LXR linux/drivers/bluetooth/hci

   1/*
   2 *
   3 *  Bluetooth HCI UART driver
   4 *
   5 *  Copyright (C) 2002-2003  Fabrizio Gennari <fabrizio.gennari@philips.com>
   6 *  Copyright (C) 2004-2005  Marcel Holtmann <marcel@holtmann.org>
   7 *
   8 *
   9 *  This program is free software; you can redistribute it and/or modify
  10 *  it under the terms of the GNU General Public License as published by
  11 *  the Free Software Foundation; either version 2 of the License, or
  12 *  (at your option) any later version.
  13 *
  14 *  This program is distributed in the hope that it will be useful,
  15 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17 *  GNU General Public License for more details.
  18 *
  19 *  You should have received a copy of the GNU General Public License
  20 *  along with this program; if not, write to the Free Software
  21 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  22 *
  23 */
  24
  25#include <linux/module.h>
  26
  27#include <linux/kernel.h>
  28#include <linux/init.h>
  29#include <linux/types.h>
  30#include <linux/fcntl.h>
  31#include <linux/interrupt.h>
  32#include <linux/ptrace.h>
  33#include <linux/poll.h>
  34
  35#include <linux/slab.h>
  36#include <linux/tty.h>
  37#include <linux/errno.h>
  38#include <linux/string.h>
  39#include <linux/signal.h>
  40#include <linux/ioctl.h>
  41#include <linux/skbuff.h>
  42#include <linux/bitrev.h>
  43#include <asm/unaligned.h>
  44
  45#include <net/bluetooth/bluetooth.h>
  46#include <net/bluetooth/hci_core.h>
  47
  48#include "hci_uart.h"
  49
  50#define VERSION "0.3"
  51
  52static bool txcrc = 1;
  53static bool hciextn = 1;
  54
  55#define BCSP_TXWINSIZE  4
  56
  57#define BCSP_ACK_PKT    0x05
  58#define BCSP_LE_PKT     0x06
  59
  60struct bcsp_struct {
  61        struct sk_buff_head unack;      /* Unack'ed packets queue */
  62        struct sk_buff_head rel;        /* Reliable packets queue */
  63        struct sk_buff_head unrel;      /* Unreliable packets queue */
  64
  65        unsigned long rx_count;
  66        struct  sk_buff *rx_skb;
  67        u8      rxseq_txack;            /* rxseq == txack. */
  68        u8      rxack;                  /* Last packet sent by us that the peer ack'ed */
  69        struct  timer_list tbcsp;
  70
  71        enum {
  72                BCSP_W4_PKT_DELIMITER,
  73                BCSP_W4_PKT_START,
  74                BCSP_W4_BCSP_HDR,
  75                BCSP_W4_DATA,
  76                BCSP_W4_CRC
  77        } rx_state;
  78
  79        enum {
  80                BCSP_ESCSTATE_NOESC,
  81                BCSP_ESCSTATE_ESC
  82        } rx_esc_state;
  83
  84        u8      use_crc;
  85        u16     message_crc;
  86        u8      txack_req;              /* Do we need to send ack's to the peer? */
  87
  88        /* Reliable packet sequence number - used to assign seq to each rel pkt. */
  89        u8      msgq_txseq;
  90};
  91
  92/* ---- BCSP CRC calculation ---- */
  93
  94/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
  95initial value 0xffff, bits shifted in reverse order. */
  96
  97static const u16 crc_table[] = {
  98        0x0000, 0x1081, 0x2102, 0x3183,
  99        0x4204, 0x5285, 0x6306, 0x7387,
 100        0x8408, 0x9489, 0xa50a, 0xb58b,
 101        0xc60c, 0xd68d, 0xe70e, 0xf78f
 102};
 103
 104/* Initialise the crc calculator */
 105#define BCSP_CRC_INIT(x) x = 0xffff
 106
 107/*
 108   Update crc with next data byte
 109
 110   Implementation note
 111        The data byte is treated as two nibbles.  The crc is generated
 112        in reverse, i.e., bits are fed into the register from the top.
