linux/drivers/bluetooth/hci_bcsp.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/*
   3 *
   4 *  Bluetooth HCI UART driver
   5 *
   6 *  Copyright (C) 2002-2003  Fabrizio Gennari <fabrizio.gennari@philips.com>
   7 *  Copyright (C) 2004-2005  Marcel Holtmann <marcel@holtmann.org>
   8 */
   9
  10#include <linux/module.h>
  11
  12#include <linux/kernel.h>
  13#include <linux/init.h>
  14#include <linux/types.h>
  15#include <linux/fcntl.h>
  16#include <linux/interrupt.h>
  17#include <linux/ptrace.h>
  18#include <linux/poll.h>
  19
  20#include <linux/slab.h>
  21#include <linux/tty.h>
  22#include <linux/errno.h>
  23#include <linux/string.h>
  24#include <linux/signal.h>
  25#include <linux/ioctl.h>
  26#include <linux/skbuff.h>
  27#include <linux/bitrev.h>
  28#include <asm/unaligned.h>
  29
  30#include <net/bluetooth/bluetooth.h>
  31#include <net/bluetooth/hci_core.h>
  32
  33#include "hci_uart.h"
  34
  35static bool txcrc = true;
  36static bool hciextn = true;
  37
  38#define BCSP_TXWINSIZE  4
  39
  40#define BCSP_ACK_PKT    0x05
  41#define BCSP_LE_PKT     0x06
  42
  43struct bcsp_struct {
  44        struct sk_buff_head unack;      /* Unack'ed packets queue */
  45        struct sk_buff_head rel;        /* Reliable packets queue */
  46        struct sk_buff_head unrel;      /* Unreliable packets queue */
  47
  48        unsigned long rx_count;
  49        struct  sk_buff *rx_skb;
  50        u8      rxseq_txack;            /* rxseq == txack. */
  51        u8      rxack;                  /* Last packet sent by us that the peer ack'ed */
  52        struct  timer_list tbcsp;
  53        struct  hci_uart *hu;
  54
  55        enum {
  56                BCSP_W4_PKT_DELIMITER,
  57                BCSP_W4_PKT_START,
  58                BCSP_W4_BCSP_HDR,
  59                BCSP_W4_DATA,
  60                BCSP_W4_CRC
  61        } rx_state;
  62
  63        enum {
  64                BCSP_ESCSTATE_NOESC,
  65                BCSP_ESCSTATE_ESC
  66        } rx_esc_state;
  67
  68        u8      use_crc;
  69        u16     message_crc;
  70        u8      txack_req;              /* Do we need to send ack's to the peer? */
  71
  72        /* Reliable packet sequence number - used to assign seq to each rel pkt. */
  73        u8      msgq_txseq;
  74};
  75
  76/* ---- BCSP CRC calculation ---- */
  77
  78/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
  79 * initial value 0xffff, bits shifted in reverse order.
  80 */
  81
  82static const u16 crc_table[] = {
  83        0x0000, 0x1081, 0x2102, 0x3183,
  84        0x4204, 0x5285, 0x6306, 0x7387,
  85        0x8408, 0x9489, 0xa50a, 0xb58b,
  86        0xc60c, 0xd68d, 0xe70e, 0xf78f
  87};
  88
  89/* Initialise the crc calculator */
  90#define BCSP_CRC_INIT(x) x = 0xffff
  91
  92/* Update crc with next data byte
  93 *
  94 * Implementation note
  95 *     The data byte is treated as two nibbles.  The crc is generated
  96 *     in reverse, i.e., bits are fed into the register from the top.
