linux/drivers/bluetooth/hci_bcsp.c
<<
>>
Prefs
   1/*
   2 *
   3 *  Bluetooth HCI UART driver
   4 *
   5 *  Copyright (C) 2002-2003  Fabrizio Gennari <fabrizio.gennari@philips.com>
   6 *  Copyright (C) 2004-2005  Marcel Holtmann <marcel@holtmann.org>
   7 *
   8 *
   9 *  This program is free software; you can redistribute it and/or modify
  10 *  it under the terms of the GNU General Public License as published by
  11 *  the Free Software Foundation; either version 2 of the License, or
  12 *  (at your option) any later version.
  13 *
  14 *  This program is distributed in the hope that it will be useful,
  15 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17 *  GNU General Public License for more details.
  18 *
  19 *  You should have received a copy of the GNU General Public License
  20 *  along with this program; if not, write to the Free Software
  21 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  22 *
  23 */
  24
  25#include <linux/module.h>
  26
  27#include <linux/kernel.h>
  28#include <linux/init.h>
  29#include <linux/types.h>
  30#include <linux/fcntl.h>
  31#include <linux/interrupt.h>
  32#include <linux/ptrace.h>
  33#include <linux/poll.h>
  34
  35#include <linux/slab.h>
  36#include <linux/tty.h>
  37#include <linux/errno.h>
  38#include <linux/string.h>
  39#include <linux/signal.h>
  40#include <linux/ioctl.h>
  41#include <linux/skbuff.h>
  42#include <linux/bitrev.h>
  43#include <asm/unaligned.h>
  44
  45#include <net/bluetooth/bluetooth.h>
  46#include <net/bluetooth/hci_core.h>
  47
  48#include "hci_uart.h"
  49
  50static bool txcrc = true;
  51static bool hciextn = true;
  52
  53#define BCSP_TXWINSIZE  4
  54
  55#define BCSP_ACK_PKT    0x05
  56#define BCSP_LE_PKT     0x06
  57
  58struct bcsp_struct {
  59        struct sk_buff_head unack;      /* Unack'ed packets queue */
  60        struct sk_buff_head rel;        /* Reliable packets queue */
  61        struct sk_buff_head unrel;      /* Unreliable packets queue */
  62
  63        unsigned long rx_count;
  64        struct  sk_buff *rx_skb;
  65        u8      rxseq_txack;            /* rxseq == txack. */
  66        u8      rxack;                  /* Last packet sent by us that the peer ack'ed */
  67        struct  timer_list tbcsp;
  68
  69        enum {
  70                BCSP_W4_PKT_DELIMITER,
  71                BCSP_W4_PKT_START,
  72                BCSP_W4_BCSP_HDR,
  73                BCSP_W4_DATA,
  74                BCSP_W4_CRC
  75        } rx_state;
  76
  77        enum {
  78                BCSP_ESCSTATE_NOESC,
  79                BCSP_ESCSTATE_ESC
  80        } rx_esc_state;
  81
  82        u8      use_crc;
  83        u16     message_crc;
  84        u8      txack_req;              /* Do we need to send ack's to the peer? */
  85
  86        /* Reliable packet sequence number - used to assign seq to each rel pkt. */
  87        u8      msgq_txseq;
  88};
  89
  90/* ---- BCSP CRC calculation ---- */
  91
  92/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
  93 * initial value 0xffff, bits shifted in reverse order.
  94 */
  95
  96static const u16 crc_table[] = {
  97        0x0000, 0x1081, 0x2102, 0x3183,
  98        0x4204, 0x5285, 0x6306, 0x7387,
  99        0x8408, 0x9489, 0xa50a, 0xb58b,
 100        0xc60c, 0xd68d, 0xe70e, 0xf78f
 101};
 102
 103/* Initialise the crc calculator */
 104#define BCSP_CRC_INIT(x) x = 0xffff
 105
 106/* Update crc with next data byte
 107 *
 108 * Implementation note
 109 *     The data byte is treated as two nibbles.  The crc is generated
 110 *     in reverse, i.e., bits are fed into the register from the top.
