 skb_queue_head_init(&bcsp->rel);
739 skb_queue_head_init(&bcsp->unrel);
741 timer_setup(&bcsp->tbcsp, bcsp_timed_event, 0);
743 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
751 static int bcsp_close(struct hci_uart *hu)
753 struct bcsp_struct *bcsp = hu->priv;
755 del_timer_sync(&bcsp->tbcsp);
761 skb_queue_purge(&bcsp->unack);
762 skb_queue_purge(&bcsp->rel);
763 skb_queue_purge(&bcsp->unrel);
766 kfree_skb(bcsp->rx_skb);
774 static const struct hci_uart_proto bcsp = {
779 .enqueue = bcsp_enqueue,
780 .dequeue = bcsp_dequeue,
785 int __init bcsp_init(void)
787 return hci_uart_register_proto(&bcsp);
790 int __exit bcsp_deinit(void)
792 return hci_uart_unregister_proto(&bcsp);
795 module_param(txcrc, bool, 0644);
796 MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
798 module_param(hciextn, bool, 0644);
799 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");
projects / releases.git / blob