LXR linux/drivers/bluetooth/hci

   1/*
   2 *
   3 *  Bluetooth HCI UART driver
   4 *
   5 *  Copyright (C) 2002-2003  Fabrizio Gennari <fabrizio.gennari@philips.com>
   6 *  Copyright (C) 2004-2005  Marcel Holtmann <marcel@holtmann.org>
   7 *
   8 *
   9 *  This program is free software; you can redistribute it and/or modify
  10 *  it under the terms of the GNU General Public License as published by
  11 *  the Free Software Foundation; either version 2 of the License, or
  12 *  (at your option) any later version.
  13 *
  14 *  This program is distributed in the hope that it will be useful,
  15 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17 *  GNU General Public License for more details.
  18 *
  19 *  You should have received a copy of the GNU General Public License
  20 *  along with this program; if not, write to the Free Software
  21 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  22 *
  23 */
  24
  25#include <linux/module.h>
  26
  27#include <linux/kernel.h>
  28#include <linux/init.h>
  29#include <linux/types.h>
  30#include <linux/fcntl.h>
  31#include <linux/interrupt.h>
  32#include <linux/ptrace.h>
  33#include <linux/poll.h>
  34
  35#include <linux/slab.h>
  36#include <linux/tty.h>
  37#include <linux/errno.h>
  38#include <linux/string.h>
  39#include <linux/signal.h>
  40#include <linux/ioctl.h>
  41#include <linux/skbuff.h>
  42#include <linux/bitrev.h>
  43#include <asm/unaligned.h>
  44
  45#include <net/bluetooth/bluetooth.h>
  46#include <net/bluetooth/hci_core.h>
  47
  48#include "hci_uart.h"
  49
  50#define VERSION "0.3"
  51
  52static bool txcrc = 1;
  53static bool hciextn = 1;
  54
  55#define BCSP_TXWINSIZE  4
  56
  57#define BCSP_ACK_PKT    0x05
  58#define BCSP_LE_PKT     0x06
  59
  60struct bcsp_struct {
  61        struct sk_buff_head unack;      /* Unack'ed packets queue */
  62        struct sk_buff_head rel;        /* Reliable packets queue */
  63        struct sk_buff_head unrel;      /* Unreliable packets queue */
  64
  65        unsigned long rx_count;
  66        struct  sk_buff *rx_skb;
  67        u8      rxseq_txack;            /* rxseq == txack. */
  68        u8      rxack;                  /* Last packet sent by us that the peer ack'ed */
  69        struct  timer_list tbcsp;
  70
  71        enum {
  72                BCSP_W4_PKT_DELIMITER,
  73                BCSP_W4_PKT_START,
  74                BCSP_W4_BCSP_HDR,
  75                BCSP_W4_DATA,
  76                BCSP_W4_CRC
  77        } rx_state;
  78
  79        enum {
  80                BCSP_ESCSTATE_NOESC,
  81                BCSP_ESCSTATE_ESC
  82        } rx_esc_state;
  83
  84        u8      use_crc;
  85        u16     message_crc;
  86        u8      txack_req;              /* Do we need to send ack's to the peer? */
  87
  88        /* Reliable packet sequence number - used to assign seq to each rel pkt. */
  89        u8      msgq_txseq;
  90};
  91
  92/* ---- BCSP CRC calculation ---- */
  93
  94/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
  95initial value 0xffff, bits shifted in reverse order. */
  96
  97static const u16 crc_table[] = {
  98        0x0000, 0x1081, 0x2102, 0x3183,
  99        0x4204, 0x5285, 0x6306, 0x7387,
 100        0x8408, 0x9489, 0xa50a, 0xb58b,
 101        0xc60c, 0xd68d, 0xe70e, 0xf78f
 102};
 103
 104/* Initialise the crc calculator */
 105#define BCSP_CRC_INIT(x) x = 0xffff
 106
 107/*
 108   Update crc with next data byte
 109
 110   Implementation note
 111        The data byte is treated as two nibbles.  The crc is generated
 112        in reverse, i.e., bits are fed into the register from the top.
