3 * Bluetooth HCI UART driver
5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 #include <linux/module.h>
27 #include <linux/kernel.h>
28 #include <linux/init.h>
29 #include <linux/sched.h>
30 #include <linux/types.h>
31 #include <linux/fcntl.h>
32 #include <linux/interrupt.h>
33 #include <linux/ptrace.h>
34 #include <linux/poll.h>
36 #include <linux/slab.h>
37 #include <linux/tty.h>
38 #include <linux/errno.h>
39 #include <linux/string.h>
40 #include <linux/signal.h>
41 #include <linux/ioctl.h>
42 #include <linux/skbuff.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
49 #ifndef CONFIG_BT_HCIUART_DEBUG
51 #define BT_DBG( A... )
57 static int hciextn = 1;
59 #define BCSP_TXWINSIZE 4
61 #define BCSP_ACK_PKT 0x05
62 #define BCSP_LE_PKT 0x06
65 struct sk_buff_head unack; /* Unack'ed packets queue */
66 struct sk_buff_head rel; /* Reliable packets queue */
67 struct sk_buff_head unrel; /* Unreliable packets queue */
69 unsigned long rx_count;
70 struct sk_buff *rx_skb;
71 u8 rxseq_txack; /* rxseq == txack. */
72 u8 rxack; /* Last packet sent by us that the peer ack'ed */
73 struct timer_list tbcsp;
76 BCSP_W4_PKT_DELIMITER,
90 u8 txack_req; /* Do we need to send ack's to the peer? */
92 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
96 /* ---- BCSP CRC calculation ---- */
98 /* Table for calculating CRC for polynomial 0x1021, LSB processed first,
99 initial value 0xffff, bits shifted in reverse order. */
101 static const u16 crc_table[] = {
102 0x0000, 0x1081, 0x2102, 0x3183,
103 0x4204, 0x5285, 0x6306, 0x7387,
104 0x8408, 0x9489, 0xa50a, 0xb58b,
105 0xc60c, 0xd68d, 0xe70e, 0xf78f
108 /* Initialise the crc calculator */
109 #define BCSP_CRC_INIT(x) x = 0xffff
112 Update crc with next data byte
115 The data byte is treated as two nibbles. The crc is generated
116 in reverse, i.e., bits are fed into the register from the top.
118 static void bcsp_crc_update(u16 *crc, u8 d)
122 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
123 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
129 Get reverse of generated crc
132 The crc generator (bcsp_crc_init() and bcsp_crc_update())
133 creates a reversed crc, so it needs to be swapped back before
136 static u16 bcsp_crc_reverse(u16 crc)
140 for (b = 0, rev = 0; b < 16; b++) {
149 /* ---- BCSP core ---- */
151 static void bcsp_slip_msgdelim(struct sk_buff *skb)
153 const char pkt_delim = 0xc0;
155 memcpy(skb_put(skb, 1), &pkt_delim, 1);
158 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
160 const char esc_c0[2] = { 0xdb, 0xdc };
161 const char esc_db[2] = { 0xdb, 0xdd };
165 memcpy(skb_put(skb, 2), &esc_c0, 2);
168 memcpy(skb_put(skb, 2), &esc_db, 2);
171 memcpy(skb_put(skb, 1), &c, 1);
175 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
177 struct bcsp_struct *bcsp = hu->priv;
179 if (skb->len > 0xFFF) {
180 BT_ERR("Packet too long");
185 switch (bt_cb(skb)->pkt_type) {
186 case HCI_ACLDATA_PKT:
187 case HCI_COMMAND_PKT:
188 skb_queue_tail(&bcsp->rel, skb);
191 case HCI_SCODATA_PKT:
192 skb_queue_tail(&bcsp->unrel, skb);
196 BT_ERR("Unknown packet type");
204 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
205 int len, int pkt_type)
207 struct sk_buff *nskb;
209 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
213 case HCI_ACLDATA_PKT:
214 chan = 6; /* BCSP ACL channel */
215 rel = 1; /* reliable channel */
217 case HCI_COMMAND_PKT:
218 chan = 5; /* BCSP cmd/evt channel */
219 rel = 1; /* reliable channel */
221 case HCI_SCODATA_PKT:
222 chan = 7; /* BCSP SCO channel */
223 rel = 0; /* unreliable channel */
226 chan = 1; /* BCSP LE channel */
227 rel = 0; /* unreliable channel */
230 chan = 0; /* BCSP internal channel */
231 rel = 0; /* unreliable channel */
234 BT_ERR("Unknown packet type");
238 if (hciextn && chan == 5) {
