LXR linux/drivers/bluetooth/hci

   1/*
   2 *
   3 *  Bluetooth HCI UART driver
   4 *
   5 *  Copyright (C) 2002-2003  Fabrizio Gennari <fabrizio.gennari@philips.com>
   6 *  Copyright (C) 2004-2005  Marcel Holtmann <marcel@holtmann.org>
   7 *
   8 *
   9 *  This program is free software; you can redistribute it and/or modify
  10 *  it under the terms of the GNU General Public License as published by
  11 *  the Free Software Foundation; either version 2 of the License, or
  12 *  (at your option) any later version.
  13 *
  14 *  This program is distributed in the hope that it will be useful,
  15 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17 *  GNU General Public License for more details.
  18 *
  19 *  You should have received a copy of the GNU General Public License
  20 *  along with this program; if not, write to the Free Software
  21 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  22 *
  23 */
  24
  25#include <linux/module.h>
  26
  27#include <linux/kernel.h>
  28#include <linux/init.h>
  29#include <linux/types.h>
  30#include <linux/fcntl.h>
  31#include <linux/interrupt.h>
  32#include <linux/ptrace.h>
  33#include <linux/poll.h>
  34
  35#include <linux/slab.h>
  36#include <linux/tty.h>
  37#include <linux/errno.h>
  38#include <linux/string.h>
  39#include <linux/signal.h>
  40#include <linux/ioctl.h>
  41#include <linux/skbuff.h>
  42#include <linux/bitrev.h>
  43#include <asm/unaligned.h>
  44
  45#include <net/bluetooth/bluetooth.h>
  46#include <net/bluetooth/hci_core.h>
  47
  48#include "hci_uart.h"
  49
  50static bool txcrc = true;
  51static bool hciextn = true;
  52
  53#define BCSP_TXWINSIZE  4
  54
  55#define BCSP_ACK_PKT    0x05
  56#define BCSP_LE_PKT     0x06
  57
  58struct bcsp_struct {
  59        struct sk_buff_head unack;      /* Unack'ed packets queue */
  60        struct sk_buff_head rel;        /* Reliable packets queue */
  61        struct sk_buff_head unrel;      /* Unreliable packets queue */
  62
  63        unsigned long rx_count;
  64        struct  sk_buff *rx_skb;
  65        u8      rxseq_txack;            /* rxseq == txack. */
  66        u8      rxack;                  /* Last packet sent by us that the peer ack'ed */
  67        struct  timer_list tbcsp;
  68
  69        enum {
  70                BCSP_W4_PKT_DELIMITER,
  71                BCSP_W4_PKT_START,
  72                BCSP_W4_BCSP_HDR,
  73                BCSP_W4_DATA,
  74                BCSP_W4_CRC
  75        } rx_state;
  76
  77        enum {
  78                BCSP_ESCSTATE_NOESC,
  79                BCSP_ESCSTATE_ESC
  80        } rx_esc_state;
  81
  82        u8      use_crc;
  83        u16     message_crc;
  84        u8      txack_req;              /* Do we need to send ack's to the peer? */
  85
  86        /* Reliable packet sequence number - used to assign seq to each rel pkt. */
  87        u8      msgq_txseq;
  88};
  89
  90/* ---- BCSP CRC calculation ---- */
  91
  92/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
  93initial value 0xffff, bits shifted in reverse order. */
  94
  95static const u16 crc_table[] = {
  96        0x0000, 0x1081, 0x2102, 0x3183,
  97        0x4204, 0x5285, 0x6306, 0x7387,
  98        0x8408, 0x9489, 0xa50a, 0xb58b,
  99        0xc60c, 0xd68d, 0xe70e, 0xf78f
 100};
 101
 102/* Initialise the crc calculator */
 103#define BCSP_CRC_INIT(x) x = 0xffff
 104
 105/*
 106   Update crc with next data byte
 107
 108   Implementation note
 109        The data byte is treated as two nibbles.  The crc is generated
 110        in reverse, i.e., bits are fed into the register from the top.
