projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
[linux-2.6-block.git] / drivers / bluetooth / hci_bcsp.c
CommitLineData
1da177e4 1/*
0372a662
MH		 2 *
3 * Bluetooth HCI UART driver
4 *
5 * Copyright (C) 2002-2003 Fabrizio Gennari <fabrizio.gennari@philips.com>
6 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 *
1da177e4
LT		 23 */
24
1da177e4
LT		 25#include <linux/module.h>
26
27#include <linux/kernel.h>
28#include <linux/init.h>
1da177e4
LT		 29#include <linux/types.h>
30#include <linux/fcntl.h>
31#include <linux/interrupt.h>
32#include <linux/ptrace.h>
33#include <linux/poll.h>
34
35#include <linux/slab.h>
36#include <linux/tty.h>
37#include <linux/errno.h>
38#include <linux/string.h>
39#include <linux/signal.h>
40#include <linux/ioctl.h>
41#include <linux/skbuff.h>
c5ec5140
HH		 42#include <linux/bitrev.h>
43#include <asm/unaligned.h>
1da177e4
LT		 44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
0372a662 47
1da177e4 48#include "hci_uart.h"
1da177e4 49
bff6b89f
SV		 50static bool txcrc = true;
51static bool hciextn = true;
1da177e4 52
0372a662
MH		 53#define BCSP_TXWINSIZE 4
54
55#define BCSP_ACK_PKT 0x05
56#define BCSP_LE_PKT 0x06
57
58struct bcsp_struct {
59 struct sk_buff_head unack; /* Unack'ed packets queue */
60 struct sk_buff_head rel; /* Reliable packets queue */
61 struct sk_buff_head unrel; /* Unreliable packets queue */
62
63 unsigned long rx_count;
64 struct sk_buff *rx_skb;
65 u8 rxseq_txack; /* rxseq == txack. */
66 u8 rxack; /* Last packet sent by us that the peer ack'ed */
67 struct timer_list tbcsp;
68
69 enum {
70 BCSP_W4_PKT_DELIMITER,
71 BCSP_W4_PKT_START,
72 BCSP_W4_BCSP_HDR,
73 BCSP_W4_DATA,
74 BCSP_W4_CRC
75 } rx_state;
76
77 enum {
78 BCSP_ESCSTATE_NOESC,
79 BCSP_ESCSTATE_ESC
80 } rx_esc_state;
81
82 u8 use_crc;
83 u16 message_crc;
84 u8 txack_req; /* Do we need to send ack's to the peer? */
85
86 /* Reliable packet sequence number - used to assign seq to each rel pkt. */
87 u8 msgq_txseq;
88};
89
1da177e4
LT		 90/* ---- BCSP CRC calculation ---- */
91
92/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
93initial value 0xffff, bits shifted in reverse order. */
94
95static const u16 crc_table[] = {
96 0x0000, 0x1081, 0x2102, 0x3183,
97 0x4204, 0x5285, 0x6306, 0x7387,
98 0x8408, 0x9489, 0xa50a, 0xb58b,
99 0xc60c, 0xd68d, 0xe70e, 0xf78f
100};
101
102/* Initialise the crc calculator */
103#define BCSP_CRC_INIT(x) x = 0xffff
104
105/*
106 Update crc with next data byte
107
108 Implementation note
109 The data byte is treated as two nibbles. The crc is generated
110 in reverse, i.e., bits are fed into the register from the top.