 113*/
 114static void bcsp_crc_update(u16 *crc, u8 d)
 115{
 116        u16 reg = *crc;
 117
 118        reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
 119        reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
 120
 121        *crc = reg;
 122}
 123
 124/* ---- BCSP core ---- */
 125
 126static void bcsp_slip_msgdelim(struct sk_buff *skb)
 127{
 128        const char pkt_delim = 0xc0;
 129
 130        memcpy(skb_put(skb, 1), &pkt_delim, 1);
 131}
 132
 133static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
 134{
 135        const char esc_c0[2] = { 0xdb, 0xdc };
 136        const char esc_db[2] = { 0xdb, 0xdd };
 137
 138        switch (c) {
 139        case 0xc0:
 140                memcpy(skb_put(skb, 2), &esc_c0, 2);
 141                break;
 142        case 0xdb:
 143                memcpy(skb_put(skb, 2), &esc_db, 2);
 144                break;
 145        default:
 146                memcpy(skb_put(skb, 1), &c, 1);
 147        }
 148}
 149
 150static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
 151{
 152        struct bcsp_struct *bcsp = hu->priv;
 153
 154        if (skb->len > 0xFFF) {
 155                BT_ERR("Packet too long");
 156                kfree_skb(skb);
 157                return 0;
 158        }
 159
 160        switch (bt_cb(skb)->pkt_type) {
 161        case HCI_ACLDATA_PKT:
 162        case HCI_COMMAND_PKT:
 163                skb_queue_tail(&bcsp->rel, skb);
 164                break;
 165
 166        case HCI_SCODATA_PKT:
 167                skb_queue_tail(&bcsp->unrel, skb);
 168                break;
 169
 170        default:
 171                BT_ERR("Unknown packet type");
 172                kfree_skb(skb);
 173                break;
 174        }
 175
 176        return 0;
 177}
 178
 179static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
 180                int len, int pkt_type)
 181{
 182        struct sk_buff *nskb;
 183        u8 hdr[4], chan;
 184        u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
 185        int rel, i;
 186
 187        switch (pkt_type) {
 188        case HCI_ACLDATA_PKT:
 189                chan = 6;       /* BCSP ACL channel */
 190                rel = 1;        /* reliable channel */
 191                break;
 192        case HCI_COMMAND_PKT:
 193                chan = 5;       /* BCSP cmd/evt channel */
 194                rel = 1;        /* reliable channel */
 195                break;
 196        case HCI_SCODATA_PKT:
 197                chan = 7;       /* BCSP SCO channel */
 198                rel = 0;        /* unreliable channel */
 199                break;
 200        case BCSP_LE_PKT:
 201                chan = 1;       /* BCSP LE channel */
 202                rel = 0;        /* unreliable channel */
 203                break;
 204        case BCSP_ACK_PKT:
 205                chan = 0;       /* BCSP internal channel */
 206                rel = 0;        /* unreliable channel */
 207                break;
 208        default:
 209                BT_ERR("Unknown packet type");
 210                return NULL;
 211        }
 212
 213        if (hciextn && chan == 5) {
 214                __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
 215
 216                /* Vendor specific commands */
 217                if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
 218                        u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
 219                        if ((desc & 0xf0) == 0xc0) {
 220                                data += HCI_COMMAND_HDR_SIZE + 1;
 221                                len  -= HCI_COMMAND_HDR_SIZE + 1;
 222                                chan = desc & 0x0f;
 223                        }
 224                }
 225        }
 226
 227        /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
 228           (because bytes 0xc0 and 0xdb are escaped, worst case is
 229           when the packet is all made of 0xc0 and 0xdb :) )
 230           + 2 (0xc0 delimiters at start and end). */
 231
 232        nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
 233        if (!nskb)
 234                return NULL;
 235
 236        bt_cb(nskb)->pkt_type = pkt_type;
 237
 238        bcsp_slip_msgdelim(nskb);
 239
 240        hdr[0] = bcsp->rxseq_txack << 3;
 241        bcsp->txack_req = 0;
 242        BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
 243
 244        if (rel) {
 245                hdr[0] |= 0x80 + bcsp->msgq_txseq;
 246                BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
 247                bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
 248        }
 249
 250        if (bcsp->use_crc)
 251                hdr[0] |= 0x40;
 252
 253        hdr[1] = ((len << 4) & 0xff) | chan;
 254        hdr[2] = len >> 4;
 255        hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
 256
 257        /* Put BCSP header */
 258        for (i = 0; i < 4; i++) {
 259                bcsp_slip_one_byte(nskb, hdr[i]);
 260
 261                if (bcsp->use_crc)
 262                        bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
 263        }
 264
 265        /* Put payload */
 266        for (i = 0; i < len; i++) {
 267                bcsp_slip_one_byte(nskb, data[i]);
 268
 269                if (bcsp->use_crc)
 270                        bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
 271        }
 272
 273        /* Put CRC */