 111*/
 112static void bcsp_crc_update(u16 *crc, u8 d)
 113{
 114        u16 reg = *crc;
 115
 116        reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
 117        reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
 118
 119        *crc = reg;
 120}
 121
 122/* ---- BCSP core ---- */
 123
 124static void bcsp_slip_msgdelim(struct sk_buff *skb)
 125{
 126        const char pkt_delim = 0xc0;
 127
 128        memcpy(skb_put(skb, 1), &pkt_delim, 1);
 129}
 130
 131static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
 132{
 133        const char esc_c0[2] = { 0xdb, 0xdc };
 134        const char esc_db[2] = { 0xdb, 0xdd };
 135
 136        switch (c) {
 137        case 0xc0:
 138                memcpy(skb_put(skb, 2), &esc_c0, 2);
 139                break;
 140        case 0xdb:
 141                memcpy(skb_put(skb, 2), &esc_db, 2);
 142                break;
 143        default:
 144                memcpy(skb_put(skb, 1), &c, 1);
 145        }
 146}
 147
 148static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
 149{
 150        struct bcsp_struct *bcsp = hu->priv;
 151
 152        if (skb->len > 0xFFF) {
 153                BT_ERR("Packet too long");
 154                kfree_skb(skb);
 155                return 0;
 156        }
 157
 158        switch (hci_skb_pkt_type(skb)) {
 159        case HCI_ACLDATA_PKT:
 160        case HCI_COMMAND_PKT:
 161                skb_queue_tail(&bcsp->rel, skb);
 162                break;
 163
 164        case HCI_SCODATA_PKT:
 165                skb_queue_tail(&bcsp->unrel, skb);
 166                break;
 167
 168        default:
 169                BT_ERR("Unknown packet type");
 170                kfree_skb(skb);
 171                break;
 172        }
 173
 174        return 0;
 175}
 176
 177static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
 178                int len, int pkt_type)
 179{
 180        struct sk_buff *nskb;
 181        u8 hdr[4], chan;
 182        u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
 183        int rel, i;
 184
 185        switch (pkt_type) {
 186        case HCI_ACLDATA_PKT:
 187                chan = 6;       /* BCSP ACL channel */
 188                rel = 1;        /* reliable channel */
 189                break;
 190        case HCI_COMMAND_PKT:
 191                chan = 5;       /* BCSP cmd/evt channel */
 192                rel = 1;        /* reliable channel */
 193                break;
 194        case HCI_SCODATA_PKT:
 195                chan = 7;       /* BCSP SCO channel */
 196                rel = 0;        /* unreliable channel */
 197                break;
 198        case BCSP_LE_PKT:
 199                chan = 1;       /* BCSP LE channel */
 200                rel = 0;        /* unreliable channel */
 201                break;
 202        case BCSP_ACK_PKT:
 203                chan = 0;       /* BCSP internal channel */
 204                rel = 0;        /* unreliable channel */
 205                break;
 206        default:
 207                BT_ERR("Unknown packet type");
 208                return NULL;
 209        }
 210
 211        if (hciextn && chan == 5) {
 212                __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
 213
 214                /* Vendor specific commands */
 215                if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
 216                        u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
 217                        if ((desc & 0xf0) == 0xc0) {
 218                                data += HCI_COMMAND_HDR_SIZE + 1;
 219                                len  -= HCI_COMMAND_HDR_SIZE + 1;
 220                                chan = desc & 0x0f;
 221                        }
 222                }
 223        }
 224
 225        /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
 226           (because bytes 0xc0 and 0xdb are escaped, worst case is
 227           when the packet is all made of 0xc0 and 0xdb :) )
 228           + 2 (0xc0 delimiters at start and end). */
 229
 230        nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
 231        if (!nskb)
 232                return NULL;
 233
 234        hci_skb_pkt_type(nskb) = pkt_type;
 235
 236        bcsp_slip_msgdelim(nskb);
 237
 238        hdr[0] = bcsp->rxseq_txack << 3;
 239        bcsp->txack_req = 0;
 240        BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
 241
 242        if (rel) {
 243                hdr[0] |= 0x80 + bcsp->msgq_txseq;
 244                BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
 245                bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
 246        }
 247
 248        if (bcsp->use_crc)
 249                hdr[0] |= 0x40;
 250
 251        hdr[1] = ((len << 4) & 0xff) | chan;
 252        hdr[2] = len >> 4;
 253        hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
 254
 255        /* Put BCSP header */
 256        for (i = 0; i < 4; i++) {
 257                bcsp_slip_one_byte(nskb, hdr[i]);
 258
 259                if (bcsp->use_crc)
 260                        bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
 261        }
 262
 263        /* Put payload */
 264        for (i = 0; i < len; i++) {
 265                bcsp_slip_one_byte(nskb, data[i]);
 266
 267                if (bcsp->use_crc)
 268                        bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
 269        }
 270
 271        /* Put CRC */
 272        if (bcsp->use_crc) {
 273                bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
 274                bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