 113*/
 114static void bcsp_crc_update(u16 *crc, u8 d)
 115{
 116        u16 reg = *crc;
 117
 118        reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
 119        reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
 120
 121        *crc = reg;
 122}
 123
 124/* ---- BCSP core ---- */
 125
 126static void bcsp_slip_msgdelim(struct sk_buff *skb)
 127{
 128        const char pkt_delim = 0xc0;
 129
 130        memcpy(skb_put(skb, 1), &pkt_delim, 1);
 131}
 132
 133static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
 134{
 135        const char esc_c0[2] = { 0xdb, 0xdc };
 136        const char esc_db[2] = { 0xdb, 0xdd };
 137
 138        switch (c) {
 139        case 0xc0:
 140                memcpy(skb_put(skb, 2), &esc_c0, 2);
 141                break;
 142        case 0xdb:
 143                memcpy(skb_put(skb, 2), &esc_db, 2);
 144                break;
 145        default:
 146                memcpy(skb_put(skb, 1), &c, 1);
 147        }
 148}
 149
 150static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
 151{
 152        struct bcsp_struct *bcsp = hu->priv;
 153
 154        if (skb->len > 0xFFF) {
 155                BT_ERR("Packet too long");
 156                kfree_skb(skb);
 157                return 0;
 158        }
 159
 160        switch (bt_cb(skb)->pkt_type) {
 161        case HCI_ACLDATA_PKT:
 162        case HCI_COMMAND_PKT:
 163                skb_queue_tail(&bcsp->rel, skb);
 164                break;
 165
 166        case HCI_SCODATA_PKT:
 167                skb_queue_tail(&bcsp->unrel, skb);
 168                break;
 169
 170        default:
 171                BT_ERR("Unknown packet type");
 172                kfree_skb(skb);
 173                break;
 174        }
 175
 176        return 0;
 177}
 178
 179static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
 180                int len, int pkt_type)
 181{
 182        struct sk_buff *nskb;
 183        u8 hdr[4], chan;
 184        u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
 185        int rel, i;
 186
 187        switch (pkt_type) {
 188        case HCI_ACLDATA_PKT:
 189                chan = 6;       /* BCSP ACL channel */
 190                rel = 1;        /* reliable channel */
 191                break;
 192        case HCI_COMMAND_PKT:
 193                chan = 5;       /* BCSP cmd/evt channel */
 194                rel = 1;        /* reliable channel */
 195                break;
 196        case HCI_SCODATA_PKT:
 197                chan = 7;       /* BCSP SCO channel */
 198                rel = 0;        /* unreliable channel */
 199                break;
 200        case BCSP_LE_PKT:
 201                chan = 1;       /* BCSP LE channel */
 202                rel = 0;        /* unreliable channel */
 203                break;
 204        case BCSP_ACK_PKT:
 205                chan = 0;       /* BCSP internal channel */
 206                rel = 0;        /* unreliable channel */
 207                break;
 208        default:
 209                BT_ERR("Unknown packet type");
 210                return NULL;
 211        }
 212
 213        if (hciextn && chan == 5) {
 214                __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
 215
 216                /* Vendor specific commands */
 217                if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
 218                        u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
 219                        if ((desc & 0xf0) == 0xc0) {
 220                                data += HCI_COMMAND_HDR_SIZE + 1;
 221                                len  -= HCI_COMMAND_HDR_SIZE + 1;
 222                                chan = desc & 0x0f;
 223                        }
 224                }
 225        }
 226
 227        /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
 228           (because bytes 0xc0 and 0xdb are escaped, worst case is
 229           when the packet is all made of 0xc0 and 0xdb :) )
 230           + 2 (0xc0 delimiters at start and end). */
 231
 232        nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
 233        if (!nskb)
 234                return NULL;
 235
 236        bt_cb(nskb)->pkt_type = pkt_type;
 237
 238        bcsp_slip_msgdelim(nskb);
 239
 240        hdr[0] = bcsp->rxseq_txack << 3;
 241        bcsp->txack_req = 0;
 242        BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
 243
 244        if (rel) {
 245                hdr[0] |= 0x80 + bcsp->msgq_txseq;
 246                BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
 247                bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
 248        }
 249
 250        if (bcsp->use_crc)
 251                hdr[0] |= 0x40;
 252
 253        hdr[1] = ((len << 4) & 0xff) | chan;
 254        hdr[2] = len >> 4;
 255        hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
 256
 257        /* Put BCSP header */
 258        for (i = 0; i < 4; i++) {
 259                bcsp_slip_one_byte(nskb, hdr[i]);
 260
 261                if (bcsp->use_crc)
 262                        bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
 263        }
 264
 265        /* Put payload */
 266        for (i = 0; i < len; i++) {
 267                bcsp_slip_one_byte(nskb, data[i]);
 268
 269                if (bcsp->use_crc)
 270                        bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
 271        }
 272
 273        /* Put CRC */
 274        if (bcsp->use_crc) {
 275                bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