 274        if (bcsp->use_crc) {
 275                bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
 276                bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
 277                bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
 278        }
 279
 280        bcsp_slip_msgdelim(nskb);
 281        return nskb;
 282}
 283
 284/* This is a rewrite of pkt_avail in ABCSP */
 285static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
 286{
 287        struct bcsp_struct *bcsp = hu->priv;
 288        unsigned long flags;
 289        struct sk_buff *skb;
 290        
 291        /* First of all, check for unreliable messages in the queue,
 292           since they have priority */
 293
 294        if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) {
 295                struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
 296                if (nskb) {
 297                        kfree_skb(skb);
 298                        return nskb;
 299                } else {
 300                        skb_queue_head(&bcsp->unrel, skb);
 301                        BT_ERR("Could not dequeue pkt because alloc_skb failed");
 302                }
 303        }
 304
 305        /* Now, try to send a reliable pkt. We can only send a
 306           reliable packet if the number of packets sent but not yet ack'ed
 307           is < than the winsize */
 308
 309        spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
 310
 311        if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) {
 312                struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
 313                if (nskb) {
 314                        __skb_queue_tail(&bcsp->unack, skb);
 315                        mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
 316                        spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 317                        return nskb;
 318                } else {
 319                        skb_queue_head(&bcsp->rel, skb);
 320                        BT_ERR("Could not dequeue pkt because alloc_skb failed");
 321                }
 322        }
 323
 324        spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 325
 326        /* We could not send a reliable packet, either because there are
 327           none or because there are too many unack'ed pkts. Did we receive
 328           any packets we have not acknowledged yet ? */
 329
 330        if (bcsp->txack_req) {
 331                /* if so, craft an empty ACK pkt and send it on BCSP unreliable
 332                   channel 0 */
 333                struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
 334                return nskb;
 335        }
 336
 337        /* We have nothing to send */
 338        return NULL;
 339}
 340
 341static int bcsp_flush(struct hci_uart *hu)
 342{
 343        BT_DBG("hu %p", hu);
 344        return 0;
 345}
 346
 347/* Remove ack'ed packets */
 348static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
 349{
 350        struct sk_buff *skb, *tmp;
 351        unsigned long flags;
 352        int i, pkts_to_be_removed;
 353        u8 seqno;
 354
 355        spin_lock_irqsave(&bcsp->unack.lock, flags);
 356
 357        pkts_to_be_removed = skb_queue_len(&bcsp->unack);
 358        seqno = bcsp->msgq_txseq;
 359
 360        while (pkts_to_be_removed) {
 361                if (bcsp->rxack == seqno)
 362                        break;
 363                pkts_to_be_removed--;
 364                seqno = (seqno - 1) & 0x07;
 365        }
 366
 367        if (bcsp->rxack != seqno)
 368                BT_ERR("Peer acked invalid packet");
 369
 370        BT_DBG("Removing %u pkts out of %u, up to seqno %u",
 371               pkts_to_be_removed, skb_queue_len(&bcsp->unack),
 372               (seqno - 1) & 0x07);
 373
 374        i = 0;
 375        skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
 376                if (i >= pkts_to_be_removed)
 377                        break;
 378                i++;
 379
 380                __skb_unlink(skb, &bcsp->unack);
 381                kfree_skb(skb);
 382        }
 383
 384        if (skb_queue_empty(&bcsp->unack))
 385                del_timer(&bcsp->tbcsp);
 386
 387        spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 388
 389        if (i != pkts_to_be_removed)
 390                BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
 391}
 392
 393/* Handle BCSP link-establishment packets. When we
 394   detect a "sync" packet, symptom that the BT module has reset,
 395   we do nothing :) (yet) */
 396static void bcsp_handle_le_pkt(struct hci_uart *hu)
 397{
 398        struct bcsp_struct *bcsp = hu->priv;
 399        u8 conf_pkt[4]     = { 0xad, 0xef, 0xac, 0xed };
 400        u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
 401        u8 sync_pkt[4]     = { 0xda, 0xdc, 0xed, 0xed };
 402
 403        /* spot "conf" pkts and reply with a "conf rsp" pkt */
 404        if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
 405                        !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
 406                struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
 407
 408                BT_DBG("Found a LE conf pkt");
 409                if (!nskb)
 410                        return;
 411                memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
 412                bt_cb(nskb)->pkt_type = BCSP_LE_PKT;
 413