  97 */
  98static void bcsp_crc_update(u16 *crc, u8 d)
  99{
 100        u16 reg = *crc;
 101
 102        reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
 103        reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
 104
 105        *crc = reg;
 106}
 107
 108/* ---- BCSP core ---- */
 109
 110static void bcsp_slip_msgdelim(struct sk_buff *skb)
 111{
 112        const char pkt_delim = 0xc0;
 113
 114        skb_put_data(skb, &pkt_delim, 1);
 115}
 116
 117static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
 118{
 119        const char esc_c0[2] = { 0xdb, 0xdc };
 120        const char esc_db[2] = { 0xdb, 0xdd };
 121
 122        switch (c) {
 123        case 0xc0:
 124                skb_put_data(skb, &esc_c0, 2);
 125                break;
 126        case 0xdb:
 127                skb_put_data(skb, &esc_db, 2);
 128                break;
 129        default:
 130                skb_put_data(skb, &c, 1);
 131        }
 132}
 133
 134static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
 135{
 136        struct bcsp_struct *bcsp = hu->priv;
 137
 138        if (skb->len > 0xFFF) {
 139                BT_ERR("Packet too long");
 140                kfree_skb(skb);
 141                return 0;
 142        }
 143
 144        switch (hci_skb_pkt_type(skb)) {
 145        case HCI_ACLDATA_PKT:
 146        case HCI_COMMAND_PKT:
 147                skb_queue_tail(&bcsp->rel, skb);
 148                break;
 149
 150        case HCI_SCODATA_PKT:
 151                skb_queue_tail(&bcsp->unrel, skb);
 152                break;
 153
 154        default:
 155                BT_ERR("Unknown packet type");
 156                kfree_skb(skb);
 157                break;
 158        }
 159
 160        return 0;
 161}
 162
 163static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
 164                                        int len, int pkt_type)
 165{
 166        struct sk_buff *nskb;
 167        u8 hdr[4], chan;
 168        u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
 169        int rel, i;
 170
 171        switch (pkt_type) {
 172        case HCI_ACLDATA_PKT:
 173                chan = 6;       /* BCSP ACL channel */
 174                rel = 1;        /* reliable channel */
 175                break;
 176        case HCI_COMMAND_PKT:
 177                chan = 5;       /* BCSP cmd/evt channel */
 178                rel = 1;        /* reliable channel */
 179                break;
 180        case HCI_SCODATA_PKT:
 181                chan = 7;       /* BCSP SCO channel */
 182                rel = 0;        /* unreliable channel */
 183                break;
 184        case BCSP_LE_PKT:
 185                chan = 1;       /* BCSP LE channel */
 186                rel = 0;        /* unreliable channel */
 187                break;
 188        case BCSP_ACK_PKT:
 189                chan = 0;       /* BCSP internal channel */
 190                rel = 0;        /* unreliable channel */
 191                break;
 192        default:
 193                BT_ERR("Unknown packet type");
 194                return NULL;
 195        }
 196
 197        if (hciextn && chan == 5) {
 198                __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
 199
 200                /* Vendor specific commands */
 201                if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
 202                        u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
 203
 204                        if ((desc & 0xf0) == 0xc0) {
 205                                data += HCI_COMMAND_HDR_SIZE + 1;
 206                                len  -= HCI_COMMAND_HDR_SIZE + 1;
 207                                chan = desc & 0x0f;
 208                        }
 209                }
 210        }
 211
 212        /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
 213         * (because bytes 0xc0 and 0xdb are escaped, worst case is
 214         * when the packet is all made of 0xc0 and 0xdb :) )
 215         * + 2 (0xc0 delimiters at start and end).
 216         */
 217
 218        nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
 219        if (!nskb)
 220                return NULL;
 221
 222        hci_skb_pkt_type(nskb) = pkt_type;
 223
 224        bcsp_slip_msgdelim(nskb);
 225
 226        hdr[0] = bcsp->rxseq_txack << 3;
 227        bcsp->txack_req = 0;
 228        BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
 229
 230        if (rel) {
 231                hdr[0] |= 0x80 + bcsp->msgq_txseq;
 232                BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
 233                bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
 234        }
 235
 236        if (bcsp->use_crc)
 237                hdr[0] |= 0x40;
 238
 239        hdr[1] = ((len << 4) & 0xff) | chan;
 240        hdr[2] = len >> 4;
 241        hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
 242
 243        /* Put BCSP header */
 244        for (i = 0; i < 4; i++) {
 245                bcsp_slip_one_byte(nskb, hdr[i]);
 246
 247                if (bcsp->use_crc)
 248                        bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
 249        }
 250
 251        /* Put payload */
 252        for (i = 0; i < len; i++) {
 253                bcsp_slip_one_byte(nskb, data[i]);
 254
 255                if (bcsp->use_crc)
 256                        bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
 257        }
 258
 259        /* Put CRC */
 260        if (bcsp->use_crc) {
 261                bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
 262                bcsp_slip_one_byte(nskb, (u8)((bcsp_txmsg_crc >> 8) & 0x00ff));
 263                bcsp_slip_one_byte(nskb, (u8)(bcsp_txmsg_crc & 0x00ff));
 264        }
 265
 266        bcsp_slip_msgdelim(nskb);
 267        return nskb;
 268}
 269
 270/* This is a rewrite of pkt_avail in ABCSP */
 271static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
 272{