111*/
112static void bcsp_crc_update(u16 *crc, u8 d)
113{
114 u16 reg = *crc;
115
116 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
117 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
118
119 *crc = reg;
120}
121
1da177e4
LT		 122/* ---- BCSP core ---- */
123
124static void bcsp_slip_msgdelim(struct sk_buff *skb)
125{
126 const char pkt_delim = 0xc0;
0372a662 127
1da177e4
LT		 128 memcpy(skb_put(skb, 1), &pkt_delim, 1);
129}
130
131static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
132{
133 const char esc_c0[2] = { 0xdb, 0xdc };
134 const char esc_db[2] = { 0xdb, 0xdd };
135
136 switch (c) {
137 case 0xc0:
138 memcpy(skb_put(skb, 2), &esc_c0, 2);
139 break;
140 case 0xdb:
141 memcpy(skb_put(skb, 2), &esc_db, 2);
142 break;
143 default:
144 memcpy(skb_put(skb, 1), &c, 1);
145 }
146}
147
148static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
149{
150 struct bcsp_struct *bcsp = hu->priv;
151
152 if (skb->len > 0xFFF) {
153 BT_ERR("Packet too long");
154 kfree_skb(skb);
155 return 0;
156 }
157
0d48d939 158 switch (bt_cb(skb)->pkt_type) {
1da177e4
LT		 159 case HCI_ACLDATA_PKT:
160 case HCI_COMMAND_PKT:
161 skb_queue_tail(&bcsp->rel, skb);
162 break;
163
164 case HCI_SCODATA_PKT:
165 skb_queue_tail(&bcsp->unrel, skb);
166 break;
167
168 default:
169 BT_ERR("Unknown packet type");
170 kfree_skb(skb);
171 break;
172 }
173
174 return 0;
175}
176
177static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
178 int len, int pkt_type)
179{
180 struct sk_buff *nskb;
181 u8 hdr[4], chan;
1da177e4 182 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
20dd6f59 183 int rel, i;
1da177e4
LT		 184
185 switch (pkt_type) {
186 case HCI_ACLDATA_PKT:
187 chan = 6; /* BCSP ACL channel */
188 rel = 1; /* reliable channel */
189 break;
190 case HCI_COMMAND_PKT:
191 chan = 5; /* BCSP cmd/evt channel */
192 rel = 1; /* reliable channel */
193 break;
194 case HCI_SCODATA_PKT:
195 chan = 7; /* BCSP SCO channel */
196 rel = 0; /* unreliable channel */
197 break;
198 case BCSP_LE_PKT:
199 chan = 1; /* BCSP LE channel */
200 rel = 0; /* unreliable channel */
201 break;
202 case BCSP_ACK_PKT:
203 chan = 0; /* BCSP internal channel */
204 rel = 0; /* unreliable channel */
205 break;
206 default:
207 BT_ERR("Unknown packet type");
208 return NULL;
209 }
210
211 if (hciextn && chan == 5) {
c5ec5140 212 __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
1da177e4 213
a9de9248 214 /* Vendor specific commands */
c5ec5140 215 if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
1da177e4
LT		 216 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
217 if ((desc & 0xf0) == 0xc0) {
218 data += HCI_COMMAND_HDR_SIZE + 1;
219 len -= HCI_COMMAND_HDR_SIZE + 1;
220 chan = desc & 0x0f;
221 }
222 }
223 }
224
225 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
226 (because bytes 0xc0 and 0xdb are escaped, worst case is
227 when the packet is all made of 0xc0 and 0xdb :) )
228 + 2 (0xc0 delimiters at start and end). */
229
230 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
231 if (!nskb)
232 return NULL;
233
0d48d939 234 bt_cb(nskb)->pkt_type = pkt_type;
1da177e4
LT		 235
236 bcsp_slip_msgdelim(nskb);
237
238 hdr[0] = bcsp->rxseq_txack << 3;
239 bcsp->txack_req = 0;
240 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
241
242 if (rel) {
243 hdr[0] |= 0x80 + bcsp->msgq_txseq;
244 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
dd1589a4 245 bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
1da177e4 246 }
20dd6f59
MH		 247
248 if (bcsp->use_crc)
249 hdr[0] |= 0x40;
1da177e4
LT		 250
251 hdr[1] = ((len << 4) & 0xff) | chan;
252 hdr[2] = len >> 4;
253 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
254
255 /* Put BCSP header */
256 for (i = 0; i < 4; i++) {
257 bcsp_slip_one_byte(nskb, hdr[i]);
20dd6f59
MH		 258
259 if (bcsp->use_crc)
260 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
1da177e4
LT		 261 }
262
263 /* Put payload */
264 for (i = 0; i < len; i++) {
265 bcsp_slip_one_byte(nskb, data[i]);
20dd6f59
MH		 266
267 if (bcsp->use_crc)
268 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
1da177e4
LT		 269 }
270
1da177e4 271 /* Put CRC */
20dd6f59 272 if (bcsp->use_crc) {
