drivers/bluetooth/hci_bcsp.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 /*
0003  *
0004  *  Bluetooth HCI UART driver
0005  *
0006  *  Copyright (C) 2002-2003  Fabrizio Gennari <fabrizio.gennari@philips.com>
0007  *  Copyright (C) 2004-2005  Marcel Holtmann <marcel@holtmann.org>
0008  */
0009
0010 #include <linux/module.h>
0011
0012 #include <linux/kernel.h>
0013 #include <linux/init.h>
0014 #include <linux/types.h>
0015 #include <linux/fcntl.h>
0016 #include <linux/interrupt.h>
0017 #include <linux/ptrace.h>
0018 #include <linux/poll.h>
0019
0020 #include <linux/slab.h>
0021 #include <linux/tty.h>
0022 #include <linux/errno.h>
0023 #include <linux/string.h>
0024 #include <linux/signal.h>
0025 #include <linux/ioctl.h>
0026 #include <linux/skbuff.h>
0027 #include <linux/bitrev.h>
0028 #include <asm/unaligned.h>
0029
0030 #include <net/bluetooth/bluetooth.h>
0031 #include <net/bluetooth/hci_core.h>
0032
0033 #include "hci_uart.h"
0034
0035 static bool txcrc = true;
0036 static bool hciextn = true;
0037
0038 #define BCSP_TXWINSIZE  4
0039
0040 #define BCSP_ACK_PKT    0x05
0041 #define BCSP_LE_PKT 0x06
0042
0043 struct bcsp_struct {
0044     struct sk_buff_head unack;  /* Unack'ed packets queue */
0045     struct sk_buff_head rel;    /* Reliable packets queue */
0046     struct sk_buff_head unrel;  /* Unreliable packets queue */
0047
0048     unsigned long rx_count;
0049     struct  sk_buff *rx_skb;
0050     u8  rxseq_txack;        /* rxseq == txack. */
0051     u8  rxack;          /* Last packet sent by us that the peer ack'ed */
0052     struct  timer_list tbcsp;
0053     struct  hci_uart *hu;
0054
0055     enum {
0056         BCSP_W4_PKT_DELIMITER,
0057         BCSP_W4_PKT_START,
0058         BCSP_W4_BCSP_HDR,
0059         BCSP_W4_DATA,
0060         BCSP_W4_CRC
0061     } rx_state;
0062
0063     enum {
0064         BCSP_ESCSTATE_NOESC,
0065         BCSP_ESCSTATE_ESC
0066     } rx_esc_state;
0067
0068     u8  use_crc;
0069     u16 message_crc;
0070     u8  txack_req;      /* Do we need to send ack's to the peer? */
0071
0072     /* Reliable packet sequence number - used to assign seq to each rel pkt. */
0073     u8  msgq_txseq;
0074 };
0075
0076 /* ---- BCSP CRC calculation ---- */
0077
0078 /* Table for calculating CRC for polynomial 0x1021, LSB processed first,
0079  * initial value 0xffff, bits shifted in reverse order.
0080  */
0081
0082 static const u16 crc_table[] = {
0083     0x0000, 0x1081, 0x2102, 0x3183,
0084     0x4204, 0x5285, 0x6306, 0x7387,
0085     0x8408, 0x9489, 0xa50a, 0xb58b,
0086     0xc60c, 0xd68d, 0xe70e, 0xf78f
0087 };
0088
0089 /* Initialise the crc calculator */
0090 #define BCSP_CRC_INIT(x) x = 0xffff
0091
0092 /* Update crc with next data byte
0093  *
0094  * Implementation note
0095  *     The data byte is treated as two nibbles.  The crc is generated
0096  *     in reverse, i.e., bits are fed into the register from the top.
