3 * Bluetooth HCI UART driver
5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 #include <linux/module.h>
27 #include <linux/kernel.h>
28 #include <linux/init.h>
29 #include <linux/types.h>
30 #include <linux/fcntl.h>
31 #include <linux/interrupt.h>
32 #include <linux/ptrace.h>
33 #include <linux/poll.h>
35 #include <linux/slab.h>
36 #include <linux/tty.h>
37 #include <linux/errno.h>
38 #include <linux/string.h>
39 #include <linux/signal.h>
40 #include <linux/ioctl.h>
41 #include <linux/skbuff.h>
43 #include <net/bluetooth/bluetooth.h>
44 #include <net/bluetooth/hci_core.h>
48 #ifndef CONFIG_BT_HCIUART_DEBUG
50 #define BT_DBG( A... )
56 static int hciextn = 1;
58 #define BCSP_TXWINSIZE 4
60 #define BCSP_ACK_PKT 0x05
61 #define BCSP_LE_PKT 0x06
64 struct sk_buff_head unack; /* Unack'ed packets queue */
65 struct sk_buff_head rel; /* Reliable packets queue */
66 struct sk_buff_head unrel; /* Unreliable packets queue */
68 unsigned long rx_count;
69 struct sk_buff *rx_skb;
70 u8 rxseq_txack; /* rxseq == txack. */
71 u8 rxack; /* Last packet sent by us that the peer ack'ed */
72 struct timer_list tbcsp;
75 BCSP_W4_PKT_DELIMITER,
89 u8 txack_req; /* Do we need to send ack's to the peer? */
91 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
95 /* ---- BCSP CRC calculation ---- */
97 /* Table for calculating CRC for polynomial 0x1021, LSB processed first,
98 initial value 0xffff, bits shifted in reverse order. */
100 static const u16 crc_table[] = {
101 0x0000, 0x1081, 0x2102, 0x3183,
102 0x4204, 0x5285, 0x6306, 0x7387,
103 0x8408, 0x9489, 0xa50a, 0xb58b,
104 0xc60c, 0xd68d, 0xe70e, 0xf78f
107 /* Initialise the crc calculator */
108 #define BCSP_CRC_INIT(x) x = 0xffff
111 Update crc with next data byte
114 The data byte is treated as two nibbles. The crc is generated
115 in reverse, i.e., bits are fed into the register from the top.
117 static void bcsp_crc_update(u16 *crc, u8 d)
121 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
122 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
128 Get reverse of generated crc
131 The crc generator (bcsp_crc_init() and bcsp_crc_update())
132 creates a reversed crc, so it needs to be swapped back before
135 static u16 bcsp_crc_reverse(u16 crc)
139 for (b = 0, rev = 0; b < 16; b++) {
148 /* ---- BCSP core ---- */
150 static void bcsp_slip_msgdelim(struct sk_buff *skb)
152 const char pkt_delim = 0xc0;
154 memcpy(skb_put(skb, 1), &pkt_delim, 1);
157 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
159 const char esc_c0[2] = { 0xdb, 0xdc };
160 const char esc_db[2] = { 0xdb, 0xdd };
164 memcpy(skb_put(skb, 2), &esc_c0, 2);
167 memcpy(skb_put(skb, 2), &esc_db, 2);
170 memcpy(skb_put(skb, 1), &c, 1);
174 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
176 struct bcsp_struct *bcsp = hu->priv;
178 if (skb->len > 0xFFF) {
179 BT_ERR("Packet too long");
184 switch (bt_cb(skb)->pkt_type) {
185 case HCI_ACLDATA_PKT:
186 case HCI_COMMAND_PKT:
187 skb_queue_tail(&bcsp->rel, skb);
190 case HCI_SCODATA_PKT:
191 skb_queue_tail(&bcsp->unrel, skb);
195 BT_ERR("Unknown packet type");
203 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
204 int len, int pkt_type)
206 struct sk_buff *nskb;
208 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
212 case HCI_ACLDATA_PKT:
213 chan = 6; /* BCSP ACL channel */
214 rel = 1; /* reliable channel */
216 case HCI_COMMAND_PKT:
217 chan = 5; /* BCSP cmd/evt channel */
218 rel = 1; /* reliable channel */
220 case HCI_SCODATA_PKT:
221 chan = 7; /* BCSP SCO channel */
222 rel = 0; /* unreliable channel */
225 chan = 1; /* BCSP LE channel */
226 rel = 0; /* unreliable channel */
229 chan = 0; /* BCSP internal channel */
230 rel = 0; /* unreliable channel */
233 BT_ERR("Unknown packet type");
237 if (hciextn && chan == 5) {