239 struct hci_command_hdr *hdr = (struct hci_command_hdr *) data;
241 if (hci_opcode_ogf(__le16_to_cpu(hdr->opcode)) == OGF_VENDOR_CMD) {
242 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
243 if ((desc & 0xf0) == 0xc0) {
244 data += HCI_COMMAND_HDR_SIZE + 1;
245 len -= HCI_COMMAND_HDR_SIZE + 1;
251 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
252 (because bytes 0xc0 and 0xdb are escaped, worst case is
253 when the packet is all made of 0xc0 and 0xdb :) )
254 + 2 (0xc0 delimiters at start and end). */
256 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
260 bt_cb(nskb)->pkt_type = pkt_type;
262 bcsp_slip_msgdelim(nskb);
264 hdr[0] = bcsp->rxseq_txack << 3;
266 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
269 hdr[0] |= 0x80 + bcsp->msgq_txseq;
270 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
271 bcsp->msgq_txseq = ++(bcsp->msgq_txseq) & 0x07;
277 hdr[1] = ((len << 4) & 0xff) | chan;
279 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
281 /* Put BCSP header */
282 for (i = 0; i < 4; i++) {
283 bcsp_slip_one_byte(nskb, hdr[i]);
286 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
290 for (i = 0; i < len; i++) {
291 bcsp_slip_one_byte(nskb, data[i]);
294 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
299 bcsp_txmsg_crc = bcsp_crc_reverse(bcsp_txmsg_crc);
300 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
301 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
304 bcsp_slip_msgdelim(nskb);
308 /* This is a rewrite of pkt_avail in ABCSP */
309 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
311 struct bcsp_struct *bcsp = hu->priv;
315 /* First of all, check for unreliable messages in the queue,
316 since they have priority */
318 if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) {
319 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
324 skb_queue_head(&bcsp->unrel, skb);
325 BT_ERR("Could not dequeue pkt because alloc_skb failed");
329 /* Now, try to send a reliable pkt. We can only send a
330 reliable packet if the number of packets sent but not yet ack'ed
331 is < than the winsize */
333 spin_lock_irqsave(&bcsp->unack.lock, flags);
335 if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) {
336 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
338 __skb_queue_tail(&bcsp->unack, skb);
339 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
340 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
343 skb_queue_head(&bcsp->rel, skb);
344 BT_ERR("Could not dequeue pkt because alloc_skb failed");
348 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
350 /* We could not send a reliable packet, either because there are
351 none or because there are too many unack'ed pkts. Did we receive
352 any packets we have not acknowledged yet ? */
354 if (bcsp->txack_req) {
355 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
357 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
361 /* We have nothing to send */
365 static int bcsp_flush(struct hci_uart *hu)
371 /* Remove ack'ed packets */
372 static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
376 int i, pkts_to_be_removed;
379 spin_lock_irqsave(&bcsp->unack.lock, flags);
381 pkts_to_be_removed = bcsp->unack.qlen;
382 seqno = bcsp->msgq_txseq;
384 while (pkts_to_be_removed) {
385 if (bcsp->rxack == seqno)
387 pkts_to_be_removed--;
388 seqno = (seqno - 1) & 0x07;
391 if (bcsp->rxack != seqno)
392 BT_ERR("Peer acked invalid packet");
394 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
395 pkts_to_be_removed, bcsp->unack.qlen, (seqno - 1) & 0x07);
397 for (i = 0, skb = ((struct sk_buff *) &bcsp->unack)->next; i < pkts_to_be_removed
398 && skb != (struct sk_buff *) &bcsp->unack; i++) {
399 struct sk_buff *nskb;
402 __skb_unlink(skb, &bcsp->unack);
407 if (bcsp->unack.qlen == 0)
408 del_timer(&bcsp->tbcsp);