0097  */
0098 static void bcsp_crc_update(u16 *crc, u8 d)
0099 {
0100     u16 reg = *crc;
0101
0102     reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
0103     reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
0104
0105     *crc = reg;
0106 }
0107
0108 /* ---- BCSP core ---- */
0109
0110 static void bcsp_slip_msgdelim(struct sk_buff *skb)
0111 {
0112     const char pkt_delim = 0xc0;
0113
0114     skb_put_data(skb, &pkt_delim, 1);
0115 }
0116
0117 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
0118 {
0119     const char esc_c0[2] = { 0xdb, 0xdc };
0120     const char esc_db[2] = { 0xdb, 0xdd };
0121
0122     switch (c) {
0123     case 0xc0:
0124         skb_put_data(skb, &esc_c0, 2);
0125         break;
0126     case 0xdb:
0127         skb_put_data(skb, &esc_db, 2);
0128         break;
0129     default:
0130         skb_put_data(skb, &c, 1);
0131     }
0132 }
0133
0134 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
0135 {
0136     struct bcsp_struct *bcsp = hu->priv;
0137
0138     if (skb->len > 0xFFF) {
0139         BT_ERR("Packet too long");
0140         kfree_skb(skb);
0141         return 0;
0142     }
0143
0144     switch (hci_skb_pkt_type(skb)) {
0145     case HCI_ACLDATA_PKT:
0146     case HCI_COMMAND_PKT:
0147         skb_queue_tail(&bcsp->rel, skb);
0148         break;
0149
0150     case HCI_SCODATA_PKT:
0151         skb_queue_tail(&bcsp->unrel, skb);
0152         break;
0153
0154     default:
0155         BT_ERR("Unknown packet type");
0156         kfree_skb(skb);
0157         break;
0158     }
0159
0160     return 0;
0161 }
0162
0163 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
0164                     int len, int pkt_type)
0165 {
0166     struct sk_buff *nskb;
0167     u8 hdr[4], chan;
0168     u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
0169     int rel, i;
0170
0171     switch (pkt_type) {
0172     case HCI_ACLDATA_PKT:
0173         chan = 6;   /* BCSP ACL channel */
0174         rel = 1;    /* reliable channel */
0175         break;
0176     case HCI_COMMAND_PKT:
0177         chan = 5;   /* BCSP cmd/evt channel */
0178         rel = 1;    /* reliable channel */
0179         break;
0180     case HCI_SCODATA_PKT:
0181         chan = 7;   /* BCSP SCO channel */
0182         rel = 0;    /* unreliable channel */
0183         break;
0184     case BCSP_LE_PKT:
0185         chan = 1;   /* BCSP LE channel */
0186         rel = 0;    /* unreliable channel */
0187         break;
0188     case BCSP_ACK_PKT:
0189         chan = 0;   /* BCSP internal channel */
0190         rel = 0;    /* unreliable channel */
0191         break;
0192     default:
0193         BT_ERR("Unknown packet type");
0194         return NULL;
0195     }
0196
0197     if (hciextn && chan == 5) {
0198         __le16 opcode = ((struct hci_command_hdr *)data)->opcode;
0199
0200         /* Vendor specific commands */
0201         if (hci_opcode_ogf(__le16_to_cpu(opcode)) == 0x3f) {
0202             u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
0203
0204             if ((desc & 0xf0) == 0xc0) {
0205                 data += HCI_COMMAND_HDR_SIZE + 1;
0206                 len  -= HCI_COMMAND_HDR_SIZE + 1;
0207                 chan = desc & 0x0f;
0208             }
0209         }
0210     }
0211
0212     /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
0213      * (because bytes 0xc0 and 0xdb are escaped, worst case is
0214      * when the packet is all made of 0xc0 and 0xdb :) )
0215      * + 2 (0xc0 delimiters at start and end).
