3 * Bluetooth HCI UART driver
5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 #include <linux/module.h>
27 #include <linux/kernel.h>
28 #include <linux/init.h>
29 #include <linux/types.h>
30 #include <linux/fcntl.h>
31 #include <linux/interrupt.h>
32 #include <linux/ptrace.h>
33 #include <linux/poll.h>
35 #include <linux/slab.h>
36 #include <linux/tty.h>
37 #include <linux/errno.h>
38 #include <linux/string.h>
39 #include <linux/signal.h>
40 #include <linux/ioctl.h>
41 #include <linux/skbuff.h>
42 #include <linux/bitrev.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
50 static bool txcrc = true;
51 static bool hciextn = true;
53 #define BCSP_TXWINSIZE 4
55 #define BCSP_ACK_PKT 0x05
56 #define BCSP_LE_PKT 0x06
59 struct sk_buff_head unack; /* Unack'ed packets queue */
60 struct sk_buff_head rel; /* Reliable packets queue */
61 struct sk_buff_head unrel; /* Unreliable packets queue */
63 unsigned long rx_count;
64 struct sk_buff *rx_skb;
65 u8 rxseq_txack; /* rxseq == txack. */
66 u8 rxack; /* Last packet sent by us that the peer ack'ed */
67 struct timer_list tbcsp;
70 BCSP_W4_PKT_DELIMITER,
84 u8 txack_req; /* Do we need to send ack's to the peer? */
86 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
90 /* ---- BCSP CRC calculation ---- */
92 /* Table for calculating CRC for polynomial 0x1021, LSB processed first,
93 initial value 0xffff, bits shifted in reverse order. */
95 static const u16 crc_table[] = {
96 0x0000, 0x1081, 0x2102, 0x3183,
97 0x4204, 0x5285, 0x6306, 0x7387,
98 0x8408, 0x9489, 0xa50a, 0xb58b,
99 0xc60c, 0xd68d, 0xe70e, 0xf78f
102 /* Initialise the crc calculator */
103 #define BCSP_CRC_INIT(x) x = 0xffff
106 Update crc with next data byte
109 The data byte is treated as two nibbles. The crc is generated
110 in reverse, i.e., bits are fed into the register from the top.
112 static void bcsp_crc_update(u16 *crc, u8 d)
116 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
117 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
122 /* ---- BCSP core ---- */
124 static void bcsp_slip_msgdelim(struct sk_buff *skb)
126 const char pkt_delim = 0xc0;
128 memcpy(skb_put(skb, 1), &pkt_delim, 1);
131 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
133 const char esc_c0[2] = { 0xdb, 0xdc };
134 const char esc_db[2] = { 0xdb, 0xdd };
138 memcpy(skb_put(skb, 2), &esc_c0, 2);
141 memcpy(skb_put(skb, 2), &esc_db, 2);
144 memcpy(skb_put(skb, 1), &c, 1);
148 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
150 struct bcsp_struct *bcsp = hu->priv;
152 if (skb->len > 0xFFF) {
153 BT_ERR("Packet too long");
158 switch (bt_cb(skb)->pkt_type) {
159 case HCI_ACLDATA_PKT:
160 case HCI_COMMAND_PKT:
161 skb_queue_tail(&bcsp->rel, skb);
164 case HCI_SCODATA_PKT:
165 skb_queue_tail(&bcsp->unrel, skb);
169 BT_ERR("Unknown packet type");
177 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
178 int len, int pkt_type)
180 struct sk_buff *nskb;
182 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
186 case HCI_ACLDATA_PKT:
187 chan = 6; /* BCSP ACL channel */
188 rel = 1; /* reliable channel */
190 case HCI_COMMAND_PKT:
191 chan = 5; /* BCSP cmd/evt channel */
192 rel = 1; /* reliable channel */
194 case HCI_SCODATA_PKT:
195 chan = 7; /* BCSP SCO channel */
196 rel = 0; /* unreliable channel */
199 chan = 1; /* BCSP LE channel */
200 rel = 0; /* unreliable channel */
203 chan = 0; /* BCSP internal channel */
204 rel = 0; /* unreliable channel */
207 BT_ERR("Unknown packet type");
211 if (hciextn && chan == 5) {
212 __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
214 /* Vendor specific commands */
215 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
216 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
217 if ((desc & 0xf0) == 0xc0) {
218 data += HCI_COMMAND_HDR_SIZE + 1;
219 len -= HCI_COMMAND_HDR_SIZE + 1;
225 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
226 (because bytes 0xc0 and 0xdb are escaped, worst case is
227 when the packet is all made of 0xc0 and 0xdb :) )
228 + 2 (0xc0 delimiters at start and end). */
230 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
234 bt_cb(nskb)->pkt_type = pkt_type;
236 bcsp_slip_msgdelim(nskb);
238 hdr[0] = bcsp->rxseq_txack << 3;
240 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
243 hdr[0] |= 0x80 + bcsp->msgq_txseq;
244 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
245 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
251 hdr[1] = ((len << 4) & 0xff) | chan;
253 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
255 /* Put BCSP header */
256 for (i = 0; i < 4; i++) {
257 bcsp_slip_one_byte(nskb, hdr[i]);
260 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
264 for (i = 0; i < len; i++) {
265 bcsp_slip_one_byte(nskb, data[i]);
268 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
273 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
274 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
275 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
278 bcsp_slip_msgdelim(nskb);
282 /* This is a rewrite of pkt_avail in ABCSP */
283 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
285 struct bcsp_struct *bcsp = hu->priv;
289 /* First of all, check for unreliable messages in the queue,
290 since they have priority */
292 skb = skb_dequeue(&bcsp->unrel);
294 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
299 skb_queue_head(&bcsp->unrel, skb);
300 BT_ERR("Could not dequeue pkt because alloc_skb failed");
304 /* Now, try to send a reliable pkt. We can only send a
305 reliable packet if the number of packets sent but not yet ack'ed
306 is < than the winsize */