 275                bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
 276        }
 277
 278        bcsp_slip_msgdelim(nskb);
 279        return nskb;
 280}
 281
 282/* This is a rewrite of pkt_avail in ABCSP */
 283static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
 284{
 285        struct bcsp_struct *bcsp = hu->priv;
 286        unsigned long flags;
 287        struct sk_buff *skb;
 288        
 289        /* First of all, check for unreliable messages in the queue,
 290           since they have priority */
 291
 292        skb = skb_dequeue(&bcsp->unrel);
 293        if (skb != NULL) {
 294                struct sk_buff *nskb;
 295
 296                nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
 297                                        hci_skb_pkt_type(skb));
 298                if (nskb) {
 299                        kfree_skb(skb);
 300                        return nskb;
 301                } else {
 302                        skb_queue_head(&bcsp->unrel, skb);
 303                        BT_ERR("Could not dequeue pkt because alloc_skb failed");
 304                }
 305        }
 306
 307        /* Now, try to send a reliable pkt. We can only send a
 308           reliable packet if the number of packets sent but not yet ack'ed
 309           is < than the winsize */
 310
 311        spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
 312
 313        if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
 314                skb = skb_dequeue(&bcsp->rel);
 315                if (skb != NULL) {
 316                        struct sk_buff *nskb;
 317
 318                        nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
 319                                                hci_skb_pkt_type(skb));
 320                        if (nskb) {
 321                                __skb_queue_tail(&bcsp->unack, skb);
 322                                mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
 323                                spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 324                                return nskb;
 325                        } else {
 326                                skb_queue_head(&bcsp->rel, skb);
 327                                BT_ERR("Could not dequeue pkt because alloc_skb failed");
 328                        }
 329                }
 330        }
 331
 332        spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 333
 334        /* We could not send a reliable packet, either because there are
 335           none or because there are too many unack'ed pkts. Did we receive
 336           any packets we have not acknowledged yet ? */
 337
 338        if (bcsp->txack_req) {
 339                /* if so, craft an empty ACK pkt and send it on BCSP unreliable
 340                   channel 0 */
 341                struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
 342                return nskb;
 343        }
 344
 345        /* We have nothing to send */
 346        return NULL;
 347}
 348
 349static int bcsp_flush(struct hci_uart *hu)
 350{
 351        BT_DBG("hu %p", hu);
 352        return 0;
 353}
 354
 355/* Remove ack'ed packets */
 356static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
 357{
 358        struct sk_buff *skb, *tmp;
 359        unsigned long flags;
 360        int i, pkts_to_be_removed;
 361        u8 seqno;
 362
 363        spin_lock_irqsave(&bcsp->unack.lock, flags);
 364
 365        pkts_to_be_removed = skb_queue_len(&bcsp->unack);
 366        seqno = bcsp->msgq_txseq;
 367
 368        while (pkts_to_be_removed) {
 369                if (bcsp->rxack == seqno)
 370                        break;
 371                pkts_to_be_removed--;
 372                seqno = (seqno - 1) & 0x07;
 373        }
 374
 375        if (bcsp->rxack != seqno)
 376                BT_ERR("Peer acked invalid packet");
 377
 378        BT_DBG("Removing %u pkts out of %u, up to seqno %u",
 379               pkts_to_be_removed, skb_queue_len(&bcsp->unack),
 380               (seqno - 1) & 0x07);
 381
 382        i = 0;
 383        skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
 384                if (i >= pkts_to_be_removed)
 385                        break;
 386                i++;
 387
 388                __skb_unlink(skb, &bcsp->unack);
 389                kfree_skb(skb);
 390        }
 391
 392        if (skb_queue_empty(&bcsp->unack))
 393                del_timer(&bcsp->tbcsp);
 394
 395        spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 396
 397        if (i != pkts_to_be_removed)
 398                BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
 399}
 400
 401/* Handle BCSP link-establishment packets. When we
 402   detect a "sync" packet, symptom that the BT module has reset,
 403   we do nothing :) (yet) */
 404static void bcsp_handle_le_pkt(struct hci_uart *hu)
 405{
 406        struct bcsp_struct *bcsp = hu->priv;
 407        u8 conf_pkt[4]     = { 0xad, 0xef, 0xac, 0xed };
 408        u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
 409        u8 sync_pkt[4]     = { 0xda, 0xdc, 0xed, 0xed };
 410
 411        /* spot "conf" pkts and reply with a "conf rsp" pkt */
 412        if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
 413                        !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
 414                struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
 415
 416                BT_DBG("Found a LE conf pkt");
 417                if (!nskb)
 418                        return;