 276                bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
 277                bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
 278        }
 279
 280        bcsp_slip_msgdelim(nskb);
 281        return nskb;
 282}
 283
 284/* This is a rewrite of pkt_avail in ABCSP */
 285static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
 286{
 287        struct bcsp_struct *bcsp = hu->priv;
 288        unsigned long flags;
 289        struct sk_buff *skb;
 290        
 291        /* First of all, check for unreliable messages in the queue,
 292           since they have priority */
 293
 294        skb = skb_dequeue(&bcsp->unrel);
 295        if (skb != NULL) {
 296                struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
 297                if (nskb) {
 298                        kfree_skb(skb);
 299                        return nskb;
 300                } else {
 301                        skb_queue_head(&bcsp->unrel, skb);
 302                        BT_ERR("Could not dequeue pkt because alloc_skb failed");
 303                }
 304        }
 305
 306        /* Now, try to send a reliable pkt. We can only send a
 307           reliable packet if the number of packets sent but not yet ack'ed
 308           is < than the winsize */
 309
 310        spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
 311
 312        if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
 313                skb = skb_dequeue(&bcsp->rel);
 314                if (skb != NULL) {
 315                        struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
 316                                                                bt_cb(skb)->pkt_type);
 317                        if (nskb) {
 318                                __skb_queue_tail(&bcsp->unack, skb);
 319                                mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
 320                                spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 321                                return nskb;
 322                        } else {
 323                                skb_queue_head(&bcsp->rel, skb);
 324                                BT_ERR("Could not dequeue pkt because alloc_skb failed");
 325                        }
 326                }
 327        }
 328
 329        spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 330
 331        /* We could not send a reliable packet, either because there are
 332           none or because there are too many unack'ed pkts. Did we receive
 333           any packets we have not acknowledged yet ? */
 334
 335        if (bcsp->txack_req) {
 336                /* if so, craft an empty ACK pkt and send it on BCSP unreliable
 337                   channel 0 */
 338                struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
 339                return nskb;
 340        }
 341
 342        /* We have nothing to send */
 343        return NULL;
 344}
 345
 346static int bcsp_flush(struct hci_uart *hu)
 347{
 348        BT_DBG("hu %p", hu);
 349        return 0;
 350}
 351
 352/* Remove ack'ed packets */
 353static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
 354{
 355        struct sk_buff *skb, *tmp;
 356        unsigned long flags;
 357        int i, pkts_to_be_removed;
 358        u8 seqno;
 359
 360        spin_lock_irqsave(&bcsp->unack.lock, flags);
 361
 362        pkts_to_be_removed = skb_queue_len(&bcsp->unack);
 363        seqno = bcsp->msgq_txseq;
 364
 365        while (pkts_to_be_removed) {
 366                if (bcsp->rxack == seqno)
 367                        break;
 368                pkts_to_be_removed--;
 369                seqno = (seqno - 1) & 0x07;
 370        }
 371
 372        if (bcsp->rxack != seqno)
 373                BT_ERR("Peer acked invalid packet");
 374
 375        BT_DBG("Removing %u pkts out of %u, up to seqno %u",
 376               pkts_to_be_removed, skb_queue_len(&bcsp->unack),
 377               (seqno - 1) & 0x07);
 378
 379        i = 0;
 380        skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
 381                if (i >= pkts_to_be_removed)
 382                        break;
 383                i++;
 384
 385                __skb_unlink(skb, &bcsp->unack);
 386                kfree_skb(skb);
 387        }
 388
 389        if (skb_queue_empty(&bcsp->unack))
 390                del_timer(&bcsp->tbcsp);
 391
 392        spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 393
 394        if (i != pkts_to_be_removed)
 395                BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
 396}
 397
 398/* Handle BCSP link-establishment packets. When we
 399   detect a "sync" packet, symptom that the BT module has reset,
 400   we do nothing :) (yet) */
 401static void bcsp_handle_le_pkt(struct hci_uart *hu)
 402{
 403        struct bcsp_struct *bcsp = hu->priv;
 404        u8 conf_pkt[4]     = { 0xad, 0xef, 0xac, 0xed };
 405        u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
 406        u8 sync_pkt[4]     = { 0xda, 0xdc, 0xed, 0xed };
 407
 408        /* spot "conf" pkts and reply with a "conf rsp" pkt */
 409        if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
 410                        !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
 411                struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
 412
 413                BT_DBG("Found a LE conf pkt");
 414                if (!nskb)
 415                        return;
 416                memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
