3 * Bluetooth HCI UART driver
5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 #include <linux/module.h>
27 #include <linux/kernel.h>
28 #include <linux/init.h>
29 #include <linux/types.h>
30 #include <linux/fcntl.h>
31 #include <linux/interrupt.h>
32 #include <linux/ptrace.h>
33 #include <linux/poll.h>
35 #include <linux/slab.h>
36 #include <linux/tty.h>
37 #include <linux/errno.h>
38 #include <linux/string.h>
39 #include <linux/signal.h>
40 #include <linux/ioctl.h>
41 #include <linux/skbuff.h>
42 #include <linux/bitrev.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
50 #ifndef CONFIG_BT_HCIUART_DEBUG
52 #define BT_DBG( A... )
58 static int hciextn = 1;
60 #define BCSP_TXWINSIZE 4
62 #define BCSP_ACK_PKT 0x05
63 #define BCSP_LE_PKT 0x06
66 struct sk_buff_head unack; /* Unack'ed packets queue */
67 struct sk_buff_head rel; /* Reliable packets queue */
68 struct sk_buff_head unrel; /* Unreliable packets queue */
70 unsigned long rx_count;
71 struct sk_buff *rx_skb;
72 u8 rxseq_txack; /* rxseq == txack. */
73 u8 rxack; /* Last packet sent by us that the peer ack'ed */
74 struct timer_list tbcsp;
77 BCSP_W4_PKT_DELIMITER,
91 u8 txack_req; /* Do we need to send ack's to the peer? */
93 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
97 /* ---- BCSP CRC calculation ---- */
99 /* Table for calculating CRC for polynomial 0x1021, LSB processed first,
100 initial value 0xffff, bits shifted in reverse order. */
102 static const u16 crc_table[] = {
103 0x0000, 0x1081, 0x2102, 0x3183,
104 0x4204, 0x5285, 0x6306, 0x7387,
105 0x8408, 0x9489, 0xa50a, 0xb58b,
106 0xc60c, 0xd68d, 0xe70e, 0xf78f
109 /* Initialise the crc calculator */
110 #define BCSP_CRC_INIT(x) x = 0xffff
113 Update crc with next data byte
116 The data byte is treated as two nibbles. The crc is generated
117 in reverse, i.e., bits are fed into the register from the top.
119 static void bcsp_crc_update(u16 *crc, u8 d)
123 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
124 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
129 /* ---- BCSP core ---- */
131 static void bcsp_slip_msgdelim(struct sk_buff *skb)
133 const char pkt_delim = 0xc0;
135 memcpy(skb_put(skb, 1), &pkt_delim, 1);
138 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
140 const char esc_c0[2] = { 0xdb, 0xdc };
141 const char esc_db[2] = { 0xdb, 0xdd };
145 memcpy(skb_put(skb, 2), &esc_c0, 2);
148 memcpy(skb_put(skb, 2), &esc_db, 2);
151 memcpy(skb_put(skb, 1), &c, 1);
155 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
157 struct bcsp_struct *bcsp = hu->priv;
159 if (skb->len > 0xFFF) {
160 BT_ERR("Packet too long");
165 switch (bt_cb(skb)->pkt_type) {
166 case HCI_ACLDATA_PKT:
167 case HCI_COMMAND_PKT:
168 skb_queue_tail(&bcsp->rel, skb);
171 case HCI_SCODATA_PKT:
172 skb_queue_tail(&bcsp->unrel, skb);
176 BT_ERR("Unknown packet type");
184 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
185 int len, int pkt_type)
187 struct sk_buff *nskb;
189 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
193 case HCI_ACLDATA_PKT:
194 chan = 6; /* BCSP ACL channel */
195 rel = 1; /* reliable channel */
197 case HCI_COMMAND_PKT:
198 chan = 5; /* BCSP cmd/evt channel */
199 rel = 1; /* reliable channel */
201 case HCI_SCODATA_PKT:
202 chan = 7; /* BCSP SCO channel */
203 rel = 0; /* unreliable channel */
206 chan = 1; /* BCSP LE channel */
207 rel = 0; /* unreliable channel */
210 chan = 0; /* BCSP internal channel */
211 rel = 0; /* unreliable channel */
214 BT_ERR("Unknown packet type");
218 if (hciextn && chan == 5) {
219 __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
221 /* Vendor specific commands */
222 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
223 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
224 if ((desc & 0xf0) == 0xc0) {
225 data += HCI_COMMAND_HDR_SIZE + 1;
226 len -= HCI_COMMAND_HDR_SIZE + 1;
232 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
233 (because bytes 0xc0 and 0xdb are escaped, worst case is
234 when the packet is all made of 0xc0 and 0xdb :) )
235 + 2 (0xc0 delimiters at start and end). */
237 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
241 bt_cb(nskb)->pkt_type = pkt_type;
243 bcsp_slip_msgdelim(nskb);
245 hdr[0] = bcsp->rxseq_txack << 3;
247 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
250 hdr[0] |= 0x80 + bcsp->msgq_txseq;
251 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
252 bcsp->msgq_txseq = ++(bcsp->msgq_txseq) & 0x07;
258 hdr[1] = ((len << 4) & 0xff) | chan;
260 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
262 /* Put BCSP header */
263 for (i = 0; i < 4; i++) {
264 bcsp_slip_one_byte(nskb, hdr[i]);
267 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
271 for (i = 0; i < len; i++) {
272 bcsp_slip_one_byte(nskb, data[i]);
275 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
280 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
281 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
282 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
285 bcsp_slip_msgdelim(nskb);
289 /* This is a rewrite of pkt_avail in ABCSP */
290 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
292 struct bcsp_struct *bcsp = hu->priv;
296 /* First of all, check for unreliable messages in the queue,
297 since they have priority */
299 if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) {
300 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
305 skb_queue_head(&bcsp->unrel, skb);
306 BT_ERR("Could not dequeue pkt because alloc_skb failed");
310 /* Now, try to send a reliable pkt. We can only send a
311 reliable packet if the number of packets sent but not yet ack'ed