0216      */
0217
0218     nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
0219     if (!nskb)
0220         return NULL;
0221
0222     hci_skb_pkt_type(nskb) = pkt_type;
0223
0224     bcsp_slip_msgdelim(nskb);
0225
0226     hdr[0] = bcsp->rxseq_txack << 3;
0227     bcsp->txack_req = 0;
0228     BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
0229
0230     if (rel) {
0231         hdr[0] |= 0x80 + bcsp->msgq_txseq;
0232         BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
0233         bcsp->msgq_txseq = (bcsp->msgq_txseq + 1) & 0x07;
0234     }
0235
0236     if (bcsp->use_crc)
0237         hdr[0] |= 0x40;
0238
0239     hdr[1] = ((len << 4) & 0xff) | chan;
0240     hdr[2] = len >> 4;
0241     hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
0242
0243     /* Put BCSP header */
0244     for (i = 0; i < 4; i++) {
0245         bcsp_slip_one_byte(nskb, hdr[i]);
0246
0247         if (bcsp->use_crc)
0248             bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
0249     }
0250
0251     /* Put payload */
0252     for (i = 0; i < len; i++) {
0253         bcsp_slip_one_byte(nskb, data[i]);
0254
0255         if (bcsp->use_crc)
0256             bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
0257     }
0258
0259     /* Put CRC */
0260     if (bcsp->use_crc) {
0261         bcsp_txmsg_crc = bitrev16(bcsp_txmsg_crc);
0262         bcsp_slip_one_byte(nskb, (u8)((bcsp_txmsg_crc >> 8) & 0x00ff));
0263         bcsp_slip_one_byte(nskb, (u8)(bcsp_txmsg_crc & 0x00ff));
0264     }
0265
0266     bcsp_slip_msgdelim(nskb);
0267     return nskb;
0268 }
0269
0270 /* This is a rewrite of pkt_avail in ABCSP */
0271 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
0272 {
0273     struct bcsp_struct *bcsp = hu->priv;
0274     unsigned long flags;
0275     struct sk_buff *skb;
0276
0277     /* First of all, check for unreliable messages in the queue,
0278      * since they have priority
0279      */
0280
0281     skb = skb_dequeue(&bcsp->unrel);
0282     if (skb != NULL) {
0283         struct sk_buff *nskb;
0284
0285         nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
0286                     hci_skb_pkt_type(skb));
0287         if (nskb) {
0288             kfree_skb(skb);
0289             return nskb;
0290         } else {
0291             skb_queue_head(&bcsp->unrel, skb);
0292             BT_ERR("Could not dequeue pkt because alloc_skb failed");
0293         }
0294     }
0295
0296     /* Now, try to send a reliable pkt. We can only send a
0297      * reliable packet if the number of packets sent but not yet ack'ed
0298      * is < than the winsize
0299      */
0300
0301     spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
0302
0303     if (bcsp->unack.qlen < BCSP_TXWINSIZE) {
0304         skb = skb_dequeue(&bcsp->rel);
0305         if (skb != NULL) {
0306             struct sk_buff *nskb;
0307
0308             nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len,
0309                         hci_skb_pkt_type(skb));
0310             if (nskb) {
0311                 __skb_queue_tail(&bcsp->unack, skb);
0312                 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
0313                 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
0314                 return nskb;
0315             } else {
0316                 skb_queue_head(&bcsp->rel, skb);
0317                 BT_ERR("Could not dequeue pkt because alloc_skb failed");
0318             }
0319         }
0320     }
0321
0322     spin_unlock_irqrestore(&bcsp->unack.lock, flags);
0323
0324     /* We could not send a reliable packet, either because there are
0325      * none or because there are too many unack'ed pkts. Did we receive
0326      * any packets we have not acknowledged yet ?