410 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
412 if (i != pkts_to_be_removed)
413 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
416 /* Handle BCSP link-establishment packets. When we
417 detect a "sync" packet, symptom that the BT module has reset,
418 we do nothing :) (yet) */
419 static void bcsp_handle_le_pkt(struct hci_uart *hu)
421 struct bcsp_struct *bcsp = hu->priv;
422 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
423 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
424 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
426 /* spot "conf" pkts and reply with a "conf rsp" pkt */
427 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
428 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
429 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
431 BT_DBG("Found a LE conf pkt");
434 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
435 bt_cb(nskb)->pkt_type = BCSP_LE_PKT;
437 skb_queue_head(&bcsp->unrel, nskb);
438 hci_uart_tx_wakeup(hu);
440 /* Spot "sync" pkts. If we find one...disaster! */
441 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
442 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
443 BT_ERR("Found a LE sync pkt, card has reset");
447 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
449 const u8 c0 = 0xc0, db = 0xdb;
451 switch (bcsp->rx_esc_state) {
452 case BCSP_ESCSTATE_NOESC:
455 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
458 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
459 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
460 bcsp->rx_state != BCSP_W4_CRC)
461 bcsp_crc_update(&bcsp->message_crc, byte);
466 case BCSP_ESCSTATE_ESC:
469 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
470 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
471 bcsp->rx_state != BCSP_W4_CRC)
472 bcsp_crc_update(&bcsp-> message_crc, 0xc0);
473 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
478 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
479 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
480 bcsp->rx_state != BCSP_W4_CRC)
481 bcsp_crc_update(&bcsp-> message_crc, 0xdb);
482 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
487 BT_ERR ("Invalid byte %02x after esc byte", byte);
488 kfree_skb(bcsp->rx_skb);
490 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
496 static void bcsp_complete_rx_pkt(struct hci_uart *hu)
498 struct bcsp_struct *bcsp = hu->priv;
501 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
502 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
504 bcsp->rxseq_txack %= 0x8;
507 /* If needed, transmit an ack pkt */
508 hci_uart_tx_wakeup(hu);
511 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
512 BT_DBG("Request for pkt %u from card", bcsp->rxack);
515 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
516 bcsp->rx_skb->data[0] & 0x80) {
517 bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT;
519 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
520 bcsp->rx_skb->data[0] & 0x80) {
521 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
523 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
524 bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT;
526 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
527 !(bcsp->rx_skb->data[0] & 0x80)) {
528 bcsp_handle_le_pkt(hu);
534 struct hci_event_hdr hdr;
535 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
537 if (desc != 0 && desc != 1) {
540 skb_pull(bcsp->rx_skb, 4);
541 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
544 hdr.plen = bcsp->rx_skb->len;
545 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
546 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
548 hci_recv_frame(bcsp->rx_skb);
550 BT_ERR ("Packet for unknown channel (%u %s)",
551 bcsp->rx_skb->data[1] & 0x0f,
552 bcsp->rx_skb->data[0] & 0x80 ?