 419                memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
 420                hci_skb_pkt_type(nskb) = BCSP_LE_PKT;
 421
 422                skb_queue_head(&bcsp->unrel, nskb);
 423                hci_uart_tx_wakeup(hu);
 424        }
 425        /* Spot "sync" pkts. If we find one...disaster! */
 426        else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
 427                        !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
 428                BT_ERR("Found a LE sync pkt, card has reset");
 429        }
 430}
 431
 432static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
 433{
 434        const u8 c0 = 0xc0, db = 0xdb;
 435
 436        switch (bcsp->rx_esc_state) {
 437        case BCSP_ESCSTATE_NOESC:
 438                switch (byte) {
 439                case 0xdb:
 440                        bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
 441                        break;
 442                default:
 443                        memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
 444                        if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
 445                                        bcsp->rx_state != BCSP_W4_CRC)
 446                                bcsp_crc_update(&bcsp->message_crc, byte);
 447                        bcsp->rx_count--;
 448                }
 449                break;
 450
 451        case BCSP_ESCSTATE_ESC:
 452                switch (byte) {
 453                case 0xdc:
 454                        memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
 455                        if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
 456                                        bcsp->rx_state != BCSP_W4_CRC)
 457                                bcsp_crc_update(&bcsp->message_crc, 0xc0);
 458                        bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
 459                        bcsp->rx_count--;
 460                        break;
 461
 462                case 0xdd:
 463                        memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
 464                        if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
 465                                        bcsp->rx_state != BCSP_W4_CRC) 
 466                                bcsp_crc_update(&bcsp->message_crc, 0xdb);
 467                        bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
 468                        bcsp->rx_count--;
 469                        break;
 470
 471                default:
 472                        BT_ERR("Invalid byte %02x after esc byte", byte);
 473                        kfree_skb(bcsp->rx_skb);
 474                        bcsp->rx_skb = NULL;
 475                        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 476                        bcsp->rx_count = 0;
 477                }
 478        }
 479}
 480
 481static void bcsp_complete_rx_pkt(struct hci_uart *hu)
 482{
 483        struct bcsp_struct *bcsp = hu->priv;
 484        int pass_up;
 485
 486        if (bcsp->rx_skb->data[0] & 0x80) {     /* reliable pkt */
 487                BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
 488                bcsp->rxseq_txack++;
 489                bcsp->rxseq_txack %= 0x8;
 490                bcsp->txack_req    = 1;
 491
 492                /* If needed, transmit an ack pkt */
 493                hci_uart_tx_wakeup(hu);
 494        }
 495
 496        bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
 497        BT_DBG("Request for pkt %u from card", bcsp->rxack);
 498
 499        bcsp_pkt_cull(bcsp);
 500        if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
 501                        bcsp->rx_skb->data[0] & 0x80) {
 502                hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT;
 503                pass_up = 1;
 504        } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
 505                        bcsp->rx_skb->data[0] & 0x80) {
 506                hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
 507                pass_up = 1;
 508        } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
 509                hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT;
 510                pass_up = 1;
 511        } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
 512                        !(bcsp->rx_skb->data[0] & 0x80)) {
 513                bcsp_handle_le_pkt(hu);
 514                pass_up = 0;
 515        } else
 516                pass_up = 0;
 517
 518        if (!pass_up) {
 519                struct hci_event_hdr hdr;
 520                u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
 521
 522                if (desc != 0 && desc != 1) {
 523                        if (hciextn) {
 524                                desc |= 0xc0;
 525                                skb_pull(bcsp->rx_skb, 4);
 526                                memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
 527
 528                                hdr.evt = 0xff;
 529                                hdr.plen = bcsp->rx_skb->len;
 530                                memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
 531                                hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
 532
 533                                hci_recv_frame(hu->hdev, bcsp->rx_skb);
 534                        } else {
 535                                BT_ERR("Packet for unknown channel (%u %s)",
 536                                        bcsp->rx_skb->data[1] & 0x0f,
 537                                        bcsp->rx_skb->data[0] & 0x80 ? 