0327      */
0328
0329     if (bcsp->txack_req) {
0330         /* if so, craft an empty ACK pkt and send it on BCSP unreliable
0331          * channel 0
0332          */
0333         struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
0334         return nskb;
0335     }
0336
0337     /* We have nothing to send */
0338     return NULL;
0339 }
0340
0341 static int bcsp_flush(struct hci_uart *hu)
0342 {
0343     BT_DBG("hu %p", hu);
0344     return 0;
0345 }
0346
0347 /* Remove ack'ed packets */
0348 static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
0349 {
0350     struct sk_buff *skb, *tmp;
0351     unsigned long flags;
0352     int i, pkts_to_be_removed;
0353     u8 seqno;
0354
0355     spin_lock_irqsave(&bcsp->unack.lock, flags);
0356
0357     pkts_to_be_removed = skb_queue_len(&bcsp->unack);
0358     seqno = bcsp->msgq_txseq;
0359
0360     while (pkts_to_be_removed) {
0361         if (bcsp->rxack == seqno)
0362             break;
0363         pkts_to_be_removed--;
0364         seqno = (seqno - 1) & 0x07;
0365     }
0366
0367     if (bcsp->rxack != seqno)
0368         BT_ERR("Peer acked invalid packet");
0369
0370     BT_DBG("Removing %u pkts out of %u, up to seqno %u",
0371            pkts_to_be_removed, skb_queue_len(&bcsp->unack),
0372            (seqno - 1) & 0x07);
0373
0374     i = 0;
0375     skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
0376         if (i >= pkts_to_be_removed)
0377             break;
0378         i++;
0379
0380         __skb_unlink(skb, &bcsp->unack);
0381         kfree_skb(skb);
0382     }
0383
0384     if (skb_queue_empty(&bcsp->unack))
0385         del_timer(&bcsp->tbcsp);
0386
0387     spin_unlock_irqrestore(&bcsp->unack.lock, flags);
0388
0389     if (i != pkts_to_be_removed)
0390         BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
0391 }
0392
0393 /* Handle BCSP link-establishment packets. When we
0394  * detect a "sync" packet, symptom that the BT module has reset,
0395  * we do nothing :) (yet)
0396  */
0397 static void bcsp_handle_le_pkt(struct hci_uart *hu)
0398 {
0399     struct bcsp_struct *bcsp = hu->priv;
0400     u8 conf_pkt[4]     = { 0xad, 0xef, 0xac, 0xed };
0401     u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
0402     u8 sync_pkt[4]     = { 0xda, 0xdc, 0xed, 0xed };
0403
0404     /* spot "conf" pkts and reply with a "conf rsp" pkt */
0405     if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
0406         !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
0407         struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
0408
0409         BT_DBG("Found a LE conf pkt");
0410         if (!nskb)
0411             return;
0412         skb_put_data(nskb, conf_rsp_pkt, 4);
0413         hci_skb_pkt_type(nskb) = BCSP_LE_PKT;
0414
0415         skb_queue_head(&bcsp->unrel, nskb);
0416         hci_uart_tx_wakeup(hu);
0417     }
0418     /* Spot "sync" pkts. If we find one...disaster! */
0419     else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
0420          !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
0421         BT_ERR("Found a LE sync pkt, card has reset");
0422     }
0423 }
0424
0425 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
0426 {
0427     const u8 c0 = 0xc0, db = 0xdb;
0428
0429     switch (bcsp->rx_esc_state) {
0430     case BCSP_ESCSTATE_NOESC:
0431         switch (byte) {
0432         case 0xdb:
0433             bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
0434             break;
0435         default:
0436             skb_put_data(bcsp->rx_skb, &byte, 1);
0437             if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
0438                 bcsp->rx_state != BCSP_W4_CRC)
0439                 bcsp_crc_update(&bcsp->message_crc, byte);
0440             bcsp->rx_count--;
0441         }
0442         break;
0443
0444     case BCSP_ESCSTATE_ESC:
0445         switch (byte) {
0446         case 0xdc:
0447             skb_put_data(bcsp->rx_skb, &c0, 1);
0448             if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
0449                 bcsp->rx_state != BCSP_W4_CRC)