 273        struct bcsp_struct *bcsp = hu->priv;
 274        unsigned long flags;
 275        struct sk_buff *skb;
 276
 277        /* First of all, check for unreliable messages in the queue,
 278         * since they have priority
 279         */
 280
 281        skb = skb_dequeue(&bcsp->unrel);
 282        if (skb != NULL) {
 283                struct sk_buff *nskb;
 284
 285                nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
 286                                        hci_skb_pkt_type(skb));
 287                if (nskb) {
 288                        kfree_skb(skb);
 289                        return nskb;
 290                } else {
 291                        skb_queue_head(&bcsp->unrel, skb);
 292                        BT_ERR("Could not dequeue pkt because alloc_skb failed");
 293                }
 294        }
 295
 296        /* Now, try to send a reliable pkt. We can only send a
 297         * reliable packet if the number of packets sent but not yet ack'ed
 298         * is < than the winsize
 299         */
 300
 301        spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
 302
 303        if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
 304                skb = skb_dequeue(&bcsp->rel);
 305                if (skb != NULL) {
 306                        struct sk_buff *nskb;
 307
 308                        nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
 309                                                hci_skb_pkt_type(skb));
 310                        if (nskb) {
 311                                __skb_queue_tail(&bcsp->unack, skb);
 312                                mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
 313                                spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 314                                return nskb;
 315                        } else {
 316                                skb_queue_head(&bcsp->rel, skb);
 317                                BT_ERR("Could not dequeue pkt because alloc_skb failed");
 318                        }
 319                }
 320        }
 321
 322        spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 323
 324        /* We could not send a reliable packet, either because there are
 325         * none or because there are too many unack'ed pkts. Did we receive
 326         * any packets we have not acknowledged yet ?
 327         */
 328
 329        if (bcsp->txack_req) {
 330                /* if so, craft an empty ACK pkt and send it on BCSP unreliable
 331                 * channel 0
 332                 */
 333                struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
 334                return nskb;
 335        }
 336
 337        /* We have nothing to send */
 338        return NULL;
 339}
 340
 341static int bcsp_flush(struct hci_uart *hu)
 342{
 343        BT_DBG("hu %p", hu);
 344        return 0;
 345}
 346
 347/* Remove ack'ed packets */
 348static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
 349{
 350        struct sk_buff *skb, *tmp;
 351        unsigned long flags;
 352        int i, pkts_to_be_removed;
 353        u8 seqno;
 354
 355        spin_lock_irqsave(&bcsp->unack.lock, flags);
 356
 357        pkts_to_be_removed = skb_queue_len(&bcsp->unack);
 358        seqno = bcsp->msgq_txseq;
 359
 360        while (pkts_to_be_removed) {
 361                if (bcsp->rxack == seqno)
 362                        break;
 363                pkts_to_be_removed--;
 364                seqno = (seqno - 1) & 0x07;
 365        }
 366
 367        if (bcsp->rxack != seqno)
 368                BT_ERR("Peer acked invalid packet");
 369
 370        BT_DBG("Removing %u pkts out of %u, up to seqno %u",
 371               pkts_to_be_removed, skb_queue_len(&bcsp->unack),
 372               (seqno - 1) & 0x07);
 373
 374        i = 0;
 375        skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
 376                if (i >= pkts_to_be_removed)
 377                        break;
 378                i++;
 379
 380                __skb_unlink(skb, &bcsp->unack);
 381                kfree_skb(skb);
 382        }
 383
 384        if (skb_queue_empty(&bcsp->unack))
 385                del_timer(&bcsp->tbcsp);
 386
 387        spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 388
 389        if (i != pkts_to_be_removed)
 390                BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
 391}
 392
 393/* Handle BCSP link-establishment packets. When we
 394 * detect a "sync" packet, symptom that the BT module has reset,
 395 * we do nothing :) (yet)
 396 */
 397static void bcsp_handle_le_pkt(struct hci_uart *hu)
 398{
 399        struct bcsp_struct *bcsp = hu->priv;
 400        u8 conf_pkt[4]     = { 0xad, 0xef, 0xac, 0xed };
 401        u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
 402        u8 sync_pkt[4]     = { 0xda, 0xdc, 0xed, 0xed };
 403
 404        /* spot "conf" pkts and reply with a "conf rsp" pkt */
 405        if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
 406            !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
 407                struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
 408
 409                BT_DBG("Found a LE conf pkt");
 410                if (!nskb)
 411                        return;
 412                skb_put_data(nskb, conf_rsp_pkt, 4);
 413                hci_skb_pkt_type(nskb) = BCSP_LE_PKT;
 414
 415                skb_queue_head(&bcsp->unrel, nskb);
 416                hci_uart_tx_wakeup(hu);
 417        }
 418        /* Spot "sync" pkts. If we find one...disaster! */
 419        else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
 420                 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
 421                BT_ERR("Found a LE sync pkt, card has reset");
 422        }
 423}
 424
 425static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
 426{
 427        const u8 c0 = 0xc0, db = 0xdb;