c5ec5140 273 bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
20dd6f59
MH		 274 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
275 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
276 }
1da177e4
LT		 277
278 bcsp_slip_msgdelim(nskb);
279 return nskb;
280}
281
282/* This is a rewrite of pkt_avail in ABCSP */
283static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
284{
285 struct bcsp_struct *bcsp = hu->priv;
286 unsigned long flags;
287 struct sk_buff *skb;
288
289 /* First of all, check for unreliable messages in the queue,
290 since they have priority */
291
a08b15e6
VI		 292 skb = skb_dequeue(&bcsp->unrel);
293 if (skb != NULL) {
0d48d939 294 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
1da177e4
LT		 295 if (nskb) {
296 kfree_skb(skb);
297 return nskb;
298 } else {
299 skb_queue_head(&bcsp->unrel, skb);
300 BT_ERR("Could not dequeue pkt because alloc_skb failed");
301 }
302 }
303
304 /* Now, try to send a reliable pkt. We can only send a
305 reliable packet if the number of packets sent but not yet ack'ed
306 is < than the winsize */
307
f89d75f2 308 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
1da177e4 309
a08b15e6
VI		 310 if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
311 skb = skb_dequeue(&bcsp->rel);
312 if (skb != NULL) {
313 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
314 bt_cb(skb)->pkt_type);
315 if (nskb) {
316 __skb_queue_tail(&bcsp->unack, skb);
317 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
318 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
319 return nskb;
320 } else {
321 skb_queue_head(&bcsp->rel, skb);
322 BT_ERR("Could not dequeue pkt because alloc_skb failed");
323 }
1da177e4
LT		 324 }
325 }
326
327 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
328
1da177e4
LT		 329 /* We could not send a reliable packet, either because there are
330 none or because there are too many unack'ed pkts. Did we receive
331 any packets we have not acknowledged yet ? */
332
333 if (bcsp->txack_req) {
334 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
335 channel 0 */
336 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
337 return nskb;
338 }
339
340 /* We have nothing to send */
341 return NULL;
342}
343
344static int bcsp_flush(struct hci_uart *hu)
345{
346 BT_DBG("hu %p", hu);
347 return 0;
348}
349
350/* Remove ack'ed packets */
351static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
352{
8fc5387c 353 struct sk_buff *skb, *tmp;
1da177e4 354 unsigned long flags;
1da177e4
LT		 355 int i, pkts_to_be_removed;
356 u8 seqno;
357
358 spin_lock_irqsave(&bcsp->unack.lock, flags);
359
8fc5387c 360 pkts_to_be_removed = skb_queue_len(&bcsp->unack);
1da177e4
LT		 361 seqno = bcsp->msgq_txseq;
362
363 while (pkts_to_be_removed) {
364 if (bcsp->rxack == seqno)
365 break;
366 pkts_to_be_removed--;
367 seqno = (seqno - 1) & 0x07;
368 }
369
370 if (bcsp->rxack != seqno)
371 BT_ERR("Peer acked invalid packet");
372
373 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
8fc5387c
DM		 374 pkts_to_be_removed, skb_queue_len(&bcsp->unack),
375 (seqno - 1) & 0x07);
1da177e4 376
8fc5387c
DM		 377 i = 0;
378 skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
d2e353f7 379 if (i >= pkts_to_be_removed)
8fc5387c 380 break;
d2e353f7 381 i++;
1da177e4 382
1da177e4
LT		 383 __skb_unlink(skb, &bcsp->unack);
384 kfree_skb(skb);
1da177e4 385 }
0372a662 386
8fc5387c 387 if (skb_queue_empty(&bcsp->unack))
1da177e4 388 del_timer(&bcsp->tbcsp);
0372a662 389
1da177e4
LT		 390 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
391
392 if (i != pkts_to_be_removed)
393 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
394}
395
396/* Handle BCSP link-establishment packets. When we
397 detect a "sync" packet, symptom that the BT module has reset,
398 we do nothing :) (yet) */
399static void bcsp_handle_le_pkt(struct hci_uart *hu)
400{
401 struct bcsp_struct *bcsp = hu->priv;
402 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
403 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
404 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
405
406 /* spot "conf" pkts and reply with a "conf rsp" pkt */