0450                 bcsp_crc_update(&bcsp->message_crc, 0xc0);
0451             bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
0452             bcsp->rx_count--;
0453             break;
0454
0455         case 0xdd:
0456             skb_put_data(bcsp->rx_skb, &db, 1);
0457             if ((bcsp->rx_skb->data[0] & 0x40) != 0 &&
0458                 bcsp->rx_state != BCSP_W4_CRC)
0459                 bcsp_crc_update(&bcsp->message_crc, 0xdb);
0460             bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
0461             bcsp->rx_count--;
0462             break;
0463
0464         default:
0465             BT_ERR("Invalid byte %02x after esc byte", byte);
0466             kfree_skb(bcsp->rx_skb);
0467             bcsp->rx_skb = NULL;
0468             bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
0469             bcsp->rx_count = 0;
0470         }
0471     }
0472 }
0473
0474 static void bcsp_complete_rx_pkt(struct hci_uart *hu)
0475 {
0476     struct bcsp_struct *bcsp = hu->priv;
0477     int pass_up = 0;
0478
0479     if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
0480         BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
0481
0482         /* check the rx sequence number is as expected */
0483         if ((bcsp->rx_skb->data[0] & 0x07) == bcsp->rxseq_txack) {
0484             bcsp->rxseq_txack++;
0485             bcsp->rxseq_txack %= 0x8;
0486         } else {
0487             /* handle re-transmitted packet or
0488              * when packet was missed
0489              */
0490             BT_ERR("Out-of-order packet arrived, got %u expected %u",
0491                    bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
0492
0493             /* do not process out-of-order packet payload */
0494             pass_up = 2;
0495         }
0496
0497         /* send current txack value to all received reliable packets */
0498         bcsp->txack_req = 1;
0499
0500         /* If needed, transmit an ack pkt */
0501         hci_uart_tx_wakeup(hu);
0502     }
0503
0504     bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
0505     BT_DBG("Request for pkt %u from card", bcsp->rxack);
0506
0507     /* handle received ACK indications,
0508      * including those from out-of-order packets
0509      */
0510     bcsp_pkt_cull(bcsp);
0511
0512     if (pass_up != 2) {
0513         if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
0514             (bcsp->rx_skb->data[0] & 0x80)) {
0515             hci_skb_pkt_type(bcsp->rx_skb) = HCI_ACLDATA_PKT;
0516             pass_up = 1;
0517         } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
0518                (bcsp->rx_skb->data[0] & 0x80)) {
0519             hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
0520             pass_up = 1;
0521         } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
0522             hci_skb_pkt_type(bcsp->rx_skb) = HCI_SCODATA_PKT;
0523             pass_up = 1;
0524         } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
0525                !(bcsp->rx_skb->data[0] & 0x80)) {
0526             bcsp_handle_le_pkt(hu);
0527             pass_up = 0;
0528         } else {
0529             pass_up = 0;
0530         }
0531     }
0532
0533     if (pass_up == 0) {
0534         struct hci_event_hdr hdr;
0535         u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
0536
0537         if (desc != 0 && desc != 1) {
0538             if (hciextn) {
0539                 desc |= 0xc0;
0540                 skb_pull(bcsp->rx_skb, 4);
0541                 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
0542
0543                 hdr.evt = 0xff;
0544                 hdr.plen = bcsp->rx_skb->len;
0545                 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
0546                 hci_skb_pkt_type(bcsp->rx_skb) = HCI_EVENT_PKT;
0547
0548                 hci_recv_frame(hu->hdev, bcsp->rx_skb);
0549             } else {
0550                 BT_ERR("Packet for unknown channel (%u %s)",
0551                        bcsp->rx_skb->data[1] & 0x0f,
0552                        bcsp->rx_skb->data[0] & 0x80 ?