 428
 429        switch (bcsp->rx_esc_state) {
 430        case BCSP_ESCSTATE_NOESC:
 431                switch (byte) {
 432                case 0xdb:
 433                        bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
 434                        break;
 435                default:
 436                        skb_put_data(bcsp->rx_skb, &byte, 1);
 437                        if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
 438                            bcsp->rx_state != BCSP_W4_CRC)
 439                                bcsp_crc_update(&bcsp->message_crc, byte);
 440                        bcsp->rx_count--;
 441                }
 442                break;
 443
 444        case BCSP_ESCSTATE_ESC:
 445                switch (byte) {
 446                case 0xdc:
 447                        skb_put_data(bcsp->rx_skb, &c0, 1);
 448                        if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
 449                            bcsp->rx_state != BCSP_W4_CRC)
 450                                bcsp_crc_update(&bcsp->message_crc, 0xc0);
 451                        bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
 452                        bcsp->rx_count--;
 453                        break;
 454
 455                case 0xdd:
 456                        skb_put_data(bcsp->rx_skb, &db, 1);
 457                        if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
 458                            bcsp->rx_state != BCSP_W4_CRC)
 459                                bcsp_crc_update(&bcsp->message_crc, 0xdb);
 460                        bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
 461                        bcsp->rx_count--;
 462                        break;
 463
 464                default:
 465                        BT_ERR("Invalid byte %02x after esc byte", byte);
 466                        kfree_skb(bcsp->rx_skb);
 467                        bcsp->rx_skb = NULL;
 468                        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 469                        bcsp->rx_count = 0;
 470                }
 471        }
 472}
 473
 474static void bcsp_complete_rx_pkt(struct hci_uart *hu)
 475{
 476        struct bcsp_struct *bcsp = hu->priv;
 477        int pass_up = 0;
 478
 479        if (bcsp->rx_skb->data[0] & 0x80) {     /* reliable pkt */
 480                BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
 481
 482                /* check the rx sequence number is as expected */
 483                if ((bcsp->rx_skb->data[0] & 0x07) == bcsp->rxseq_txack) {
 484                        bcsp->rxseq_txack++;
 485                        bcsp->rxseq_txack %= 0x8;
 486                } else {
 487                        /* handle re-transmitted packet or
 488                         * when packet was missed
 489                         */
 490                        BT_ERR("Out-of-order packet arrived, got %u expected %u",
 491                               bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
 492
 493                        /* do not process out-of-order packet payload */
 494                        pass_up = 2;
 495                }
 496
 497                /* send current txack value to all received reliable packets */
 498                bcsp->txack_req = 1;
 499
 500                /* If needed, transmit an ack pkt */
 501                hci_uart_tx_wakeup(hu);
 502        }
 503
 504        bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
 505        BT_DBG("Request for pkt %u from card", bcsp->rxack);
 506
 507        /* handle received ACK indications,
 508         * including those from out-of-order packets
 509         */
 510        bcsp_pkt_cull(bcsp);
 511
 512        if (pass_up != 2) {
 513                if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
 514                    (bcsp->rx_skb->data[0] & 0x80)) {
 515                        hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT;
 516                        pass_up = 1;
 517                } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
 518                           (bcsp->rx_skb->data[0] & 0x80)) {
 519                        hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
 520                        pass_up = 1;
 521                } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
 522                        hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT;
 523                        pass_up = 1;
 524                } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
 525                           !(bcsp->rx_skb->data[0] & 0x80)) {
 526                        bcsp_handle_le_pkt(hu);
 527                        pass_up = 0;
 528                } else {
 529                        pass_up = 0;
 530                }
 531        }
 532
 533        if (pass_up == 0) {
 534                struct hci_event_hdr hdr;
 535                u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
 536
 537                if (desc != 0 && desc != 1) {
 538                        if (hciextn) {
 539                                desc |= 0xc0;
 540                                skb_pull(bcsp->rx_skb, 4);
 541                                memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
 542
 543                                hdr.evt = 0xff;
 544                                hdr.plen = bcsp->rx_skb->len;
 545                                memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
 546                                hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
 547
 548                                hci_recv_frame(hu->hdev, bcsp->rx_skb);
 549                        } else {
 550                                BT_ERR("Packet for unknown channel (%u %s)",
 551                                       bcsp->rx_skb->data[1] & 0x0f,
 552                                       bcsp->rx_skb->data[0] & 0x80 ?
