3 * Bluetooth HCI UART driver
5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 #include <linux/config.h>
26 #include <linux/module.h>
28 #include <linux/kernel.h>
29 #include <linux/init.h>
30 #include <linux/sched.h>
31 #include <linux/types.h>
32 #include <linux/fcntl.h>
33 #include <linux/interrupt.h>
34 #include <linux/ptrace.h>
35 #include <linux/poll.h>
37 #include <linux/slab.h>
38 #include <linux/tty.h>
39 #include <linux/errno.h>
40 #include <linux/string.h>
41 #include <linux/signal.h>
42 #include <linux/ioctl.h>
43 #include <linux/skbuff.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
50 #ifndef CONFIG_BT_HCIUART_DEBUG
52 #define BT_DBG( A... )
58 static int hciextn = 1;
60 #define BCSP_TXWINSIZE 4
62 #define BCSP_ACK_PKT 0x05
63 #define BCSP_LE_PKT 0x06
66 struct sk_buff_head unack; /* Unack'ed packets queue */
67 struct sk_buff_head rel; /* Reliable packets queue */
68 struct sk_buff_head unrel; /* Unreliable packets queue */
70 unsigned long rx_count;
71 struct sk_buff *rx_skb;
72 u8 rxseq_txack; /* rxseq == txack. */
73 u8 rxack; /* Last packet sent by us that the peer ack'ed */
74 struct timer_list tbcsp;
77 BCSP_W4_PKT_DELIMITER,
91 u8 txack_req; /* Do we need to send ack's to the peer? */
93 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
97 /* ---- BCSP CRC calculation ---- */
99 /* Table for calculating CRC for polynomial 0x1021, LSB processed first,
100 initial value 0xffff, bits shifted in reverse order. */
102 static const u16 crc_table[] = {
103 0x0000, 0x1081, 0x2102, 0x3183,
104 0x4204, 0x5285, 0x6306, 0x7387,
105 0x8408, 0x9489, 0xa50a, 0xb58b,
106 0xc60c, 0xd68d, 0xe70e, 0xf78f
109 /* Initialise the crc calculator */
110 #define BCSP_CRC_INIT(x) x = 0xffff
113 Update crc with next data byte
116 The data byte is treated as two nibbles. The crc is generated
117 in reverse, i.e., bits are fed into the register from the top.
119 static void bcsp_crc_update(u16 *crc, u8 d)
123 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
124 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
130 Get reverse of generated crc
133 The crc generator (bcsp_crc_init() and bcsp_crc_update())
134 creates a reversed crc, so it needs to be swapped back before
137 static u16 bcsp_crc_reverse(u16 crc)
141 for (b = 0, rev = 0; b < 16; b++) {
150 /* ---- BCSP core ---- */
152 static void bcsp_slip_msgdelim(struct sk_buff *skb)
154 const char pkt_delim = 0xc0;
156 memcpy(skb_put(skb, 1), &pkt_delim, 1);
159 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
161 const char esc_c0[2] = { 0xdb, 0xdc };
162 const char esc_db[2] = { 0xdb, 0xdd };
166 memcpy(skb_put(skb, 2), &esc_c0, 2);
169 memcpy(skb_put(skb, 2), &esc_db, 2);
172 memcpy(skb_put(skb, 1), &c, 1);
176 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
178 struct bcsp_struct *bcsp = hu->priv;
180 if (skb->len > 0xFFF) {
181 BT_ERR("Packet too long");
186 switch (bt_cb(skb)->pkt_type) {
187 case HCI_ACLDATA_PKT:
188 case HCI_COMMAND_PKT:
189 skb_queue_tail(&bcsp->rel, skb);
192 case HCI_SCODATA_PKT:
193 skb_queue_tail(&bcsp->unrel, skb);
197 BT_ERR("Unknown packet type");
205 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
206 int len, int pkt_type)
208 struct sk_buff *nskb;
210 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
214 case HCI_ACLDATA_PKT:
215 chan = 6; /* BCSP ACL channel */
216 rel = 1; /* reliable channel */
218 case HCI_COMMAND_PKT:
219 chan = 5; /* BCSP cmd/evt channel */
220 rel = 1; /* reliable channel */
222 case HCI_SCODATA_PKT:
223 chan = 7; /* BCSP SCO channel */
224 rel = 0; /* unreliable channel */
227 chan = 1; /* BCSP LE channel */
228 rel = 0; /* unreliable channel */
231 chan = 0; /* BCSP internal channel */
232 rel = 0; /* unreliable channel */
235 BT_ERR("Unknown packet type");
239 if (hciextn && chan == 5) {