 538                                        "reliable" : "unreliable");
 539                                kfree_skb(bcsp->rx_skb);
 540                        }
 541                } else
 542                        kfree_skb(bcsp->rx_skb);
 543        } else {
 544                /* Pull out BCSP hdr */
 545                skb_pull(bcsp->rx_skb, 4);
 546
 547                hci_recv_frame(hu->hdev, bcsp->rx_skb);
 548        }
 549
 550        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 551        bcsp->rx_skb = NULL;
 552}
 553
 554static u16 bscp_get_crc(struct bcsp_struct *bcsp)
 555{
 556        return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
 557}
 558
 559/* Recv data */
 560static int bcsp_recv(struct hci_uart *hu, const void *data, int count)
 561{
 562        struct bcsp_struct *bcsp = hu->priv;
 563        const unsigned char *ptr;
 564
 565        BT_DBG("hu %p count %d rx_state %d rx_count %ld", 
 566                hu, count, bcsp->rx_state, bcsp->rx_count);
 567
 568        ptr = data;
 569        while (count) {
 570                if (bcsp->rx_count) {
 571                        if (*ptr == 0xc0) {
 572                                BT_ERR("Short BCSP packet");
 573                                kfree_skb(bcsp->rx_skb);
 574                                bcsp->rx_state = BCSP_W4_PKT_START;
 575                                bcsp->rx_count = 0;
 576                        } else
 577                                bcsp_unslip_one_byte(bcsp, *ptr);
 578
 579                        ptr++; count--;
 580                        continue;
 581                }
 582
 583                switch (bcsp->rx_state) {
 584                case BCSP_W4_BCSP_HDR:
 585                        if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
 586                                        bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
 587                                BT_ERR("Error in BCSP hdr checksum");
 588                                kfree_skb(bcsp->rx_skb);
 589                                bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 590                                bcsp->rx_count = 0;
 591                                continue;
 592                        }
 593                        if (bcsp->rx_skb->data[0] & 0x80        /* reliable pkt */
 594                                        && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
 595                                BT_ERR("Out-of-order packet arrived, got %u expected %u",
 596                                        bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
 597
 598                                kfree_skb(bcsp->rx_skb);
 599                                bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 600                                bcsp->rx_count = 0;
 601                                continue;
 602                        }
 603                        bcsp->rx_state = BCSP_W4_DATA;
 604                        bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) + 
 605                                        (bcsp->rx_skb->data[2] << 4);   /* May be 0 */
 606                        continue;
 607
 608                case BCSP_W4_DATA:
 609                        if (bcsp->rx_skb->data[0] & 0x40) {     /* pkt with crc */
 610                                bcsp->rx_state = BCSP_W4_CRC;
 611                                bcsp->rx_count = 2;
 612                        } else
 613                                bcsp_complete_rx_pkt(hu);
 614                        continue;
 615
 616                case BCSP_W4_CRC:
 617                        if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
 618                                BT_ERR ("Checksum failed: computed %04x received %04x",
 619                                        bitrev16(bcsp->message_crc),
 620                                        bscp_get_crc(bcsp));
 621
 622                                kfree_skb(bcsp->rx_skb);
 623                                bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 624                                bcsp->rx_count = 0;
 625                                continue;
 626                        }
 627                        skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
 628                        bcsp_complete_rx_pkt(hu);
 629                        continue;
 630
 631                case BCSP_W4_PKT_DELIMITER:
 632                        switch (*ptr) {
 633                        case 0xc0:
 634                                bcsp->rx_state = BCSP_W4_PKT_START;
 635                                break;
 636                        default:
 637                                /*BT_ERR("Ignoring byte %02x", *ptr);*/
 638                                break;
 639                        }
 640                        ptr++; count--;
 641                        break;
 642
 643                case BCSP_W4_PKT_START:
 644                        switch (*ptr) {
 645                        case 0xc0:
 646                                ptr++; count--;
 647                                break;
 648
 649                        default:
 650                                bcsp->rx_state = BCSP_W4_BCSP_HDR;
 651                                bcsp->rx_count = 4;
 652                                bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
 653                                BCSP_CRC_INIT(bcsp->message_crc);
 654
 655                                /* Do not increment ptr or decrement count
 656                                 * Allocate packet. Max len of a BCSP pkt= 
 657                                 * 0xFFF (payload) +4 (header) +2 (crc) */
 658
 659                                bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
 660                                if (!bcsp->rx_skb) {
 661                                        BT_ERR("Can't allocate mem for new packet");
 662                                        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 663                                        bcsp->rx_count = 0;
 664                                        return 0;
 665                                }
 666                                break;
 667                        }
 668                        break;
 669                }
 670        }
 671        return count;
 672}
 673
 674        /* Arrange to retransmit all messages in the relq. */
 675static void bcsp_timed_event(unsigned long arg)
 676{
 677        struct hci_uart *hu = (struct hci_uart *) arg;
 678        struct bcsp_struct *bcsp = hu->priv;
 679        struct sk_buff *skb;
 680        unsigned long flags;
 681
 682        BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
 683
 684        spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
 685
 686        while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
 687                bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
 688                skb_queue_head(&bcsp->rel, skb);
 689        }
 690
 691        spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 692
 693        hci_uart_tx_wakeup(hu);
 694}
 695
 696static int bcsp_open(struct hci_uart *hu)
 697{
 698        struct bcsp_struct *bcsp;
 699
 700        BT_DBG("hu %p", hu);
 701
 702        bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
 703        if (!bcsp)
 704                return -ENOMEM;
 705
 706        hu->priv = bcsp;
 707        skb_queue_head_init(&bcsp->unack);
 708        skb_queue_head_init(&bcsp->rel);
 709        skb_queue_head_init(&bcsp->unrel);
 710
 711        init_timer(&bcsp->tbcsp);
 712        bcsp->tbcsp.function = bcsp_timed_event;
 713        bcsp->tbcsp.data     = (u_long) hu;
 714
 715        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 716
 717        if (txcrc)
 718                bcsp->use_crc = 1;
 719
 720        return 0;
 721}
 722
 723static int bcsp_close(struct hci_uart *hu)
 724{
 725        struct bcsp_struct *bcsp = hu->priv;
 726
 727        del_timer_sync(&bcsp->tbcsp);
 728
 729        hu->priv = NULL;
 730
 731        BT_DBG("hu %p", hu);
 732
 733        skb_queue_purge(&bcsp->unack);
 734        skb_queue_purge(&bcsp->rel);
 735        skb_queue_purge(&bcsp->unrel);
 736
 737        kfree(bcsp);
 738        return 0;
 739}
 740
 741static const struct hci_uart_proto bcsp = {
 742        .id             = HCI_UART_BCSP,
 743        .name           = "BCSP",
 744        .open           = bcsp_open,
 745        .close          = bcsp_close,
 746        .enqueue        = bcsp_enqueue,
 747        .dequeue        = bcsp_dequeue,
 748        .recv           = bcsp_recv,
 749        .flush          = bcsp_flush
 750};
 751
 752int __init bcsp_init(void)
 753{
 754        return hci_uart_register_proto(&bcsp);
 755}
 756
 757int __exit bcsp_deinit(void)
 758{
 759        return hci_uart_unregister_proto(&bcsp);
 760}
 761
 762module_param(txcrc, bool, 0644);
 763MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
 764
 765module_param(hciextn, bool, 0644);
 766MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");
 767