 414                skb_queue_head(&bcsp->unrel, nskb);
 415                hci_uart_tx_wakeup(hu);
 416        }
 417        /* Spot "sync" pkts. If we find one...disaster! */
 418        else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
 419                        !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
 420                BT_ERR("Found a LE sync pkt, card has reset");
 421        }
 422}
 423
 424static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
 425{
 426        const u8 c0 = 0xc0, db = 0xdb;
 427
 428        switch (bcsp->rx_esc_state) {
 429        case BCSP_ESCSTATE_NOESC:
 430                switch (byte) {
 431                case 0xdb:
 432                        bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
 433                        break;
 434                default:
 435                        memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
 436                        if ((bcsp->rx_skb-> data[0] & 0x40) != 0 && 
 437                                        bcsp->rx_state != BCSP_W4_CRC)
 438                                bcsp_crc_update(&bcsp->message_crc, byte);
 439                        bcsp->rx_count--;
 440                }
 441                break;
 442
 443        case BCSP_ESCSTATE_ESC:
 444                switch (byte) {
 445                case 0xdc:
 446                        memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
 447                        if ((bcsp->rx_skb-> data[0] & 0x40) != 0 && 
 448                                        bcsp->rx_state != BCSP_W4_CRC)
 449                                bcsp_crc_update(&bcsp-> message_crc, 0xc0);
 450                        bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
 451                        bcsp->rx_count--;
 452                        break;
 453
 454                case 0xdd:
 455                        memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
 456                        if ((bcsp->rx_skb-> data[0] & 0x40) != 0 && 
 457                                        bcsp->rx_state != BCSP_W4_CRC) 
 458                                bcsp_crc_update(&bcsp-> message_crc, 0xdb);
 459                        bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
 460                        bcsp->rx_count--;
 461                        break;
 462
 463                default:
 464                        BT_ERR ("Invalid byte %02x after esc byte", byte);
 465                        kfree_skb(bcsp->rx_skb);
 466                        bcsp->rx_skb = NULL;
 467                        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 468                        bcsp->rx_count = 0;
 469                }
 470        }
 471}
 472
 473static void bcsp_complete_rx_pkt(struct hci_uart *hu)
 474{
 475        struct bcsp_struct *bcsp = hu->priv;
 476        int pass_up;
 477
 478        if (bcsp->rx_skb->data[0] & 0x80) {     /* reliable pkt */
 479                BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
 480                bcsp->rxseq_txack++;
 481                bcsp->rxseq_txack %= 0x8;
 482                bcsp->txack_req    = 1;
 483
 484                /* If needed, transmit an ack pkt */
 485                hci_uart_tx_wakeup(hu);
 486        }
 487
 488        bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
 489        BT_DBG("Request for pkt %u from card", bcsp->rxack);
 490
 491        bcsp_pkt_cull(bcsp);
 492        if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
 493                        bcsp->rx_skb->data[0] & 0x80) {
 494                bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT;
 495                pass_up = 1;
 496        } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
 497                        bcsp->rx_skb->data[0] & 0x80) {
 498                bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
 499                pass_up = 1;
 500        } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
 501                bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT;
 502                pass_up = 1;
 503        } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
 504                        !(bcsp->rx_skb->data[0] & 0x80)) {
 505                bcsp_handle_le_pkt(hu);
 506                pass_up = 0;
 507        } else
 508                pass_up = 0;
 509
 510        if (!pass_up) {
 511                struct hci_event_hdr hdr;
 512                u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
 513
 514                if (desc != 0 && desc != 1) {
 515                        if (hciextn) {
 516                                desc |= 0xc0;
 517                                skb_pull(bcsp->rx_skb, 4);
 518                                memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
 519
 520                                hdr.evt = 0xff;
 521                                hdr.plen = bcsp->rx_skb->len;
 522                                memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
 523                                bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
 524
 525                                hci_recv_frame(bcsp->rx_skb);
 526                        } else {
 527                                BT_ERR ("Packet for unknown channel (%u %s)",
 528                                        bcsp->rx_skb->data[1] & 0x0f,
 529                                        bcsp->rx_skb->data[0] & 0x80 ? 