553 "reliable" : "unreliable");
554 kfree_skb(bcsp->rx_skb);
557 kfree_skb(bcsp->rx_skb);
559 /* Pull out BCSP hdr */
560 skb_pull(bcsp->rx_skb, 4);
562 hci_recv_frame(bcsp->rx_skb);
565 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
570 static int bcsp_recv(struct hci_uart *hu, void *data, int count)
572 struct bcsp_struct *bcsp = hu->priv;
573 register unsigned char *ptr;
575 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
576 hu, count, bcsp->rx_state, bcsp->rx_count);
580 if (bcsp->rx_count) {
582 BT_ERR("Short BCSP packet");
583 kfree_skb(bcsp->rx_skb);
584 bcsp->rx_state = BCSP_W4_PKT_START;
587 bcsp_unslip_one_byte(bcsp, *ptr);
593 switch (bcsp->rx_state) {
594 case BCSP_W4_BCSP_HDR:
595 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
596 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
597 BT_ERR("Error in BCSP hdr checksum");
598 kfree_skb(bcsp->rx_skb);
599 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
603 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */
604 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
605 BT_ERR ("Out-of-order packet arrived, got %u expected %u",
606 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
608 kfree_skb(bcsp->rx_skb);
609 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
613 bcsp->rx_state = BCSP_W4_DATA;
614 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
615 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
619 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
620 bcsp->rx_state = BCSP_W4_CRC;
623 bcsp_complete_rx_pkt(hu);
627 if (bcsp_crc_reverse(bcsp->message_crc) !=
628 (bcsp->rx_skb->data[bcsp->rx_skb->len - 2] << 8) +
629 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]) {
631 BT_ERR ("Checksum failed: computed %04x received %04x",
632 bcsp_crc_reverse(bcsp->message_crc),
633 (bcsp->rx_skb-> data[bcsp->rx_skb->len - 2] << 8) +
634 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]);
636 kfree_skb(bcsp->rx_skb);
637 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
641 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
642 bcsp_complete_rx_pkt(hu);
645 case BCSP_W4_PKT_DELIMITER:
648 bcsp->rx_state = BCSP_W4_PKT_START;
651 /*BT_ERR("Ignoring byte %02x", *ptr);*/
657 case BCSP_W4_PKT_START:
664 bcsp->rx_state = BCSP_W4_BCSP_HDR;
666 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
667 BCSP_CRC_INIT(bcsp->message_crc);
669 /* Do not increment ptr or decrement count
670 * Allocate packet. Max len of a BCSP pkt=
671 * 0xFFF (payload) +4 (header) +2 (crc) */
673 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
675 BT_ERR("Can't allocate mem for new packet");
676 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
680 bcsp->rx_skb->dev = (void *) hu->hdev;
689 /* Arrange to retransmit all messages in the relq. */
690 static void bcsp_timed_event(unsigned long arg)
692 struct hci_uart *hu = (struct hci_uart *) arg;
693 struct bcsp_struct *bcsp = hu->priv;
697 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
699 spin_lock_irqsave(&bcsp->unack.lock, flags);
701 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
702 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
703 skb_queue_head(&bcsp->rel, skb);
706 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
708 hci_uart_tx_wakeup(hu);
711 static int bcsp_open(struct hci_uart *hu)
713 struct bcsp_struct *bcsp;
717 bcsp = kzalloc(sizeof(*bcsp), GFP_ATOMIC);
722 skb_queue_head_init(&bcsp->unack);
723 skb_queue_head_init(&bcsp->rel);
724 skb_queue_head_init(&bcsp->unrel);
726 init_timer(&bcsp->tbcsp);
727 bcsp->tbcsp.function = bcsp_timed_event;
728 bcsp->tbcsp.data = (u_long) hu;
730 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
738 static int bcsp_close(struct hci_uart *hu)
740 struct bcsp_struct *bcsp = hu->priv;
745 skb_queue_purge(&bcsp->unack);
746 skb_queue_purge(&bcsp->rel);
747 skb_queue_purge(&bcsp->unrel);
748 del_timer(&bcsp->tbcsp);
754 static struct hci_uart_proto bcsp = {
758 .enqueue = bcsp_enqueue,
759 .dequeue = bcsp_dequeue,
766 int err = hci_uart_register_proto(&bcsp);
769 BT_INFO("HCI BCSP protocol initialized");
771 BT_ERR("HCI BCSP protocol registration failed");
776 int bcsp_deinit(void)
778 return hci_uart_unregister_proto(&bcsp);
781 module_param(txcrc, bool, 0644);
782 MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
784 module_param(hciextn, bool, 0644);
785 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");