240 struct hci_command_hdr *hdr = (struct hci_command_hdr *) data;
242 if (hci_opcode_ogf(__le16_to_cpu(hdr->opcode)) == OGF_VENDOR_CMD) {
243 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
244 if ((desc & 0xf0) == 0xc0) {
245 data += HCI_COMMAND_HDR_SIZE + 1;
246 len -= HCI_COMMAND_HDR_SIZE + 1;
252 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
253 (because bytes 0xc0 and 0xdb are escaped, worst case is
254 when the packet is all made of 0xc0 and 0xdb :) )
255 + 2 (0xc0 delimiters at start and end). */
257 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
261 bt_cb(nskb)->pkt_type = pkt_type;
263 bcsp_slip_msgdelim(nskb);
265 hdr[0] = bcsp->rxseq_txack << 3;
267 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
270 hdr[0] |= 0x80 + bcsp->msgq_txseq;
271 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
272 bcsp->msgq_txseq = ++(bcsp->msgq_txseq) & 0x07;
278 hdr[1] = ((len << 4) & 0xff) | chan;
280 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
282 /* Put BCSP header */
283 for (i = 0; i < 4; i++) {
284 bcsp_slip_one_byte(nskb, hdr[i]);
287 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
291 for (i = 0; i < len; i++) {
292 bcsp_slip_one_byte(nskb, data[i]);
295 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
300 bcsp_txmsg_crc = bcsp_crc_reverse(bcsp_txmsg_crc);
301 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
302 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
305 bcsp_slip_msgdelim(nskb);
309 /* This is a rewrite of pkt_avail in ABCSP */
310 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
312 struct bcsp_struct *bcsp = hu->priv;
316 /* First of all, check for unreliable messages in the queue,
317 since they have priority */
319 if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) {
320 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
325 skb_queue_head(&bcsp->unrel, skb);
326 BT_ERR("Could not dequeue pkt because alloc_skb failed");
330 /* Now, try to send a reliable pkt. We can only send a
331 reliable packet if the number of packets sent but not yet ack'ed
332 is < than the winsize */
334 spin_lock_irqsave(&bcsp->unack.lock, flags);
336 if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) {
337 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
339 __skb_queue_tail(&bcsp->unack, skb);
340 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
341 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
344 skb_queue_head(&bcsp->rel, skb);
345 BT_ERR("Could not dequeue pkt because alloc_skb failed");
349 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
351 /* We could not send a reliable packet, either because there are
352 none or because there are too many unack'ed pkts. Did we receive
353 any packets we have not acknowledged yet ? */
355 if (bcsp->txack_req) {
356 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
358 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
362 /* We have nothing to send */
366 static int bcsp_flush(struct hci_uart *hu)
372 /* Remove ack'ed packets */
373 static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
377 int i, pkts_to_be_removed;
380 spin_lock_irqsave(&bcsp->unack.lock, flags);
382 pkts_to_be_removed = bcsp->unack.qlen;
383 seqno = bcsp->msgq_txseq;
385 while (pkts_to_be_removed) {
386 if (bcsp->rxack == seqno)
388 pkts_to_be_removed--;
389 seqno = (seqno - 1) & 0x07;
392 if (bcsp->rxack != seqno)
393 BT_ERR("Peer acked invalid packet");
395 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
396 pkts_to_be_removed, bcsp->unack.qlen, (seqno - 1) & 0x07);
398 for (i = 0, skb = ((struct sk_buff *) &bcsp->unack)->next; i < pkts_to_be_removed
399 && skb != (struct sk_buff *) &bcsp->unack; i++) {
400 struct sk_buff *nskb;
403 __skb_unlink(skb, &bcsp->unack);
408 if (bcsp->unack.qlen == 0)
409 del_timer(&bcsp->tbcsp);