238 struct hci_command_hdr *hdr = (struct hci_command_hdr *) data;
240 if (hci_opcode_ogf(__le16_to_cpu(hdr->opcode)) == OGF_VENDOR_CMD) {
241 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
242 if ((desc & 0xf0) == 0xc0) {
243 data += HCI_COMMAND_HDR_SIZE + 1;
244 len -= HCI_COMMAND_HDR_SIZE + 1;
250 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
251 (because bytes 0xc0 and 0xdb are escaped, worst case is
252 when the packet is all made of 0xc0 and 0xdb :) )
253 + 2 (0xc0 delimiters at start and end). */
255 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
259 bt_cb(nskb)->pkt_type = pkt_type;
261 bcsp_slip_msgdelim(nskb);
263 hdr[0] = bcsp->rxseq_txack << 3;
265 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
268 hdr[0] |= 0x80 + bcsp->msgq_txseq;
269 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
270 bcsp->msgq_txseq = ++(bcsp->msgq_txseq) & 0x07;
276 hdr[1] = ((len << 4) & 0xff) | chan;
278 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
280 /* Put BCSP header */
281 for (i = 0; i < 4; i++) {
282 bcsp_slip_one_byte(nskb, hdr[i]);
285 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
289 for (i = 0; i < len; i++) {
290 bcsp_slip_one_byte(nskb, data[i]);
293 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
298 bcsp_txmsg_crc = bcsp_crc_reverse(bcsp_txmsg_crc);
299 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
300 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
303 bcsp_slip_msgdelim(nskb);
307 /* This is a rewrite of pkt_avail in ABCSP */
308 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
310 struct bcsp_struct *bcsp = hu->priv;
314 /* First of all, check for unreliable messages in the queue,
315 since they have priority */
317 if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) {
318 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
323 skb_queue_head(&bcsp->unrel, skb);
324 BT_ERR("Could not dequeue pkt because alloc_skb failed");
328 /* Now, try to send a reliable pkt. We can only send a
329 reliable packet if the number of packets sent but not yet ack'ed
330 is < than the winsize */
332 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
334 if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) {
335 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
337 __skb_queue_tail(&bcsp->unack, skb);
338 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
339 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
342 skb_queue_head(&bcsp->rel, skb);
343 BT_ERR("Could not dequeue pkt because alloc_skb failed");
347 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
349 /* We could not send a reliable packet, either because there are
350 none or because there are too many unack'ed pkts. Did we receive
351 any packets we have not acknowledged yet ? */
353 if (bcsp->txack_req) {
354 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
356 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
360 /* We have nothing to send */
364 static int bcsp_flush(struct hci_uart *hu)
370 /* Remove ack'ed packets */
371 static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
375 int i, pkts_to_be_removed;
378 spin_lock_irqsave(&bcsp->unack.lock, flags);
380 pkts_to_be_removed = bcsp->unack.qlen;
381 seqno = bcsp->msgq_txseq;
383 while (pkts_to_be_removed) {
384 if (bcsp->rxack == seqno)
386 pkts_to_be_removed--;
387 seqno = (seqno - 1) & 0x07;
390 if (bcsp->rxack != seqno)
391 BT_ERR("Peer acked invalid packet");
393 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
394 pkts_to_be_removed, bcsp->unack.qlen, (seqno - 1) & 0x07);
396 for (i = 0, skb = ((struct sk_buff *) &bcsp->unack)->next; i < pkts_to_be_removed
397 && skb != (struct sk_buff *) &bcsp->unack; i++) {
398 struct sk_buff *nskb;
401 __skb_unlink(skb, &bcsp->unack);
406 if (bcsp->unack.qlen == 0)
407 del_timer(&bcsp->tbcsp);