 530                                        "reliable" : "unreliable");
 531                                kfree_skb(bcsp->rx_skb);
 532                        }
 533                } else
 534                        kfree_skb(bcsp->rx_skb);
 535        } else {
 536                /* Pull out BCSP hdr */
 537                skb_pull(bcsp->rx_skb, 4);
 538
 539                hci_recv_frame(bcsp->rx_skb);
 540        }
 541
 542        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 543        bcsp->rx_skb = NULL;
 544}
 545
 546static u16 bscp_get_crc(struct bcsp_struct *bcsp)
 547{
 548        return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
 549}
 550
 551/* Recv data */
 552static int bcsp_recv(struct hci_uart *hu, void *data, int count)
 553{
 554        struct bcsp_struct *bcsp = hu->priv;
 555        unsigned char *ptr;
 556
 557        BT_DBG("hu %p count %d rx_state %d rx_count %ld", 
 558                hu, count, bcsp->rx_state, bcsp->rx_count);
 559
 560        ptr = data;
 561        while (count) {
 562                if (bcsp->rx_count) {
 563                        if (*ptr == 0xc0) {
 564                                BT_ERR("Short BCSP packet");
 565                                kfree_skb(bcsp->rx_skb);
 566                                bcsp->rx_state = BCSP_W4_PKT_START;
 567                                bcsp->rx_count = 0;
 568                        } else
 569                                bcsp_unslip_one_byte(bcsp, *ptr);
 570
 571                        ptr++; count--;
 572                        continue;
 573                }
 574
 575                switch (bcsp->rx_state) {
 576                case BCSP_W4_BCSP_HDR:
 577                        if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
 578                                        bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
 579                                BT_ERR("Error in BCSP hdr checksum");
 580                                kfree_skb(bcsp->rx_skb);
 581                                bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 582                                bcsp->rx_count = 0;
 583                                continue;
 584                        }
 585                        if (bcsp->rx_skb->data[0] & 0x80        /* reliable pkt */
 586                                        && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
 587                                BT_ERR ("Out-of-order packet arrived, got %u expected %u",
 588                                        bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
 589
 590                                kfree_skb(bcsp->rx_skb);
 591                                bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 592                                bcsp->rx_count = 0;
 593                                continue;
 594                        }
 595                        bcsp->rx_state = BCSP_W4_DATA;
 596                        bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) + 
 597                                        (bcsp->rx_skb->data[2] << 4);   /* May be 0 */
 598                        continue;
 599
 600                case BCSP_W4_DATA:
 601                        if (bcsp->rx_skb->data[0] & 0x40) {     /* pkt with crc */
 602                                bcsp->rx_state = BCSP_W4_CRC;
 603                                bcsp->rx_count = 2;
 604                        } else
 605                                bcsp_complete_rx_pkt(hu);
 606                        continue;
 607
 608                case BCSP_W4_CRC:
 609                        if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
 610                                BT_ERR ("Checksum failed: computed %04x received %04x",
 611                                        bitrev16(bcsp->message_crc),
 612                                        bscp_get_crc(bcsp));
 613
 614                                kfree_skb(bcsp->rx_skb);
 615                                bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 616                                bcsp->rx_count = 0;
 617                                continue;
 618                        }
 619                        skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
 620                        bcsp_complete_rx_pkt(hu);
 621                        continue;
 622
 623                case BCSP_W4_PKT_DELIMITER:
 624                        switch (*ptr) {
 625                        case 0xc0:
 626                                bcsp->rx_state = BCSP_W4_PKT_START;
 627                                break;
 628                        default:
 629                                /*BT_ERR("Ignoring byte %02x", *ptr);*/
 630                                break;
 631                        }
 632                        ptr++; count--;
 633                        break;
 634
 635                case BCSP_W4_PKT_START:
 636                        switch (*ptr) {
 637                        case 0xc0:
 638                                ptr++; count--;
 639                                break;
 640
 641                        default:
 642                                bcsp->rx_state = BCSP_W4_BCSP_HDR;
 643                                bcsp->rx_count = 4;
 644                                bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
 645                                BCSP_CRC_INIT(bcsp->message_crc);
 646
 647                                /* Do not increment ptr or decrement count
 648                                 * Allocate packet. Max len of a BCSP pkt= 
 649                                 * 0xFFF (payload) +4 (header) +2 (crc) */
 650
 651                                bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
 652                                if (!bcsp->rx_skb) {
 653                                        BT_ERR("Can't allocate mem for new packet");
 654                                        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 655                                        bcsp->rx_count = 0;
 656                                        return 0;
 657                                }
 658                                bcsp->rx_skb->dev = (void *) hu->hdev;
 659                                break;
 660                        }
 661                        break;
 662                }
 663        }
 664        return count;
 665}
 666
 667        /* Arrange to retransmit all messages in the relq. */
 668static void bcsp_timed_event(unsigned long arg)
 669{
 670        struct hci_uart *hu = (struct hci_uart *) arg;
 671        struct bcsp_struct *bcsp = hu->priv;
 672        struct sk_buff *skb;
 673        unsigned long flags;
 674
 675        BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
 676
 677        spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
 678
 679        while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
 680                bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
 681                skb_queue_head(&bcsp->rel, skb);
 682        }
 683
 684        spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 685
 686        hci_uart_tx_wakeup(hu);
 687}
 688
 689static int bcsp_open(struct hci_uart *hu)
 690{
 691        struct bcsp_struct *bcsp;
 692
 693        BT_DBG("hu %p", hu);
 694
 695        bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
 696        if (!bcsp)
 697                return -ENOMEM;
 698
 699        hu->priv = bcsp;
 700        skb_queue_head_init(&bcsp->unack);
 701        skb_queue_head_init(&bcsp->rel);
 702        skb_queue_head_init(&bcsp->unrel);
 703
 704        init_timer(&bcsp->tbcsp);
 705        bcsp->tbcsp.function = bcsp_timed_event;
 706        bcsp->tbcsp.data     = (u_long) hu;
 707
 708        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 709
 710        if (txcrc)
 711                bcsp->use_crc = 1;
 712
 713        return 0;
 714}
 715
 716static int bcsp_close(struct hci_uart *hu)
 717{
 718        struct bcsp_struct *bcsp = hu->priv;
 719        hu->priv = NULL;
 720
 721        BT_DBG("hu %p", hu);
 722
 723        skb_queue_purge(&bcsp->unack);
 724        skb_queue_purge(&bcsp->rel);
 725        skb_queue_purge(&bcsp->unrel);
 726        del_timer(&bcsp->tbcsp);
 727
 728        kfree(bcsp);
 729        return 0;
 730}
 731
 732static struct hci_uart_proto bcsp = {
 733        .id             = HCI_UART_BCSP,
 734        .open           = bcsp_open,
 735        .close          = bcsp_close,
 736        .enqueue        = bcsp_enqueue,
 737        .dequeue        = bcsp_dequeue,
 738        .recv           = bcsp_recv,
 739        .flush          = bcsp_flush
 740};
 741
 742int __init bcsp_init(void)
 743{
 744        int err = hci_uart_register_proto(&bcsp);
 745
 746        if (!err)
 747                BT_INFO("HCI BCSP protocol initialized");
 748        else
 749                BT_ERR("HCI BCSP protocol registration failed");
 750
 751        return err;
 752}
 753
 754int __exit bcsp_deinit(void)
 755{
 756        return hci_uart_unregister_proto(&bcsp);
 757}
 758
 759module_param(txcrc, bool, 0644);
 760MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
 761
 762module_param(hciextn, bool, 0644);
 763MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");
 764