411 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
413 if (i != pkts_to_be_removed)
414 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
417 /* Handle BCSP link-establishment packets. When we
418 detect a "sync" packet, symptom that the BT module has reset,
419 we do nothing :) (yet) */
420 static void bcsp_handle_le_pkt(struct hci_uart *hu)
422 struct bcsp_struct *bcsp = hu->priv;
423 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
424 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
425 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
427 /* spot "conf" pkts and reply with a "conf rsp" pkt */
428 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
429 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
430 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
432 BT_DBG("Found a LE conf pkt");
435 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
436 bt_cb(nskb)->pkt_type = BCSP_LE_PKT;
438 skb_queue_head(&bcsp->unrel, nskb);
439 hci_uart_tx_wakeup(hu);
441 /* Spot "sync" pkts. If we find one...disaster! */
442 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
443 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
444 BT_ERR("Found a LE sync pkt, card has reset");
448 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
450 const u8 c0 = 0xc0, db = 0xdb;
452 switch (bcsp->rx_esc_state) {
453 case BCSP_ESCSTATE_NOESC:
456 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
459 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
460 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
461 bcsp->rx_state != BCSP_W4_CRC)
462 bcsp_crc_update(&bcsp->message_crc, byte);
467 case BCSP_ESCSTATE_ESC:
470 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
471 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
472 bcsp->rx_state != BCSP_W4_CRC)
473 bcsp_crc_update(&bcsp-> message_crc, 0xc0);
474 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
479 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
480 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
481 bcsp->rx_state != BCSP_W4_CRC)
482 bcsp_crc_update(&bcsp-> message_crc, 0xdb);
483 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
488 BT_ERR ("Invalid byte %02x after esc byte", byte);
489 kfree_skb(bcsp->rx_skb);
491 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
497 static inline void bcsp_complete_rx_pkt(struct hci_uart *hu)
499 struct bcsp_struct *bcsp = hu->priv;
502 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
503 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
505 bcsp->rxseq_txack %= 0x8;
508 /* If needed, transmit an ack pkt */
509 hci_uart_tx_wakeup(hu);
512 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
513 BT_DBG("Request for pkt %u from card", bcsp->rxack);
516 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
517 bcsp->rx_skb->data[0] & 0x80) {
518 bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT;
520 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
521 bcsp->rx_skb->data[0] & 0x80) {
522 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
524 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
525 bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT;
527 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
528 !(bcsp->rx_skb->data[0] & 0x80)) {
529 bcsp_handle_le_pkt(hu);
535 struct hci_event_hdr hdr;
536 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
538 if (desc != 0 && desc != 1) {
541 skb_pull(bcsp->rx_skb, 4);
542 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
545 hdr.plen = bcsp->rx_skb->len;
546 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
547 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
549 hci_recv_frame(bcsp->rx_skb);
551 BT_ERR ("Packet for unknown channel (%u %s)",
552 bcsp->rx_skb->data[1] & 0x0f,
553 bcsp->rx_skb->data[0] & 0x80 ?