409 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
411 if (i != pkts_to_be_removed)
412 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
415 /* Handle BCSP link-establishment packets. When we
416 detect a "sync" packet, symptom that the BT module has reset,
417 we do nothing :) (yet) */
418 static void bcsp_handle_le_pkt(struct hci_uart *hu)
420 struct bcsp_struct *bcsp = hu->priv;
421 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
422 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
423 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
425 /* spot "conf" pkts and reply with a "conf rsp" pkt */
426 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
427 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
428 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
430 BT_DBG("Found a LE conf pkt");
433 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
434 bt_cb(nskb)->pkt_type = BCSP_LE_PKT;
436 skb_queue_head(&bcsp->unrel, nskb);
437 hci_uart_tx_wakeup(hu);
439 /* Spot "sync" pkts. If we find one...disaster! */
440 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
441 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
442 BT_ERR("Found a LE sync pkt, card has reset");
446 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
448 const u8 c0 = 0xc0, db = 0xdb;
450 switch (bcsp->rx_esc_state) {
451 case BCSP_ESCSTATE_NOESC:
454 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
457 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
458 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
459 bcsp->rx_state != BCSP_W4_CRC)
460 bcsp_crc_update(&bcsp->message_crc, byte);
465 case BCSP_ESCSTATE_ESC:
468 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
469 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
470 bcsp->rx_state != BCSP_W4_CRC)
471 bcsp_crc_update(&bcsp-> message_crc, 0xc0);
472 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
477 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
478 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
479 bcsp->rx_state != BCSP_W4_CRC)
480 bcsp_crc_update(&bcsp-> message_crc, 0xdb);
481 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
486 BT_ERR ("Invalid byte %02x after esc byte", byte);
487 kfree_skb(bcsp->rx_skb);
489 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
495 static void bcsp_complete_rx_pkt(struct hci_uart *hu)
497 struct bcsp_struct *bcsp = hu->priv;
500 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
501 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
503 bcsp->rxseq_txack %= 0x8;
506 /* If needed, transmit an ack pkt */
507 hci_uart_tx_wakeup(hu);
510 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
511 BT_DBG("Request for pkt %u from card", bcsp->rxack);
514 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
515 bcsp->rx_skb->data[0] & 0x80) {
516 bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT;
518 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
519 bcsp->rx_skb->data[0] & 0x80) {
520 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
522 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
523 bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT;
525 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
526 !(bcsp->rx_skb->data[0] & 0x80)) {
527 bcsp_handle_le_pkt(hu);
533 struct hci_event_hdr hdr;
534 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
536 if (desc != 0 && desc != 1) {
539 skb_pull(bcsp->rx_skb, 4);
540 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
543 hdr.plen = bcsp->rx_skb->len;
544 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
545 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
547 hci_recv_frame(bcsp->rx_skb);
549 BT_ERR ("Packet for unknown channel (%u %s)",
550 bcsp->rx_skb->data[1] & 0x0f,
551 bcsp->rx_skb->data[0] & 0x80 ?