0553                        "reliable" : "unreliable");
0554                 kfree_skb(bcsp->rx_skb);
0555             }
0556         } else
0557             kfree_skb(bcsp->rx_skb);
0558     } else if (pass_up == 1) {
0559         /* Pull out BCSP hdr */
0560         skb_pull(bcsp->rx_skb, 4);
0561
0562         hci_recv_frame(hu->hdev, bcsp->rx_skb);
0563     } else {
0564         /* ignore packet payload of already ACKed re-transmitted
0565          * packets or when a packet was missed in the BCSP window
0566          */
0567         kfree_skb(bcsp->rx_skb);
0568     }
0569
0570     bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
0571     bcsp->rx_skb = NULL;
0572 }
0573
0574 static u16 bscp_get_crc(struct bcsp_struct *bcsp)
0575 {
0576     return get_unaligned_be16(&bcsp->rx_skb->data[bcsp->rx_skb->len - 2]);
0577 }
0578
0579 /* Recv data */
0580 static int bcsp_recv(struct hci_uart *hu, const void *data, int count)
0581 {
0582     struct bcsp_struct *bcsp = hu->priv;
0583     const unsigned char *ptr;
0584
0585     BT_DBG("hu %p count %d rx_state %d rx_count %ld",
0586            hu, count, bcsp->rx_state, bcsp->rx_count);
0587
0588     ptr = data;
0589     while (count) {
0590         if (bcsp->rx_count) {
0591             if (*ptr == 0xc0) {
0592                 BT_ERR("Short BCSP packet");
0593                 kfree_skb(bcsp->rx_skb);
0594                 bcsp->rx_skb = NULL;
0595                 bcsp->rx_state = BCSP_W4_PKT_START;
0596                 bcsp->rx_count = 0;
0597             } else
0598                 bcsp_unslip_one_byte(bcsp, *ptr);
0599
0600             ptr++; count--;
0601             continue;
0602         }
0603
0604         switch (bcsp->rx_state) {
0605         case BCSP_W4_BCSP_HDR:
0606             if ((0xff & (u8)~(bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
0607                 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
0608                 BT_ERR("Error in BCSP hdr checksum");
0609                 kfree_skb(bcsp->rx_skb);
0610                 bcsp->rx_skb = NULL;
0611                 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
0612                 bcsp->rx_count = 0;
0613                 continue;
0614             }
0615             bcsp->rx_state = BCSP_W4_DATA;
0616             bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
0617                     (bcsp->rx_skb->data[2] << 4);   /* May be 0 */
0618             continue;
0619
0620         case BCSP_W4_DATA:
0621             if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
0622                 bcsp->rx_state = BCSP_W4_CRC;
0623                 bcsp->rx_count = 2;
0624             } else
0625                 bcsp_complete_rx_pkt(hu);
0626             continue;
0627
0628         case BCSP_W4_CRC:
0629             if (bitrev16(bcsp->message_crc) != bscp_get_crc(bcsp)) {
0630                 BT_ERR("Checksum failed: computed %04x received %04x",
0631                        bitrev16(bcsp->message_crc),
0632                        bscp_get_crc(bcsp));
0633
0634                 kfree_skb(bcsp->rx_skb);
0635                 bcsp->rx_skb = NULL;
0636                 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
0637                 bcsp->rx_count = 0;
0638                 continue;
0639             }
0640             skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
0641             bcsp_complete_rx_pkt(hu);
0642             continue;
0643
0644         case BCSP_W4_PKT_DELIMITER:
0645             switch (*ptr) {
0646             case 0xc0:
0647                 bcsp->rx_state = BCSP_W4_PKT_START;
0648                 break;
0649             default:
0650                 /*BT_ERR("Ignoring byte %02x", *ptr);*/
0651                 break;
0652             }
0653             ptr++; count--;