 417                bt_cb(nskb)->pkt_type = BCSP_LE_PKT;
 418
 419                skb_queue_head(&bcsp->unrel, nskb);
 420                hci_uart_tx_wakeup(hu);
 421        }
 422        /* Spot "sync" pkts. If we find one...disaster! */
 423        else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
 424                        !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
 425                BT_ERR("Found a LE sync pkt, card has reset");
 426        }
 427}
 428
 429static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
 430{
 431        const u8 c0 = 0xc0, db = 0xdb;
 432
 433        switch (bcsp->rx_esc_state) {
 434        case BCSP_ESCSTATE_NOESC:
 435                switch (byte) {
 436                case 0xdb:
 437                        bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
 438                        break;
 439                default:
 440                        memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
 441                        if ((bcsp->rx_skb-> data[0] & 0x40) != 0 && 
 442                                        bcsp->rx_state != BCSP_W4_CRC)
 443                                bcsp_crc_update(&bcsp->message_crc, byte);
 444                        bcsp->rx_count--;
 445                }
 446                break;
 447
 448        case BCSP_ESCSTATE_ESC:
 449                switch (byte) {
 450                case 0xdc:
 451                        memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
 452                        if ((bcsp->rx_skb-> data[0] & 0x40) != 0 && 
 453                                        bcsp->rx_state != BCSP_W4_CRC)
 454                                bcsp_crc_update(&bcsp-> message_crc, 0xc0);
 455                        bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
 456                        bcsp->rx_count--;
 457                        break;
 458
 459                case 0xdd:
 460                        memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
 461                        if ((bcsp->rx_skb-> data[0] & 0x40) != 0 && 
 462                                        bcsp->rx_state != BCSP_W4_CRC) 
 463                                bcsp_crc_update(&bcsp-> message_crc, 0xdb);
 464                        bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
 465                        bcsp->rx_count--;
 466                        break;
 467
 468                default:
 469                        BT_ERR ("Invalid byte %02x after esc byte", byte);
 470                        kfree_skb(bcsp->rx_skb);
 471                        bcsp->rx_skb = NULL;
 472                        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 473                        bcsp->rx_count = 0;
 474                }
 475        }
 476}
 477
 478static void bcsp_complete_rx_pkt(struct hci_uart *hu)
 479{
 480        struct bcsp_struct *bcsp = hu->priv;
 481        int pass_up;
 482
 483        if (bcsp->rx_skb->data[0] & 0x80) {     /* reliable pkt */
 484                BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
 485                bcsp->rxseq_txack++;
 486                bcsp->rxseq_txack %= 0x8;
 487                bcsp->txack_req    = 1;
 488
 489                /* If needed, transmit an ack pkt */
 490                hci_uart_tx_wakeup(hu);
 491        }
 492
 493        bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
 494        BT_DBG("Request for pkt %u from card", bcsp->rxack);
 495
 496        bcsp_pkt_cull(bcsp);
 497        if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
 498                        bcsp->rx_skb->data[0] & 0x80) {
 499                bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT;
 500                pass_up = 1;
 501        } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
 502                        bcsp->rx_skb->data[0] & 0x80) {
 503                bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
 504                pass_up = 1;
 505        } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
 506                bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT;
 507                pass_up = 1;
 508        } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
 509                        !(bcsp->rx_skb->data[0] & 0x80)) {
 510                bcsp_handle_le_pkt(hu);
 511                pass_up = 0;
 512        } else
 513                pass_up = 0;
 514
 515        if (!pass_up) {
 516                struct hci_event_hdr hdr;
 517                u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
 518
 519                if (desc != 0 && desc != 1) {
 520                        if (hciextn) {
 521                                desc |= 0xc0;
 522                                skb_pull(bcsp->rx_skb, 4);
 523                                memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
 524
 525                                hdr.evt = 0xff;
 526                                hdr.plen = bcsp->rx_skb->len;
 527                                memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
 528                                bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
 529
 530                                hci_recv_frame(hu->hdev, bcsp->rx_skb);
 531                        } else {
 532                                BT_ERR ("Packet for unknown channel (%u %s)",
 533                                        bcsp->rx_skb->data[1] & 0x0f,
 534                                        bcsp->rx_skb->data[0] & 0x80 ? 