552 "reliable" : "unreliable");
553 kfree_skb(bcsp->rx_skb);
556 kfree_skb(bcsp->rx_skb);
558 /* Pull out BCSP hdr */
559 skb_pull(bcsp->rx_skb, 4);
561 hci_recv_frame(bcsp->rx_skb);
564 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
569 static int bcsp_recv(struct hci_uart *hu, void *data, int count)
571 struct bcsp_struct *bcsp = hu->priv;
572 register unsigned char *ptr;
574 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
575 hu, count, bcsp->rx_state, bcsp->rx_count);
579 if (bcsp->rx_count) {
581 BT_ERR("Short BCSP packet");
582 kfree_skb(bcsp->rx_skb);
583 bcsp->rx_state = BCSP_W4_PKT_START;
586 bcsp_unslip_one_byte(bcsp, *ptr);
592 switch (bcsp->rx_state) {
593 case BCSP_W4_BCSP_HDR:
594 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
595 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
596 BT_ERR("Error in BCSP hdr checksum");
597 kfree_skb(bcsp->rx_skb);
598 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
602 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */
603 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
604 BT_ERR ("Out-of-order packet arrived, got %u expected %u",
605 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
607 kfree_skb(bcsp->rx_skb);
608 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
612 bcsp->rx_state = BCSP_W4_DATA;
613 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
614 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
618 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
619 bcsp->rx_state = BCSP_W4_CRC;
622 bcsp_complete_rx_pkt(hu);
626 if (bcsp_crc_reverse(bcsp->message_crc) !=
627 (bcsp->rx_skb->data[bcsp->rx_skb->len - 2] << 8) +
628 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]) {
630 BT_ERR ("Checksum failed: computed %04x received %04x",
631 bcsp_crc_reverse(bcsp->message_crc),
632 (bcsp->rx_skb-> data[bcsp->rx_skb->len - 2] << 8) +
633 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]);
635 kfree_skb(bcsp->rx_skb);
636 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
640 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
641 bcsp_complete_rx_pkt(hu);
644 case BCSP_W4_PKT_DELIMITER:
647 bcsp->rx_state = BCSP_W4_PKT_START;
650 /*BT_ERR("Ignoring byte %02x", *ptr);*/
656 case BCSP_W4_PKT_START:
663 bcsp->rx_state = BCSP_W4_BCSP_HDR;
665 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
666 BCSP_CRC_INIT(bcsp->message_crc);
668 /* Do not increment ptr or decrement count
669 * Allocate packet. Max len of a BCSP pkt=
670 * 0xFFF (payload) +4 (header) +2 (crc) */
672 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
674 BT_ERR("Can't allocate mem for new packet");
675 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
679 bcsp->rx_skb->dev = (void *) hu->hdev;
688 /* Arrange to retransmit all messages in the relq. */
689 static void bcsp_timed_event(unsigned long arg)
691 struct hci_uart *hu = (struct hci_uart *) arg;
692 struct bcsp_struct *bcsp = hu->priv;
696 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
698 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
700 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
701 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
702 skb_queue_head(&bcsp->rel, skb);
705 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
707 hci_uart_tx_wakeup(hu);
710 static int bcsp_open(struct hci_uart *hu)
712 struct bcsp_struct *bcsp;
716 bcsp = kzalloc(sizeof(*bcsp), GFP_ATOMIC);
721 skb_queue_head_init(&bcsp->unack);
722 skb_queue_head_init(&bcsp->rel);
723 skb_queue_head_init(&bcsp->unrel);
725 init_timer(&bcsp->tbcsp);
726 bcsp->tbcsp.function = bcsp_timed_event;
727 bcsp->tbcsp.data = (u_long) hu;
729 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
737 static int bcsp_close(struct hci_uart *hu)
739 struct bcsp_struct *bcsp = hu->priv;
744 skb_queue_purge(&bcsp->unack);
745 skb_queue_purge(&bcsp->rel);
746 skb_queue_purge(&bcsp->unrel);
747 del_timer(&bcsp->tbcsp);
753 static struct hci_uart_proto bcsp = {
757 .enqueue = bcsp_enqueue,
758 .dequeue = bcsp_dequeue,
765 int err = hci_uart_register_proto(&bcsp);
768 BT_INFO("HCI BCSP protocol initialized");
770 BT_ERR("HCI BCSP protocol registration failed");
775 int bcsp_deinit(void)
777 return hci_uart_unregister_proto(&bcsp);
780 module_param(txcrc, bool, 0644);
781 MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
783 module_param(hciextn, bool, 0644);
784 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");
projects / linux-2.6 / blob