 111 */
 112static void bcsp_crc_update(u16 *crc, u8 d)
 113{
 114        u16 reg = *crc;
 115
 116        reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
 117        reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
 118
 119        *crc = reg;
 120}
 121
 122/* ---- BCSP core ---- */
 123
 124static void bcsp_slip_msgdelim(struct sk_buff *skb)
 125{
 126        const char pkt_delim = 0xc0;
 127
 128        memcpy(skb_put(skb, 1), &pkt_delim, 1);
 129}
 130
 131static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
 132{
 133        const char esc_c0[2] = { 0xdb, 0xdc };
 134        const char esc_db[2] = { 0xdb, 0xdd };
 135
 136        switch (c) {
 137        case 0xc0:
 138                memcpy(skb_put(skb, 2), &esc_c0, 2);
 139                break;
 140        case 0xdb:
 141                memcpy(skb_put(skb, 2), &esc_db, 2);
 142                break;
 143        default:
 144                memcpy(skb_put(skb, 1), &c, 1);
 145        }
 146}
 147
 148static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
 149{
 150        struct bcsp_struct *bcsp = hu->priv;
 151
 152        if (skb->len > 0xFFF) {
 153                BT_ERR("Packet too long");
 154                kfree_skb(skb);
 155                return 0;
 156        }
 157
 158        switch (hci_skb_pkt_type(skb)) {
 159        case HCI_ACLDATA_PKT:
 160        case HCI_COMMAND_PKT:
 161                skb_queue_tail(&bcsp->rel, skb);
 162                break;
 163
 164        case HCI_SCODATA_PKT:
 165                skb_queue_tail(&bcsp->unrel, skb);
 166                break;
 167
 168        default:
 169                BT_ERR("Unknown packet type");
 170                kfree_skb(skb);
 171                break;
 172        }
 173
 174        return 0;
 175}
 176
 177static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
 178                                        int len, int pkt_type)
 179{
 180        struct sk_buff *nskb;
 181        u8 hdr[4], chan;
 182        u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
 183        int rel, i;
 184
 185        switch (pkt_type) {
 186        case HCI_ACLDATA_PKT:
 187                chan = 6;       /* BCSP ACL channel */
 188                rel = 1;        /* reliable channel */
 189                break;
 190        case HCI_COMMAND_PKT:
 191                chan = 5;       /* BCSP cmd/evt channel */
 192                rel = 1;        /* reliable channel */
 193                break;
 194        case HCI_SCODATA_PKT:
 195                chan = 7;       /* BCSP SCO channel */
 196                rel = 0;        /* unreliable channel */
 197                break;
 198        case BCSP_LE_PKT:
 199                chan = 1;       /* BCSP LE channel */
 200                rel = 0;        /* unreliable channel */
 201                break;
 202        case BCSP_ACK_PKT:
 203                chan = 0;       /* BCSP internal channel */
 204                rel = 0;        /* unreliable channel */
 205                break;
 206        default:
 207                BT_ERR("Unknown packet type");
 208                return NULL;
 209        }
 210
 211        if (hciextn && chan == 5) {
 212                __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
 213
 214                /* Vendor specific commands */
 215                if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
 216                        u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
 217
 218                        if ((desc & 0xf0) == 0xc0) {
 219                                data += HCI_COMMAND_HDR_SIZE + 1;
 220                                len  -= HCI_COMMAND_HDR_SIZE + 1;
 221                                chan = desc & 0x0f;
 222                        }
 223                }
 224        }
 225
 226        /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
 227         * (because bytes 0xc0 and 0xdb are escaped, worst case is
 228         * when the packet is all made of 0xc0 and 0xdb :) )
 229         * + 2 (0xc0 delimiters at start and end).