 535                                        "reliable" : "unreliable");
 536                                kfree_skb(bcsp->rx_skb);
 537                        }
 538                } else
 539                        kfree_skb(bcsp->rx_skb);
 540        } else {
 541                /* Pull out BCSP hdr */
 542                skb_pull(bcsp->rx_skb, 4);
 543
 544                hci_recv_frame(hu->hdev, bcsp->rx_skb);
 545        }
 546
 547        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 548        bcsp->rx_skb = NULL;
 549}
 550
 551static u16 bscp_get_crc(struct bcsp_struct *bcsp)
 552{
 553        return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
 554}
 555
 556/* Recv data */
 557static int bcsp_recv(struct hci_uart *hu, void *data, int count)
 558{
 559        struct bcsp_struct *bcsp = hu->priv;
 560        unsigned char *ptr;
 561
 562        BT_DBG("hu %p count %d rx_state %d rx_count %ld", 
 563                hu, count, bcsp->rx_state, bcsp->rx_count);
 564
 565        ptr = data;
 566        while (count) {
 567                if (bcsp->rx_count) {
 568                        if (*ptr == 0xc0) {
 569                                BT_ERR("Short BCSP packet");
 570                                kfree_skb(bcsp->rx_skb);
 571                                bcsp->rx_state = BCSP_W4_PKT_START;
 572                                bcsp->rx_count = 0;
 573                        } else
 574                                bcsp_unslip_one_byte(bcsp, *ptr);
 575
 576                        ptr++; count--;
 577                        continue;
 578                }
 579
 580                switch (bcsp->rx_state) {
 581                case BCSP_W4_BCSP_HDR:
 582                        if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
 583                                        bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
 584                                BT_ERR("Error in BCSP hdr checksum");
 585                                kfree_skb(bcsp->rx_skb);
 586                                bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 587                                bcsp->rx_count = 0;
 588                                continue;
 589                        }
 590                        if (bcsp->rx_skb->data[0] & 0x80        /* reliable pkt */
 591                                        && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
 592                                BT_ERR ("Out-of-order packet arrived, got %u expected %u",
 593                                        bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
 594
 595                                kfree_skb(bcsp->rx_skb);
 596                                bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 597                                bcsp->rx_count = 0;
 598                                continue;
 599                        }
 600                        bcsp->rx_state = BCSP_W4_DATA;
 601                        bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) + 
 602                                        (bcsp->rx_skb->data[2] << 4);   /* May be 0 */
 603                        continue;
 604
 605                case BCSP_W4_DATA:
 606                        if (bcsp->rx_skb->data[0] & 0x40) {     /* pkt with crc */
 607                                bcsp->rx_state = BCSP_W4_CRC;
 608                                bcsp->rx_count = 2;
 609                        } else
 610                                bcsp_complete_rx_pkt(hu);
 611                        continue;
 612
 613                case BCSP_W4_CRC:
 614                        if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
 615                                BT_ERR ("Checksum failed: computed %04x received %04x",
 616                                        bitrev16(bcsp->message_crc),
 617                                        bscp_get_crc(bcsp));
 618
 619                                kfree_skb(bcsp->rx_skb);
 620                                bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 621                                bcsp->rx_count = 0;
 622                                continue;
 623                        }
 624                        skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
 625                        bcsp_complete_rx_pkt(hu);
 626                        continue;
 627
 628                case BCSP_W4_PKT_DELIMITER:
 629                        switch (*ptr) {
 630                        case 0xc0:
 631                                bcsp->rx_state = BCSP_W4_PKT_START;
 632                                break;