407 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
408 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
409 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
410
411 BT_DBG("Found a LE conf pkt");
412 if (!nskb)
413 return;
414 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
0d48d939 415 bt_cb(nskb)->pkt_type = BCSP_LE_PKT;
1da177e4
LT		 416
417 skb_queue_head(&bcsp->unrel, nskb);
418 hci_uart_tx_wakeup(hu);
419 }
420 /* Spot "sync" pkts. If we find one...disaster! */
421 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
422 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
423 BT_ERR("Found a LE sync pkt, card has reset");
424 }
425}
426
427static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
428{
429 const u8 c0 = 0xc0, db = 0xdb;
430
431 switch (bcsp->rx_esc_state) {
432 case BCSP_ESCSTATE_NOESC:
433 switch (byte) {
434 case 0xdb:
435 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
436 break;
437 default:
438 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
fe8de008 439 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
1da177e4
LT		 440 bcsp->rx_state != BCSP_W4_CRC)
441 bcsp_crc_update(&bcsp->message_crc, byte);
442 bcsp->rx_count--;
443 }
444 break;
445
446 case BCSP_ESCSTATE_ESC:
447 switch (byte) {
448 case 0xdc:
449 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
fe8de008 450 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
1da177e4 451 bcsp->rx_state != BCSP_W4_CRC)
fe8de008 452 bcsp_crc_update(&bcsp->message_crc, 0xc0);
1da177e4
LT		 453 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
454 bcsp->rx_count--;
455 break;
456
457 case 0xdd:
458 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
fe8de008 459 if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
1da177e4 460 bcsp->rx_state != BCSP_W4_CRC)
fe8de008 461 bcsp_crc_update(&bcsp->message_crc, 0xdb);
1da177e4
LT		 462 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
463 bcsp->rx_count--;
464 break;
465
466 default:
fe8de008 467 BT_ERR("Invalid byte %02x after esc byte", byte);
1da177e4
LT		 468 kfree_skb(bcsp->rx_skb);
469 bcsp->rx_skb = NULL;
470 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
471 bcsp->rx_count = 0;
472 }
473 }
474}
475
858119e1 476static void bcsp_complete_rx_pkt(struct hci_uart *hu)
1da177e4
LT		 477{
478 struct bcsp_struct *bcsp = hu->priv;
479 int pass_up;
480
481 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
482 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
483 bcsp->rxseq_txack++;
484 bcsp->rxseq_txack %= 0x8;
485 bcsp->txack_req = 1;
486
487 /* If needed, transmit an ack pkt */
488 hci_uart_tx_wakeup(hu);
489 }
490
491 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
492 BT_DBG("Request for pkt %u from card", bcsp->rxack);
493
494 bcsp_pkt_cull(bcsp);
495 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
496 bcsp->rx_skb->data[0] & 0x80) {
0d48d939 497 bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT;
1da177e4
LT		 498 pass_up = 1;
499 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
500 bcsp->rx_skb->data[0] & 0x80) {
0d48d939 501 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
1da177e4
LT		 502 pass_up = 1;
503 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
0d48d939 504 bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT;
1da177e4
LT		 505 pass_up = 1;
506 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
507 !(bcsp->rx_skb->data[0] & 0x80)) {
508 bcsp_handle_le_pkt(hu);
509 pass_up = 0;
510 } else
511 pass_up = 0;
512
513 if (!pass_up) {
514 struct hci_event_hdr hdr;
515 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
516
517 if (desc != 0 && desc != 1) {
518 if (hciextn) {
519 desc |= 0xc0;
520 skb_pull(bcsp->rx_skb, 4);
521 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
522
523 hdr.evt = 0xff;
524 hdr.plen = bcsp->rx_skb->len;
525 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
0d48d939 526 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 527
e1a26170 528 hci_recv_frame(hu->hdev, bcsp->rx_skb);
1da177e4 529 } else {
fe8de008 530 BT_ERR("Packet for unknown channel (%u %s)",
1da177e4
LT		 531 bcsp->rx_skb->data[1] & 0x0f,
532 bcsp->rx_skb->data[0] & 0x80 ?