 230         */
 231
 232        nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
 233        if (!nskb)
 234                return NULL;
 235
 236        hci_skb_pkt_type(nskb) = pkt_type;
 237
 238        bcsp_slip_msgdelim(nskb);
 239
 240        hdr[0] = bcsp->rxseq_txack << 3;
 241        bcsp->txack_req = 0;
 242        BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
 243
 244        if (rel) {
 245                hdr[0] |= 0x80 + bcsp->msgq_txseq;
 246                BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
 247                bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
 248        }
 249
 250        if (bcsp->use_crc)
 251                hdr[0] |= 0x40;
 252
 253        hdr[1] = ((len << 4) & 0xff) | chan;
 254        hdr[2] = len >> 4;
 255        hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
 256
 257        /* Put BCSP header */
 258        for (i = 0; i < 4; i++) {
 259                bcsp_slip_one_byte(nskb, hdr[i]);
 260
 261                if (bcsp->use_crc)
 262                        bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
 263        }
 264
 265        /* Put payload */
 266        for (i = 0; i < len; i++) {
 267                bcsp_slip_one_byte(nskb, data[i]);
 268
 269                if (bcsp->use_crc)
 270                        bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
 271        }
 272
 273        /* Put CRC */
 274        if (bcsp->use_crc) {
 275                bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
 276                bcsp_slip_one_byte(nskb, (u8)((bcsp_txmsg_crc >> 8) & 0x00ff));
 277                bcsp_slip_one_byte(nskb, (u8)(bcsp_txmsg_crc & 0x00ff));
 278        }
 279
 280        bcsp_slip_msgdelim(nskb);
 281        return nskb;
 282}
 283
 284/* This is a rewrite of pkt_avail in ABCSP */
 285static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
 286{
 287        struct bcsp_struct *bcsp = hu->priv;
 288        unsigned long flags;
 289        struct sk_buff *skb;
 290
 291        /* First of all, check for unreliable messages in the queue,
 292         * since they have priority
 293         */
 294
 295        skb = skb_dequeue(&bcsp->unrel);
 296        if (skb != NULL) {
 297                struct sk_buff *nskb;
 298
 299                nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
 300                                        hci_skb_pkt_type(skb));
 301                if (nskb) {
 302                        kfree_skb(skb);
 303                        return nskb;
 304                } else {
 305                        skb_queue_head(&bcsp->unrel, skb);
 306                        BT_ERR("Could not dequeue pkt because alloc_skb failed");
 307                }
 308        }
 309
 310        /* Now, try to send a reliable pkt. We can only send a
 311         * reliable packet if the number of packets sent but not yet ack'ed
 312         * is < than the winsize
 313         */
 314
 315        spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
 316
 317        if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
 318                skb = skb_dequeue(&bcsp->rel);
 319                if (skb != NULL) {
 320                        struct sk_buff *nskb;
 321
 322                        nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
 323                                                hci_skb_pkt_type(skb));
 324                        if (nskb) {
 325                                __skb_queue_tail(&bcsp->unack, skb);
 326                                mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
 327                                spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 328                                return nskb;
 329                        } else {
 330                                skb_queue_head(&bcsp->rel, skb);
 331                                BT_ERR("Could not dequeue pkt because alloc_skb failed");
 332                        }
 333                }
 334        }
 335
 336        spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 337
 338        /* We could not send a reliable packet, either because there are
 339         * none or because there are too many unack'ed pkts. Did we receive
 340         * any packets we have not acknowledged yet ?
 341         */
 342
 343        if (bcsp->txack_req) {
 344                /* if so, craft an empty ACK pkt and send it on BCSP unreliable
 345                 * channel 0
 346                 */
 347                struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
 348                return nskb;
 349        }
 350
 351        /* We have nothing to send */
 352        return NULL;
 353}
 354
 355static int bcsp_flush(struct hci_uart *hu)
 356{
 357        BT_DBG("hu %p", hu);
 358        return 0;
 359}
 360
 361/* Remove ack'ed packets */
 362static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
 363{
 364        struct sk_buff *skb, *tmp;
 365        unsigned long flags;
 366        int i, pkts_to_be_removed;
 367        u8 seqno;
 368
 369        spin_lock_irqsave(&bcsp->unack.lock, flags);
 370
 371        pkts_to_be_removed = skb_queue_len(&bcsp->unack);
 372        seqno = bcsp->msgq_txseq;
 373
 374        while (pkts_to_be_removed) {
 375                if (bcsp->rxack == seqno)
 376                        break;
 377                pkts_to_be_removed--;
 378                seqno = (seqno - 1) & 0x07;
 379        }
 380
 381        if (bcsp->rxack != seqno)
 382                BT_ERR("Peer acked invalid packet");
 383
 384        BT_DBG("Removing %u pkts out of %u, up to seqno %u",