312 is < than the winsize */
314 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
316 if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) {
317 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
319 __skb_queue_tail(&bcsp->unack, skb);
320 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
321 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
324 skb_queue_head(&bcsp->rel, skb);
325 BT_ERR("Could not dequeue pkt because alloc_skb failed");
329 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
331 /* We could not send a reliable packet, either because there are
332 none or because there are too many unack'ed pkts. Did we receive
333 any packets we have not acknowledged yet ? */
335 if (bcsp->txack_req) {
336 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
338 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
342 /* We have nothing to send */
346 static int bcsp_flush(struct hci_uart *hu)
352 /* Remove ack'ed packets */
353 static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
357 int i, pkts_to_be_removed;
360 spin_lock_irqsave(&bcsp->unack.lock, flags);
362 pkts_to_be_removed = bcsp->unack.qlen;
363 seqno = bcsp->msgq_txseq;
365 while (pkts_to_be_removed) {
366 if (bcsp->rxack == seqno)
368 pkts_to_be_removed--;
369 seqno = (seqno - 1) & 0x07;
372 if (bcsp->rxack != seqno)
373 BT_ERR("Peer acked invalid packet");
375 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
376 pkts_to_be_removed, bcsp->unack.qlen, (seqno - 1) & 0x07);
378 for (i = 0, skb = ((struct sk_buff *) &bcsp->unack)->next; i < pkts_to_be_removed
379 && skb != (struct sk_buff *) &bcsp->unack; i++) {
380 struct sk_buff *nskb;
383 __skb_unlink(skb, &bcsp->unack);
388 if (bcsp->unack.qlen == 0)
389 del_timer(&bcsp->tbcsp);
391 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
393 if (i != pkts_to_be_removed)
394 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
397 /* Handle BCSP link-establishment packets. When we
398 detect a "sync" packet, symptom that the BT module has reset,
399 we do nothing :) (yet) */
400 static void bcsp_handle_le_pkt(struct hci_uart *hu)
402 struct bcsp_struct *bcsp = hu->priv;
403 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
404 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
405 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
407 /* spot "conf" pkts and reply with a "conf rsp" pkt */
408 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
409 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
410 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
412 BT_DBG("Found a LE conf pkt");
415 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
416 bt_cb(nskb)->pkt_type = BCSP_LE_PKT;
418 skb_queue_head(&bcsp->unrel, nskb);
419 hci_uart_tx_wakeup(hu);
421 /* Spot "sync" pkts. If we find one...disaster! */
422 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
423 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
424 BT_ERR("Found a LE sync pkt, card has reset");
428 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
430 const u8 c0 = 0xc0, db = 0xdb;
432 switch (bcsp->rx_esc_state) {
433 case BCSP_ESCSTATE_NOESC:
436 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
439 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
440 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
441 bcsp->rx_state != BCSP_W4_CRC)
442 bcsp_crc_update(&bcsp->message_crc, byte);
447 case BCSP_ESCSTATE_ESC:
450 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
451 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
452 bcsp->rx_state != BCSP_W4_CRC)
453 bcsp_crc_update(&bcsp-> message_crc, 0xc0);
454 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
459 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
460 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
461 bcsp->rx_state != BCSP_W4_CRC)
462 bcsp_crc_update(&bcsp-> message_crc, 0xdb);
463 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
468 BT_ERR ("Invalid byte %02x after esc byte", byte);
469 kfree_skb(bcsp->rx_skb);
471 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
477 static void bcsp_complete_rx_pkt(struct hci_uart *hu)
479 struct bcsp_struct *bcsp = hu->priv;
482 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
483 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
485 bcsp->rxseq_txack %= 0x8;
488 /* If needed, transmit an ack pkt */
489 hci_uart_tx_wakeup(hu);
492 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
493 BT_DBG("Request for pkt %u from card", bcsp->rxack);
496 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
497 bcsp->rx_skb->data[0] & 0x80) {
498 bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT;
500 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
501 bcsp->rx_skb->data[0] & 0x80) {
502 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
504 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
505 bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT;
507 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
508 !(bcsp->rx_skb->data[0] & 0x80)) {
509 bcsp_handle_le_pkt(hu);
515 struct hci_event_hdr hdr;
516 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
518 if (desc != 0 && desc != 1) {
521 skb_pull(bcsp->rx_skb, 4);
522 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
525 hdr.plen = bcsp->rx_skb->len;
526 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
527 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
529 hci_recv_frame(bcsp->rx_skb);
531 BT_ERR ("Packet for unknown channel (%u %s)",
532 bcsp->rx_skb->data[1] & 0x0f,
533 bcsp->rx_skb->data[0] & 0x80 ?