533 "reliable" : "unreliable");
534 kfree_skb(bcsp->rx_skb);
535 }
536 } else
537 kfree_skb(bcsp->rx_skb);
538 } else {
539 /* Pull out BCSP hdr */
540 skb_pull(bcsp->rx_skb, 4);
541
e1a26170 542 hci_recv_frame(hu->hdev, bcsp->rx_skb);
1da177e4 543 }
0372a662 544
1da177e4
LT		 545 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
546 bcsp->rx_skb = NULL;
547}
548
c5ec5140
HH		 549static u16 bscp_get_crc(struct bcsp_struct *bcsp)
550{
551 return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
552}
553
1da177e4 554/* Recv data */
9d1c40eb 555static int bcsp_recv(struct hci_uart *hu, const void *data, int count)
1da177e4
LT		 556{
557 struct bcsp_struct *bcsp = hu->priv;
9d1c40eb 558 const unsigned char *ptr;
1da177e4
LT		 559
560 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
561 hu, count, bcsp->rx_state, bcsp->rx_count);
562
563 ptr = data;
564 while (count) {
565 if (bcsp->rx_count) {
566 if (*ptr == 0xc0) {
567 BT_ERR("Short BCSP packet");
568 kfree_skb(bcsp->rx_skb);
569 bcsp->rx_state = BCSP_W4_PKT_START;
570 bcsp->rx_count = 0;
571 } else
572 bcsp_unslip_one_byte(bcsp, *ptr);
573
574 ptr++; count--;
575 continue;
576 }
577
578 switch (bcsp->rx_state) {
579 case BCSP_W4_BCSP_HDR:
580 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
581 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
582 BT_ERR("Error in BCSP hdr checksum");
583 kfree_skb(bcsp->rx_skb);
584 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
585 bcsp->rx_count = 0;
586 continue;
587 }
588 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */
589 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
fe8de008 590 BT_ERR("Out-of-order packet arrived, got %u expected %u",
1da177e4
LT		 591 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
592
593 kfree_skb(bcsp->rx_skb);
594 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
595 bcsp->rx_count = 0;
596 continue;
597 }
598 bcsp->rx_state = BCSP_W4_DATA;
599 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
600 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
601 continue;
602
603 case BCSP_W4_DATA:
604 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
605 bcsp->rx_state = BCSP_W4_CRC;
606 bcsp->rx_count = 2;
607 } else
608 bcsp_complete_rx_pkt(hu);
609 continue;
610
611 case BCSP_W4_CRC:
c5ec5140 612 if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
1da177e4 613 BT_ERR ("Checksum failed: computed %04x received %04x",
c5ec5140
HH		 614 bitrev16(bcsp->message_crc),
615 bscp_get_crc(bcsp));
1da177e4
LT		 616
617 kfree_skb(bcsp->rx_skb);
618 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
619 bcsp->rx_count = 0;
620 continue;
621 }
622 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
623 bcsp_complete_rx_pkt(hu);
624 continue;
625
626 case BCSP_W4_PKT_DELIMITER:
627 switch (*ptr) {
628 case 0xc0:
629 bcsp->rx_state = BCSP_W4_PKT_START;
630 break;
631 default:
632 /*BT_ERR("Ignoring byte %02x", *ptr);*/
633 break;
634 }
635 ptr++; count--;
636 break;
637
638 case BCSP_W4_PKT_START:
639 switch (*ptr) {
640 case 0xc0:
641 ptr++; count--;
642 break;
643
644 default:
645 bcsp->rx_state = BCSP_W4_BCSP_HDR;