 385               pkts_to_be_removed, skb_queue_len(&bcsp->unack),
 386               (seqno - 1) & 0x07);
 387
 388        i = 0;
 389        skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
 390                if (i >= pkts_to_be_removed)
 391                        break;
 392                i++;
 393
 394                __skb_unlink(skb, &bcsp->unack);
 395                kfree_skb(skb);
 396        }
 397
 398        if (skb_queue_empty(&bcsp->unack))
 399                del_timer(&bcsp->tbcsp);
 400
 401        spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 402
 403        if (i != pkts_to_be_removed)
 404                BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
 405}
 406
 407/* Handle BCSP link-establishment packets. When we
 408 * detect a "sync" packet, symptom that the BT module has reset,
 409 * we do nothing :) (yet)
 410 */
 411static void bcsp_handle_le_pkt(struct hci_uart *hu)
 412{
 413        struct bcsp_struct *bcsp = hu->priv;
 414        u8 conf_pkt[4]     = { 0xad, 0xef, 0xac, 0xed };
 415        u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
 416        u8 sync_pkt[4]     = { 0xda, 0xdc, 0xed, 0xed };
 417
 418        /* spot "conf" pkts and reply with a "conf rsp" pkt */
 419        if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
 420            !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
 421                struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
 422
 423                BT_DBG("Found a LE conf pkt");
 424                if (!nskb)
 425                        return;
 426                memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
 427                hci_skb_pkt_type(nskb) = BCSP_LE_PKT;
 428
 429                skb_queue_head(&bcsp->unrel, nskb);
 430                hci_uart_tx_wakeup(hu);
 431        }
 432        /* Spot "sync" pkts. If we find one...disaster! */
 433        else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
 434                 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
 435                BT_ERR("Found a LE sync pkt, card has reset");
 436        }
 437}
 438
 439static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
 440{
 441        const u8 c0 = 0xc0, db = 0xdb;
 442
 443        switch (bcsp->rx_esc_state) {
 444        case BCSP_ESCSTATE_NOESC:
 445                switch (byte) {
 446                case 0xdb:
 447                        bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
 448                        break;
 449                default:
 450                        memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
 451                        if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
 452                            bcsp->rx_state != BCSP_W4_CRC)
 453                                bcsp_crc_update(&bcsp->message_crc, byte);
 454                        bcsp->rx_count--;
 455                }
 456                break;
 457
 458        case BCSP_ESCSTATE_ESC:
 459                switch (byte) {
 460                case 0xdc:
 461                        memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
 462                        if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
 463                            bcsp->rx_state != BCSP_W4_CRC)
 464                                bcsp_crc_update(&bcsp->message_crc, 0xc0);
 465                        bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
 466                        bcsp->rx_count--;
 467                        break;
 468
 469                case 0xdd:
 470                        memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
 471                        if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
 472                            bcsp->rx_state != BCSP_W4_CRC)
 473                                bcsp_crc_update(&bcsp->message_crc, 0xdb);
 474                        bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
 475                        bcsp->rx_count--;
 476                        break;
 477
 478                default:
 479                        BT_ERR("Invalid byte %02x after esc byte", byte);
 480                        kfree_skb(bcsp->rx_skb);
 481                        bcsp->rx_skb = NULL;
 482                        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 483                        bcsp->rx_count = 0;
 484                }
 485        }
 486}
 487
 488static void bcsp_complete_rx_pkt(struct hci_uart *hu)
 489{
 490        struct bcsp_struct *bcsp = hu->priv;
 491        int pass_up = 0;
 492
 493        if (bcsp->rx_skb->data[0] & 0x80) {     /* reliable pkt */
 494                BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
 495
 496                /* check the rx sequence number is as expected */
 497                if ((bcsp->rx_skb->data[0] & 0x07) == bcsp->rxseq_txack) {
 498                        bcsp->rxseq_txack++;
 499                        bcsp->rxseq_txack %= 0x8;
 500                } else {
 501                        /* handle re-transmitted packet or
 502                         * when packet was missed
 503                         */
 504                        BT_ERR("Out-of-order packet arrived, got %u expected %u",
 505                               bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
 506
 507                        /* do not process out-of-order packet payload */
 508                        pass_up = 2;
 509                }
 510
 511                /* send current txack value to all received reliable packets */
 512                bcsp->txack_req = 1;
 513
 514                /* If needed, transmit an ack pkt */