 553                                       "reliable" : "unreliable");
 554                                kfree_skb(bcsp->rx_skb);
 555                        }
 556                } else
 557                        kfree_skb(bcsp->rx_skb);
 558        } else if (pass_up == 1) {
 559                /* Pull out BCSP hdr */
 560                skb_pull(bcsp->rx_skb, 4);
 561
 562                hci_recv_frame(hu->hdev, bcsp->rx_skb);
 563        } else {
 564                /* ignore packet payload of already ACKed re-transmitted
 565                 * packets or when a packet was missed in the BCSP window
 566                 */
 567                kfree_skb(bcsp->rx_skb);
 568        }
 569
 570        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 571        bcsp->rx_skb = NULL;
 572}
 573
 574static u16 bscp_get_crc(struct bcsp_struct *bcsp)
 575{
 576        return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
 577}
 578
 579/* Recv data */
 580static int bcsp_recv(struct hci_uart *hu, const void *data, int count)
 581{
 582        struct bcsp_struct *bcsp = hu->priv;
 583        const unsigned char *ptr;
 584
 585        BT_DBG("hu %p count %d rx_state %d rx_count %ld",
 586               hu, count, bcsp->rx_state, bcsp->rx_count);
 587
 588        ptr = data;
 589        while (count) {
 590                if (bcsp->rx_count) {
 591                        if (*ptr == 0xc0) {
 592                                BT_ERR("Short BCSP packet");
 593                                kfree_skb(bcsp->rx_skb);
 594                                bcsp->rx_skb = NULL;
 595                                bcsp->rx_state = BCSP_W4_PKT_START;
 596                                bcsp->rx_count = 0;
 597                        } else
 598                                bcsp_unslip_one_byte(bcsp, *ptr);
 599
 600                        ptr++; count--;
 601                        continue;
 602                }
 603
 604                switch (bcsp->rx_state) {
 605                case BCSP_W4_BCSP_HDR:
 606                        if ((0xff & (u8)~(bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
 607                            bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
 608                                BT_ERR("Error in BCSP hdr checksum");
 609                                kfree_skb(bcsp->rx_skb);
 610                                bcsp->rx_skb = NULL;
 611                                bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 612                                bcsp->rx_count = 0;
 613                                continue;
 614                        }
 615                        bcsp->rx_state = BCSP_W4_DATA;
 616                        bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
 617                                        (bcsp->rx_skb->data[2] << 4);   /* May be 0 */
 618                        continue;
 619
 620                case BCSP_W4_DATA:
 621                        if (bcsp->rx_skb->data[0] & 0x40) {     /* pkt with crc */
 622                                bcsp->rx_state = BCSP_W4_CRC;
 623                                bcsp->rx_count = 2;
 624                        } else
 625                                bcsp_complete_rx_pkt(hu);
 626                        continue;
 627
 628                case BCSP_W4_CRC:
 629                        if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
 630                                BT_ERR("Checksum failed: computed %04x received %04x",
 631                                       bitrev16(bcsp->message_crc),
 632                                       bscp_get_crc(bcsp));
 633
 634                                kfree_skb(bcsp->rx_skb);
 635                                bcsp->rx_skb = NULL;
 636                                bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 637                                bcsp->rx_count = 0;
 638                                continue;
 639                        }
 640                        skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
 641                        bcsp_complete_rx_pkt(hu);
 642                        continue;
 643
 644                case BCSP_W4_PKT_DELIMITER:
 645                        switch (*ptr) {
 646                        case 0xc0:
 647                                bcsp->rx_state = BCSP_W4_PKT_START;
 648                                break;
 649                        default:
 650                                /*BT_ERR("Ignoring byte %02x", *ptr);*/