554 "reliable" : "unreliable");
555 kfree_skb(bcsp->rx_skb);
558 kfree_skb(bcsp->rx_skb);
560 /* Pull out BCSP hdr */
561 skb_pull(bcsp->rx_skb, 4);
563 hci_recv_frame(bcsp->rx_skb);
566 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
571 static int bcsp_recv(struct hci_uart *hu, void *data, int count)
573 struct bcsp_struct *bcsp = hu->priv;
574 register unsigned char *ptr;
576 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
577 hu, count, bcsp->rx_state, bcsp->rx_count);
581 if (bcsp->rx_count) {
583 BT_ERR("Short BCSP packet");
584 kfree_skb(bcsp->rx_skb);
585 bcsp->rx_state = BCSP_W4_PKT_START;
588 bcsp_unslip_one_byte(bcsp, *ptr);
594 switch (bcsp->rx_state) {
595 case BCSP_W4_BCSP_HDR:
596 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
597 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
598 BT_ERR("Error in BCSP hdr checksum");
599 kfree_skb(bcsp->rx_skb);
600 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
604 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */
605 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
606 BT_ERR ("Out-of-order packet arrived, got %u expected %u",
607 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
609 kfree_skb(bcsp->rx_skb);
610 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
614 bcsp->rx_state = BCSP_W4_DATA;
615 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
616 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
620 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
621 bcsp->rx_state = BCSP_W4_CRC;
624 bcsp_complete_rx_pkt(hu);
628 if (bcsp_crc_reverse(bcsp->message_crc) !=
629 (bcsp->rx_skb->data[bcsp->rx_skb->len - 2] << 8) +
630 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]) {
632 BT_ERR ("Checksum failed: computed %04x received %04x",
633 bcsp_crc_reverse(bcsp->message_crc),
634 (bcsp->rx_skb-> data[bcsp->rx_skb->len - 2] << 8) +
635 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]);
637 kfree_skb(bcsp->rx_skb);
638 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
642 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
643 bcsp_complete_rx_pkt(hu);
646 case BCSP_W4_PKT_DELIMITER:
649 bcsp->rx_state = BCSP_W4_PKT_START;
652 /*BT_ERR("Ignoring byte %02x", *ptr);*/
658 case BCSP_W4_PKT_START:
665 bcsp->rx_state = BCSP_W4_BCSP_HDR;
667 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
668 BCSP_CRC_INIT(bcsp->message_crc);
670 /* Do not increment ptr or decrement count
671 * Allocate packet. Max len of a BCSP pkt=
672 * 0xFFF (payload) +4 (header) +2 (crc) */
674 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
676 BT_ERR("Can't allocate mem for new packet");
677 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
681 bcsp->rx_skb->dev = (void *) hu->hdev;
690 /* Arrange to retransmit all messages in the relq. */
691 static void bcsp_timed_event(unsigned long arg)
693 struct hci_uart *hu = (struct hci_uart *) arg;
694 struct bcsp_struct *bcsp = hu->priv;
698 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
700 spin_lock_irqsave(&bcsp->unack.lock, flags);
702 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
703 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
704 skb_queue_head(&bcsp->rel, skb);
707 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
709 hci_uart_tx_wakeup(hu);
712 static int bcsp_open(struct hci_uart *hu)
714 struct bcsp_struct *bcsp;
718 bcsp = kmalloc(sizeof(*bcsp), GFP_ATOMIC);
721 memset(bcsp, 0, sizeof(*bcsp));
724 skb_queue_head_init(&bcsp->unack);
725 skb_queue_head_init(&bcsp->rel);
726 skb_queue_head_init(&bcsp->unrel);
728 init_timer(&bcsp->tbcsp);
729 bcsp->tbcsp.function = bcsp_timed_event;
730 bcsp->tbcsp.data = (u_long) hu;
732 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
740 static int bcsp_close(struct hci_uart *hu)
742 struct bcsp_struct *bcsp = hu->priv;
747 skb_queue_purge(&bcsp->unack);
748 skb_queue_purge(&bcsp->rel);
749 skb_queue_purge(&bcsp->unrel);
750 del_timer(&bcsp->tbcsp);
756 static struct hci_uart_proto bcsp = {
760 .enqueue = bcsp_enqueue,
761 .dequeue = bcsp_dequeue,
768 int err = hci_uart_register_proto(&bcsp);
771 BT_INFO("HCI BCSP protocol initialized");
773 BT_ERR("HCI BCSP protocol registration failed");
778 int bcsp_deinit(void)
780 return hci_uart_unregister_proto(&bcsp);
783 module_param(txcrc, bool, 0644);
784 MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
786 module_param(hciextn, bool, 0644);
787 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");