 633                        default:
 634                                /*BT_ERR("Ignoring byte %02x", *ptr);*/
 635                                break;
 636                        }
 637                        ptr++; count--;
 638                        break;
 639
 640                case BCSP_W4_PKT_START:
 641                        switch (*ptr) {
 642                        case 0xc0:
 643                                ptr++; count--;
 644                                break;
 645
 646                        default:
 647                                bcsp->rx_state = BCSP_W4_BCSP_HDR;
 648                                bcsp->rx_count = 4;
 649                                bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
 650                                BCSP_CRC_INIT(bcsp->message_crc);
 651
 652                                /* Do not increment ptr or decrement count
 653                                 * Allocate packet. Max len of a BCSP pkt= 
 654                                 * 0xFFF (payload) +4 (header) +2 (crc) */
 655
 656                                bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
 657                                if (!bcsp->rx_skb) {
 658                                        BT_ERR("Can't allocate mem for new packet");
 659                                        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 660                                        bcsp->rx_count = 0;
 661                                        return 0;
 662                                }
 663                                break;
 664                        }
 665                        break;
 666                }
 667        }
 668        return count;
 669}
 670
 671        /* Arrange to retransmit all messages in the relq. */
 672static void bcsp_timed_event(unsigned long arg)
 673{
 674        struct hci_uart *hu = (struct hci_uart *) arg;
 675        struct bcsp_struct *bcsp = hu->priv;
 676        struct sk_buff *skb;
 677        unsigned long flags;
 678
 679        BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
 680
 681        spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
 682
 683        while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
 684                bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
 685                skb_queue_head(&bcsp->rel, skb);
 686        }
 687
 688        spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 689
 690        hci_uart_tx_wakeup(hu);
 691}
 692
 693static int bcsp_open(struct hci_uart *hu)
 694{
 695        struct bcsp_struct *bcsp;
 696
 697        BT_DBG("hu %p", hu);
 698
 699        bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
 700        if (!bcsp)
 701                return -ENOMEM;
 702
 703        hu->priv = bcsp;
 704        skb_queue_head_init(&bcsp->unack);
 705        skb_queue_head_init(&bcsp->rel);
 706        skb_queue_head_init(&bcsp->unrel);
 707
 708        init_timer(&bcsp->tbcsp);
 709        bcsp->tbcsp.function = bcsp_timed_event;
 710        bcsp->tbcsp.data     = (u_long) hu;
 711
 712        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 713
 714        if (txcrc)
 715                bcsp->use_crc = 1;
 716
 717        return 0;
 718}
 719
 720static int bcsp_close(struct hci_uart *hu)
 721{
 722        struct bcsp_struct *bcsp = hu->priv;
 723
 724        del_timer_sync(&bcsp->tbcsp);
 725
 726        hu->priv = NULL;
 727
 728        BT_DBG("hu %p", hu);
 729
 730        skb_queue_purge(&bcsp->unack);
 731        skb_queue_purge(&bcsp->rel);
 732        skb_queue_purge(&bcsp->unrel);
 733
 734        kfree(bcsp);
 735        return 0;
 736}
 737
 738static struct hci_uart_proto bcsp = {
 739        .id             = HCI_UART_BCSP,
 740        .open           = bcsp_open,
 741        .close          = bcsp_close,
 742        .enqueue        = bcsp_enqueue,
 743        .dequeue        = bcsp_dequeue,
 744        .recv           = bcsp_recv,
 745        .flush          = bcsp_flush
 746};
 747
 748int __init bcsp_init(void)
 749{
 750        int err = hci_uart_register_proto(&bcsp);
 751
 752        if (!err)
 753                BT_INFO("HCI BCSP protocol initialized");
 754        else
 755                BT_ERR("HCI BCSP protocol registration failed");
 756
 757        return err;
 758}
 759
 760int __exit bcsp_deinit(void)
 761{
 762        return hci_uart_unregister_proto(&bcsp);
 763}
 764
 765module_param(txcrc, bool, 0644);
 766MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
 767
 768module_param(hciextn, bool, 0644);
 769MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");
 770