308 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
310 if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
311 skb = skb_dequeue(&bcsp->rel);
313 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
314 bt_cb(skb)->pkt_type);
316 __skb_queue_tail(&bcsp->unack, skb);
317 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
318 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
321 skb_queue_head(&bcsp->rel, skb);
322 BT_ERR("Could not dequeue pkt because alloc_skb failed");
327 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
329 /* We could not send a reliable packet, either because there are
330 none or because there are too many unack'ed pkts. Did we receive
331 any packets we have not acknowledged yet ? */
333 if (bcsp->txack_req) {
334 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
336 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
340 /* We have nothing to send */
344 static int bcsp_flush(struct hci_uart *hu)
350 /* Remove ack'ed packets */
351 static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
353 struct sk_buff *skb, *tmp;
355 int i, pkts_to_be_removed;
358 spin_lock_irqsave(&bcsp->unack.lock, flags);
360 pkts_to_be_removed = skb_queue_len(&bcsp->unack);
361 seqno = bcsp->msgq_txseq;
363 while (pkts_to_be_removed) {
364 if (bcsp->rxack == seqno)
366 pkts_to_be_removed--;
367 seqno = (seqno - 1) & 0x07;
370 if (bcsp->rxack != seqno)
371 BT_ERR("Peer acked invalid packet");
373 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
374 pkts_to_be_removed, skb_queue_len(&bcsp->unack),
378 skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
379 if (i >= pkts_to_be_removed)
383 __skb_unlink(skb, &bcsp->unack);
387 if (skb_queue_empty(&bcsp->unack))
388 del_timer(&bcsp->tbcsp);
390 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
392 if (i != pkts_to_be_removed)
393 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
396 /* Handle BCSP link-establishment packets. When we
397 detect a "sync" packet, symptom that the BT module has reset,
398 we do nothing :) (yet) */
399 static void bcsp_handle_le_pkt(struct hci_uart *hu)
401 struct bcsp_struct *bcsp = hu->priv;
402 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
403 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
404 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
406 /* spot "conf" pkts and reply with a "conf rsp" pkt */
407 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
408 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
409 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
411 BT_DBG("Found a LE conf pkt");
414 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
415 bt_cb(nskb)->pkt_type = BCSP_LE_PKT;
417 skb_queue_head(&bcsp->unrel, nskb);
418 hci_uart_tx_wakeup(hu);
420 /* Spot "sync" pkts. If we find one...disaster! */
421 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
422 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
423 BT_ERR("Found a LE sync pkt, card has reset");
427 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
429 const u8 c0 = 0xc0, db = 0xdb;
431 switch (bcsp->rx_esc_state) {
432 case BCSP_ESCSTATE_NOESC:
435 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
438 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
439 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
440 bcsp->rx_state != BCSP_W4_CRC)
441 bcsp_crc_update(&bcsp->message_crc, byte);
446 case BCSP_ESCSTATE_ESC:
449 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
450 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
451 bcsp->rx_state != BCSP_W4_CRC)
452 bcsp_crc_update(&bcsp->message_crc, 0xc0);
453 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
458 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
459 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
460 bcsp->rx_state != BCSP_W4_CRC)
461 bcsp_crc_update(&bcsp->message_crc, 0xdb);
462 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
467 BT_ERR("Invalid byte %02x after esc byte", byte);
468 kfree_skb(bcsp->rx_skb);
470 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
476 static void bcsp_complete_rx_pkt(struct hci_uart *hu)
478 struct bcsp_struct *bcsp = hu->priv;
481 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
482 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
484 bcsp->rxseq_txack %= 0x8;
487 /* If needed, transmit an ack pkt */
488 hci_uart_tx_wakeup(hu);
491 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
492 BT_DBG("Request for pkt %u from card", bcsp->rxack);
495 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
496 bcsp->rx_skb->data[0] & 0x80) {
497 bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT;
499 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
500 bcsp->rx_skb->data[0] & 0x80) {
501 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
503 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
504 bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT;
506 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
507 !(bcsp->rx_skb->data[0] & 0x80)) {
508 bcsp_handle_le_pkt(hu);
514 struct hci_event_hdr hdr;
515 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
517 if (desc != 0 && desc != 1) {
520 skb_pull(bcsp->rx_skb, 4);
521 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
524 hdr.plen = bcsp->rx_skb->len;
525 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
526 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
528 hci_recv_frame(hu->hdev, bcsp->rx_skb);
530 BT_ERR("Packet for unknown channel (%u %s)",
531 bcsp->rx_skb->data[1] & 0x0f,
532 bcsp->rx_skb->data[0] & 0x80 ?