534 "reliable" : "unreliable");
535 kfree_skb(bcsp->rx_skb);
538 kfree_skb(bcsp->rx_skb);
540 /* Pull out BCSP hdr */
541 skb_pull(bcsp->rx_skb, 4);
543 hci_recv_frame(bcsp->rx_skb);
546 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
550 static u16 bscp_get_crc(struct bcsp_struct *bcsp)
552 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
556 static int bcsp_recv(struct hci_uart *hu, void *data, int count)
558 struct bcsp_struct *bcsp = hu->priv;
559 register unsigned char *ptr;
561 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
562 hu, count, bcsp->rx_state, bcsp->rx_count);
566 if (bcsp->rx_count) {
568 BT_ERR("Short BCSP packet");
569 kfree_skb(bcsp->rx_skb);
570 bcsp->rx_state = BCSP_W4_PKT_START;
573 bcsp_unslip_one_byte(bcsp, *ptr);
579 switch (bcsp->rx_state) {
580 case BCSP_W4_BCSP_HDR:
581 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
582 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
583 BT_ERR("Error in BCSP hdr checksum");
584 kfree_skb(bcsp->rx_skb);
585 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
589 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */
590 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
591 BT_ERR ("Out-of-order packet arrived, got %u expected %u",
592 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
594 kfree_skb(bcsp->rx_skb);
595 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
599 bcsp->rx_state = BCSP_W4_DATA;
600 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
601 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
605 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
606 bcsp->rx_state = BCSP_W4_CRC;
609 bcsp_complete_rx_pkt(hu);
613 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
614 BT_ERR ("Checksum failed: computed %04x received %04x",
615 bitrev16(bcsp->message_crc),
618 kfree_skb(bcsp->rx_skb);
619 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
623 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
624 bcsp_complete_rx_pkt(hu);
627 case BCSP_W4_PKT_DELIMITER:
630 bcsp->rx_state = BCSP_W4_PKT_START;
633 /*BT_ERR("Ignoring byte %02x", *ptr);*/
639 case BCSP_W4_PKT_START:
646 bcsp->rx_state = BCSP_W4_BCSP_HDR;
648 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
649 BCSP_CRC_INIT(bcsp->message_crc);
651 /* Do not increment ptr or decrement count
652 * Allocate packet. Max len of a BCSP pkt=
653 * 0xFFF (payload) +4 (header) +2 (crc) */
655 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
657 BT_ERR("Can't allocate mem for new packet");
658 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
662 bcsp->rx_skb->dev = (void *) hu->hdev;
671 /* Arrange to retransmit all messages in the relq. */
672 static void bcsp_timed_event(unsigned long arg)
674 struct hci_uart *hu = (struct hci_uart *) arg;
675 struct bcsp_struct *bcsp = hu->priv;
679 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
681 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
683 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
684 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
685 skb_queue_head(&bcsp->rel, skb);
688 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
690 hci_uart_tx_wakeup(hu);
693 static int bcsp_open(struct hci_uart *hu)
695 struct bcsp_struct *bcsp;
699 bcsp = kzalloc(sizeof(*bcsp), GFP_ATOMIC);
704 skb_queue_head_init(&bcsp->unack);
705 skb_queue_head_init(&bcsp->rel);
706 skb_queue_head_init(&bcsp->unrel);
708 init_timer(&bcsp->tbcsp);
709 bcsp->tbcsp.function = bcsp_timed_event;
710 bcsp->tbcsp.data = (u_long) hu;
712 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
720 static int bcsp_close(struct hci_uart *hu)
722 struct bcsp_struct *bcsp = hu->priv;
727 skb_queue_purge(&bcsp->unack);
728 skb_queue_purge(&bcsp->rel);
729 skb_queue_purge(&bcsp->unrel);
730 del_timer(&bcsp->tbcsp);
736 static struct hci_uart_proto bcsp = {
740 .enqueue = bcsp_enqueue,
741 .dequeue = bcsp_dequeue,
748 int err = hci_uart_register_proto(&bcsp);
751 BT_INFO("HCI BCSP protocol initialized");
753 BT_ERR("HCI BCSP protocol registration failed");
758 int bcsp_deinit(void)
760 return hci_uart_unregister_proto(&bcsp);
763 module_param(txcrc, bool, 0644);
764 MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
766 module_param(hciextn, bool, 0644);
767 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");