646 bcsp->rx_count = 4;
647 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
648 BCSP_CRC_INIT(bcsp->message_crc);
0372a662 649
1da177e4
LT		 650 /* Do not increment ptr or decrement count
651 * Allocate packet. Max len of a BCSP pkt=
652 * 0xFFF (payload) +4 (header) +2 (crc) */
653
654 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
655 if (!bcsp->rx_skb) {
656 BT_ERR("Can't allocate mem for new packet");
657 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
658 bcsp->rx_count = 0;
659 return 0;
660 }
1da177e4
LT		 661 break;
662 }
663 break;
664 }
665 }
666 return count;
667}
668
669 /* Arrange to retransmit all messages in the relq. */
670static void bcsp_timed_event(unsigned long arg)
671{
672 struct hci_uart *hu = (struct hci_uart *) arg;
673 struct bcsp_struct *bcsp = hu->priv;
674 struct sk_buff *skb;
675 unsigned long flags;
676
677 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
678
f89d75f2 679 spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
1da177e4
LT		 680
681 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
682 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
683 skb_queue_head(&bcsp->rel, skb);
684 }
685
686 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
687
688 hci_uart_tx_wakeup(hu);
689}
690
691static int bcsp_open(struct hci_uart *hu)
692{
693 struct bcsp_struct *bcsp;
694
695 BT_DBG("hu %p", hu);
696
c063af34 697 bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
1da177e4
LT		 698 if (!bcsp)
699 return -ENOMEM;
1da177e4
LT		 700
701 hu->priv = bcsp;
702 skb_queue_head_init(&bcsp->unack);
703 skb_queue_head_init(&bcsp->rel);
704 skb_queue_head_init(&bcsp->unrel);
705
706 init_timer(&bcsp->tbcsp);
707 bcsp->tbcsp.function = bcsp_timed_event;
708 bcsp->tbcsp.data = (u_long) hu;
709
710 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
711
20dd6f59
MH		 712 if (txcrc)
713 bcsp->use_crc = 1;
714
1da177e4
LT		 715 return 0;
716}
717
718static int bcsp_close(struct hci_uart *hu)
719{
720 struct bcsp_struct *bcsp = hu->priv;
c327cddd
MK		 721
722 del_timer_sync(&bcsp->tbcsp);
723
1da177e4
LT		 724 hu->priv = NULL;
725
726 BT_DBG("hu %p", hu);
727
728 skb_queue_purge(&bcsp->unack);
729 skb_queue_purge(&bcsp->rel);
730 skb_queue_purge(&bcsp->unrel);
1da177e4
LT		 731
732 kfree(bcsp);
733 return 0;
734}
735
4ee7ef19 736static const struct hci_uart_proto bcsp = {
0372a662 737 .id = HCI_UART_BCSP,
7c40fb8d 738 .name = "BCSP",
0372a662
MH		 739 .open = bcsp_open,
740 .close = bcsp_close,
741 .enqueue = bcsp_enqueue,
742 .dequeue = bcsp_dequeue,
743 .recv = bcsp_recv,
744 .flush = bcsp_flush
1da177e4
LT		 745};
746
f2b94bb9 747int __init bcsp_init(void)
1da177e4 748{
01009eec 749 return hci_uart_register_proto(&bcsp);
1da177e4
LT		 750}
751
f2b94bb9 752int __exit bcsp_deinit(void)
1da177e4
LT		 753{
754 return hci_uart_unregister_proto(&bcsp);
755}
756
20dd6f59
MH		 757module_param(txcrc, bool, 0644);
758MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
759
1da177e4
LT		 760module_param(hciextn, bool, 0644);
761MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");
Linux 6.x block layer and io_uring tree(s)