533 "reliable" : "unreliable");
534 kfree_skb(bcsp->rx_skb);
537 kfree_skb(bcsp->rx_skb);
539 /* Pull out BCSP hdr */
540 skb_pull(bcsp->rx_skb, 4);
542 hci_recv_frame(hu->hdev, bcsp->rx_skb);
545 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
549 static u16 bscp_get_crc(struct bcsp_struct *bcsp)
551 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
555 static int bcsp_recv(struct hci_uart *hu, const void *data, int count)
557 struct bcsp_struct *bcsp = hu->priv;
558 const unsigned char *ptr;
560 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
561 hu, count, bcsp->rx_state, bcsp->rx_count);
565 if (bcsp->rx_count) {
567 BT_ERR("Short BCSP packet");
568 kfree_skb(bcsp->rx_skb);
570 bcsp->rx_state = BCSP_W4_PKT_START;
573 bcsp_unslip_one_byte(bcsp, *ptr);
579 switch (bcsp->rx_state) {
580 case BCSP_W4_BCSP_HDR:
581 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
582 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
583 BT_ERR("Error in BCSP hdr checksum");
584 kfree_skb(bcsp->rx_skb);
586 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
590 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */
591 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
592 BT_ERR("Out-of-order packet arrived, got %u expected %u",
593 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
595 kfree_skb(bcsp->rx_skb);
596 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
600 bcsp->rx_state = BCSP_W4_DATA;
601 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
602 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
606 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
607 bcsp->rx_state = BCSP_W4_CRC;
610 bcsp_complete_rx_pkt(hu);
614 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
615 BT_ERR ("Checksum failed: computed %04x received %04x",
616 bitrev16(bcsp->message_crc),
619 kfree_skb(bcsp->rx_skb);
621 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
625 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
626 bcsp_complete_rx_pkt(hu);
629 case BCSP_W4_PKT_DELIMITER:
632 bcsp->rx_state = BCSP_W4_PKT_START;
635 /*BT_ERR("Ignoring byte %02x", *ptr);*/
641 case BCSP_W4_PKT_START:
648 bcsp->rx_state = BCSP_W4_BCSP_HDR;
650 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
651 BCSP_CRC_INIT(bcsp->message_crc);
653 /* Do not increment ptr or decrement count
654 * Allocate packet. Max len of a BCSP pkt=
655 * 0xFFF (payload) +4 (header) +2 (crc) */
657 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
659 BT_ERR("Can't allocate mem for new packet");
660 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
672 /* Arrange to retransmit all messages in the relq. */
673 static void bcsp_timed_event(unsigned long arg)
675 struct hci_uart *hu = (struct hci_uart *) arg;
676 struct bcsp_struct *bcsp = hu->priv;
680 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
682 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
684 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
685 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
686 skb_queue_head(&bcsp->rel, skb);
689 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
691 hci_uart_tx_wakeup(hu);
694 static int bcsp_open(struct hci_uart *hu)
696 struct bcsp_struct *bcsp;
700 bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
705 skb_queue_head_init(&bcsp->unack);
706 skb_queue_head_init(&bcsp->rel);
707 skb_queue_head_init(&bcsp->unrel);
709 init_timer(&bcsp->tbcsp);
710 bcsp->tbcsp.function = bcsp_timed_event;
711 bcsp->tbcsp.data = (u_long) hu;
713 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
721 static int bcsp_close(struct hci_uart *hu)
723 struct bcsp_struct *bcsp = hu->priv;
725 del_timer_sync(&bcsp->tbcsp);
731 skb_queue_purge(&bcsp->unack);
732 skb_queue_purge(&bcsp->rel);
733 skb_queue_purge(&bcsp->unrel);
736 kfree_skb(bcsp->rx_skb);
744 static const struct hci_uart_proto bcsp = {
749 .enqueue = bcsp_enqueue,
750 .dequeue = bcsp_dequeue,
755 int __init bcsp_init(void)
757 return hci_uart_register_proto(&bcsp);
760 int __exit bcsp_deinit(void)
762 return hci_uart_unregister_proto(&bcsp);
765 module_param(txcrc, bool, 0644);
766 MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
768 module_param(hciextn, bool, 0644);
769 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");
projects / releases.git / blob