 515                hci_uart_tx_wakeup(hu);
 516        }
 517
 518        bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
 519        BT_DBG("Request for pkt %u from card", bcsp->rxack);
 520
 521        /* handle received ACK indications,
 522         * including those from out-of-order packets
 523         */
 524        bcsp_pkt_cull(bcsp);
 525
 526        if (pass_up != 2) {
 527                if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
 528                    (bcsp->rx_skb->data[0] & 0x80)) {
 529                        hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT;
 530                        pass_up = 1;
 531                } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
 532                           (bcsp->rx_skb->data[0] & 0x80)) {
 533                        hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
 534                        pass_up = 1;
 535                } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
 536                        hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT;
 537                        pass_up = 1;
 538                } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
 539                           !(bcsp->rx_skb->data[0] & 0x80)) {
 540                        bcsp_handle_le_pkt(hu);
 541                        pass_up = 0;
 542                } else {
 543                        pass_up = 0;
 544                }
 545        }
 546
 547        if (pass_up == 0) {
 548                struct hci_event_hdr hdr;
 549                u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
 550
 551                if (desc != 0 && desc != 1) {
 552                        if (hciextn) {
 553                                desc |= 0xc0;
 554                                skb_pull(bcsp->rx_skb, 4);
 555                                memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
 556
 557                                hdr.evt = 0xff;
 558                                hdr.plen = bcsp->rx_skb->len;
 559                                memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
 560                                hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
 561
 562                                hci_recv_frame(hu->hdev, bcsp->rx_skb);
 563                        } else {
 564                                BT_ERR("Packet for unknown channel (%u %s)",
 565                                       bcsp->rx_skb->data[1] & 0x0f,
 566                                       bcsp->rx_skb->data[0] & 0x80 ?
 567                                       "reliable" : "unreliable");
 568                                kfree_skb(bcsp->rx_skb);
 569                        }
 570                } else
 571                        kfree_skb(bcsp->rx_skb);
 572        } else if (pass_up == 1) {
 573                /* Pull out BCSP hdr */
 574                skb_pull(bcsp->rx_skb, 4);
 575
 576                hci_recv_frame(hu->hdev, bcsp->rx_skb);
 577        } else {
 578                /* ignore packet payload of already ACKed re-transmitted
 579                 * packets or when a packet was missed in the BCSP window
 580                 */
 581                kfree_skb(bcsp->rx_skb);
 582        }
 583
 584        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 585        bcsp->rx_skb = NULL;
 586}
 587
 588static u16 bscp_get_crc(struct bcsp_struct *bcsp)
 589{
 590        return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
 591}
 592
 593/* Recv data */
 594static int bcsp_recv(struct hci_uart *hu, const void *data, int count)
 595{
 596        struct bcsp_struct *bcsp = hu->priv;
 597        const unsigned char *ptr;
 598
 599        BT_DBG("hu %p count %d rx_state %d rx_count %ld",
 600               hu, count, bcsp->rx_state, bcsp->rx_count);
 601
 602        ptr = data;
 603        while (count) {
 604                if (bcsp->rx_count) {
 605                        if (*ptr == 0xc0) {
 606                                BT_ERR("Short BCSP packet");
 607                                kfree_skb(bcsp->rx_skb);
 608                                bcsp->rx_state = BCSP_W4_PKT_START;
 609                                bcsp->rx_count = 0;
 610                        } else
 611                                bcsp_unslip_one_byte(bcsp, *ptr);
 612
 613                        ptr++; count--;
 614                        continue;
 615                }
 616
 617                switch (bcsp->rx_state) {
 618                case BCSP_W4_BCSP_HDR:
 619                        if ((0xff & (u8)~(bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
 620                            bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
 621                                BT_ERR("Error in BCSP hdr checksum");
 622                                kfree_skb(bcsp->rx_skb);
 623                                bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 624                                bcsp->rx_count = 0;
 625                                continue;
 626                        }
 627                        bcsp->rx_state = BCSP_W4_DATA;
 628                        bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
 629                                        (bcsp->rx_skb->data[2] << 4);   /* May be 0 */
 630                        continue;
 631
 632                case BCSP_W4_DATA:
 633                        if (bcsp->rx_skb->data[0] & 0x40) {     /* pkt with crc */
 634                                bcsp->rx_state = BCSP_W4_CRC;
 635                                bcsp->rx_count = 2;
 636                        } else