 651                                break;
 652                        }
 653                        ptr++; count--;
 654                        break;
 655
 656                case BCSP_W4_PKT_START:
 657                        switch (*ptr) {
 658                        case 0xc0:
 659                                ptr++; count--;
 660                                break;
 661
 662                        default:
 663                                bcsp->rx_state = BCSP_W4_BCSP_HDR;
 664                                bcsp->rx_count = 4;
 665                                bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
 666                                BCSP_CRC_INIT(bcsp->message_crc);
 667
 668                                /* Do not increment ptr or decrement count
 669                                 * Allocate packet. Max len of a BCSP pkt=
 670                                 * 0xFFF (payload) +4 (header) +2 (crc)
 671                                 */
 672
 673                                bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
 674                                if (!bcsp->rx_skb) {
 675                                        BT_ERR("Can't allocate mem for new packet");
 676                                        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 677                                        bcsp->rx_count = 0;
 678                                        return 0;
 679                                }
 680                                break;
 681                        }
 682                        break;
 683                }
 684        }
 685        return count;
 686}
 687
 688        /* Arrange to retransmit all messages in the relq. */
 689static void bcsp_timed_event(struct timer_list *t)
 690{
 691        struct bcsp_struct *bcsp = from_timer(bcsp, t, tbcsp);
 692        struct hci_uart *hu = bcsp->hu;
 693        struct sk_buff *skb;
 694        unsigned long flags;
 695
 696        BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
 697
 698        spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
 699
 700        while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
 701                bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
 702                skb_queue_head(&bcsp->rel, skb);
 703        }
 704
 705        spin_unlock_irqrestore(&bcsp->unack.lock, flags);
 706
 707        hci_uart_tx_wakeup(hu);
 708}
 709
 710static int bcsp_open(struct hci_uart *hu)
 711{
 712        struct bcsp_struct *bcsp;
 713
 714        BT_DBG("hu %p", hu);
 715
 716        bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
 717        if (!bcsp)
 718                return -ENOMEM;
 719
 720        hu->priv = bcsp;
 721        bcsp->hu = hu;
 722        skb_queue_head_init(&bcsp->unack);
 723        skb_queue_head_init(&bcsp->rel);
 724        skb_queue_head_init(&bcsp->unrel);
 725
 726        timer_setup(&bcsp->tbcsp, bcsp_timed_event, 0);
 727
 728        bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
 729
 730        if (txcrc)
 731                bcsp->use_crc = 1;
 732
 733        return 0;
 734}
 735
 736static int bcsp_close(struct hci_uart *hu)
 737{
 738        struct bcsp_struct *bcsp = hu->priv;
 739
 740        del_timer_sync(&bcsp->tbcsp);
 741
 742        hu->priv = NULL;
 743
 744        BT_DBG("hu %p", hu);
 745
 746        skb_queue_purge(&bcsp->unack);
 747        skb_queue_purge(&bcsp->rel);
 748        skb_queue_purge(&bcsp->unrel);
 749
 750        if (bcsp->rx_skb) {
 751                kfree_skb(bcsp->rx_skb);
 752                bcsp->rx_skb = NULL;
 753        }
 754
 755        kfree(bcsp);
 756        return 0;
 757}
 758
 759static const struct hci_uart_proto bcsp = {
 760        .id             = HCI_UART_BCSP,
 761        .name           = "BCSP",
 762        .open           = bcsp_open,
 763        .close          = bcsp_close,
 764        .enqueue        = bcsp_enqueue,
 765        .dequeue        = bcsp_dequeue,
 766        .recv           = bcsp_recv,
 767        .flush          = bcsp_flush
 768};
 769
 770int __init bcsp_init(void)
 771{
 772        return hci_uart_register_proto(&bcsp);
 773}
 774
 775int __exit bcsp_deinit(void)
 776{
 777        return hci_uart_unregister_proto(&bcsp);
 778}
 779
 780module_param(txcrc, bool, 0644);
 781MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
 782
 783module_param(hciextn, bool, 0644);
 784MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");
 785