0654             break;
0655
0656         case BCSP_W4_PKT_START:
0657             switch (*ptr) {
0658             case 0xc0:
0659                 ptr++; count--;
0660                 break;
0661
0662             default:
0663                 bcsp->rx_state = BCSP_W4_BCSP_HDR;
0664                 bcsp->rx_count = 4;
0665                 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
0666                 BCSP_CRC_INIT(bcsp->message_crc);
0667
0668                 /* Do not increment ptr or decrement count
0669                  * Allocate packet. Max len of a BCSP pkt=
0670                  * 0xFFF (payload) +4 (header) +2 (crc)
0671                  */
0672
0673                 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
0674                 if (!bcsp->rx_skb) {
0675                     BT_ERR("Can't allocate mem for new packet");
0676                     bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
0677                     bcsp->rx_count = 0;
0678                     return 0;
0679                 }
0680                 break;
0681             }
0682             break;
0683         }
0684     }
0685     return count;
0686 }
0687
0688     /* Arrange to retransmit all messages in the relq. */
0689 static void bcsp_timed_event(struct timer_list *t)
0690 {
0691     struct bcsp_struct *bcsp = from_timer(bcsp, t, tbcsp);
0692     struct hci_uart *hu = bcsp->hu;
0693     struct sk_buff *skb;
0694     unsigned long flags;
0695
0696     BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
0697
0698     spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
0699
0700     while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
0701         bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
0702         skb_queue_head(&bcsp->rel, skb);
0703     }
0704
0705     spin_unlock_irqrestore(&bcsp->unack.lock, flags);
0706
0707     hci_uart_tx_wakeup(hu);
0708 }
0709
0710 static int bcsp_open(struct hci_uart *hu)
0711 {
0712     struct bcsp_struct *bcsp;
0713
0714     BT_DBG("hu %p", hu);
0715
0716     bcsp = kzalloc(sizeof(*bcsp), GFP_KERNEL);
0717     if (!bcsp)
0718         return -ENOMEM;
0719
0720     hu->priv = bcsp;
0721     bcsp->hu = hu;
0722     skb_queue_head_init(&bcsp->unack);
0723     skb_queue_head_init(&bcsp->rel);
0724     skb_queue_head_init(&bcsp->unrel);
0725
0726     timer_setup(&bcsp->tbcsp, bcsp_timed_event, 0);
0727
0728     bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
0729
0730     if (txcrc)
0731         bcsp->use_crc = 1;
0732
0733     return 0;
0734 }
0735
0736 static int bcsp_close(struct hci_uart *hu)
0737 {
0738     struct bcsp_struct *bcsp = hu->priv;
0739
0740     del_timer_sync(&bcsp->tbcsp);
0741
0742     hu->priv = NULL;
0743
0744     BT_DBG("hu %p", hu);
0745
0746     skb_queue_purge(&bcsp->unack);
0747     skb_queue_purge(&bcsp->rel);
0748     skb_queue_purge(&bcsp->unrel);
0749
0750     if (bcsp->rx_skb) {
0751         kfree_skb(bcsp->rx_skb);
0752         bcsp->rx_skb = NULL;
0753     }
0754
0755     kfree(bcsp);
0756     return 0;
0757 }
0758
0759 static const struct hci_uart_proto bcsp = {
0760     .id     = HCI_UART_BCSP,
0761     .name       = "BCSP",
0762     .open       = bcsp_open,
0763     .close      = bcsp_close,
0764     .enqueue    = bcsp_enqueue,
0765     .dequeue    = bcsp_dequeue,
0766     .recv       = bcsp_recv,
0767     .flush      = bcsp_flush
0768 };
0769
0770 int __init bcsp_init(void)
0771 {
0772     return hci_uart_register_proto(&bcsp);
0773 }
0774
0775 int __exit bcsp_deinit(void)
0776 {
0777     return hci_uart_unregister_proto(&bcsp);
0778 }
0779
0780 module_param(txcrc, bool, 0644);
0781 MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
0782
0783 module_param(hciextn, bool, 0644);
0784 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");