 637                                bcsp_complete_rx_pkt(hu);
 638                        continue;
 639
 640                case BCSP_W4_CRC:
 641                        if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
 642                                BT_ERR("Checksum failed: computed %04x received %04x",
 643                                       bitrev16(bcsp->message_crc),
 644                                       bscp_get_crc(bcsp));
 645
 646                                kfree_skb(bcsp->rx_skb);
 647                                bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 648                                bcsp->rx_count = 0;
 649                                continue;
 650                        }
 651                        skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
 652                        bcsp_complete_rx_pkt(hu);
 653                        continue;
 654
 655                case BCSP_W4_PKT_DELIMITER:
 656                        switch (*ptr) {
 657                        case 0xc0:
 658                                bcsp->rx_state = BCSP_W4_PKT_START;
 659                                break;
 660                        default:
 661                                /*BT_ERR("Ignoring byte %02x", *ptr);*/
 662                                break;
 663                        }
 664                        ptr++; count--;
 665                        break;
 666
 667                case BCSP_W4_PKT_START:
 668                        switch (*ptr) {
 669                        case 0xc0:
 670                                ptr++; count--;
 671                                break;
 672
 673                        default:
 674                                bcsp->rx_state = BCSP_W4_BCSP_HDR;
 675                                bcsp->rx_count = 4;
 676                                bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
 677                                BCSP_CRC_INIT(bcsp->message_crc);
 678
 679                                /* Do not increment ptr or decrement count
 680                                 * Allocate packet. Max len of a BCSP pkt=
 681                                 * 0xFFF (payload) +4 (header) +2 (crc)
 682                                 */
 683
 684                                bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
 685                                if (!bcsp->rx_skb) {
 686                                        BT_ERR("Can't allocate mem for new packet");
 687                                        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 688                                        bcsp->rx_count = 0;
 689                                        return 0;
 690                                }
 691                                break;
 692                        }
 693                        break;
 694                }
 695        }
 696        return count;
 697}
 698
 699        /* Arrange to retransmit all messages in the relq. */
 700static void bcsp_timed_event(unsigned long arg)
 701{
 702        struct hci_uart *hu = (struct hci_uart *)arg;
 703        struct bcsp_struct *bcsp = hu->priv;
 704        struct sk_buff *skb;
 705        unsigned long flags;
 706
 707        BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
 708
 709        spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
 710
 711        while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
 712                bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
 713                skb_queue_head(&bcsp->rel, skb);
 714        }
 715
 716        spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 717
 718        hci_uart_tx_wakeup(hu);
 719}
 720
 721static int bcsp_open(struct hci_uart *hu)
 722{
 723        struct bcsp_struct *bcsp;
 724
 725        BT_DBG("hu %p", hu);
 726
 727        bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
 728        if (!bcsp)
 729                return -ENOMEM;
 730
 731        hu->priv = bcsp;
 732        skb_queue_head_init(&bcsp->unack);
 733        skb_queue_head_init(&bcsp->rel);
 734        skb_queue_head_init(&bcsp->unrel);
 735
 736        init_timer(&bcsp->tbcsp);
 737        bcsp->tbcsp.function = bcsp_timed_event;
 738        bcsp->tbcsp.data     = (u_long)hu;
 739
 740        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 741
 742        if (txcrc)
 743                bcsp->use_crc = 1;
 744
 745        return 0;
 746}
 747
 748static int bcsp_close(struct hci_uart *hu)
 749{
 750        struct bcsp_struct *bcsp = hu->priv;
 751
 752        del_timer_sync(&bcsp->tbcsp);
 753
 754        hu->priv = NULL;
 755
 756        BT_DBG("hu %p", hu);
 757
 758        skb_queue_purge(&bcsp->unack);
 759        skb_queue_purge(&bcsp->rel);
 760        skb_queue_purge(&bcsp->unrel);
 761
 762        kfree(bcsp);
 763        return 0;
 764}
 765
 766static const struct hci_uart_proto bcsp = {
 767        .id             = HCI_UART_BCSP,
 768        .name           = "BCSP",
 769        .open           = bcsp_open,
 770        .close          = bcsp_close,
 771        .enqueue        = bcsp_enqueue,
 772        .dequeue        = bcsp_dequeue,
 773        .recv           = bcsp_recv,
 774        .flush          = bcsp_flush
 775};
 776
 777int __init bcsp_init(void)
 778{
 779        return hci_uart_register_proto(&bcsp);
 780}
 781
 782int __exit bcsp_deinit(void)
 783{
 784        return hci_uart_unregister_proto(&bcsp);
 785}
 786
 787module_param(txcrc, bool, 0644);
 788MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
 789
 790module_param(hciextn, bool, 0644);
 791MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");
 792