drivers/bluetooth/hci_h4.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 /*
0003  *
0004  *  Bluetooth HCI UART driver
0005  *
0006  *  Copyright (C) 2000-2001  Qualcomm Incorporated
0007  *  Copyright (C) 2002-2003  Maxim Krasnyansky <maxk@qualcomm.com>
0008  *  Copyright (C) 2004-2005  Marcel Holtmann <marcel@holtmann.org>
0009  */
0010
0011 #include <linux/module.h>
0012
0013 #include <linux/kernel.h>
0014 #include <linux/init.h>
0015 #include <linux/types.h>
0016 #include <linux/fcntl.h>
0017 #include <linux/interrupt.h>
0018 #include <linux/ptrace.h>
0019 #include <linux/poll.h>
0020
0021 #include <linux/slab.h>
0022 #include <linux/tty.h>
0023 #include <linux/errno.h>
0024 #include <linux/string.h>
0025 #include <linux/signal.h>
0026 #include <linux/ioctl.h>
0027 #include <linux/skbuff.h>
0028 #include <asm/unaligned.h>
0029
0030 #include <net/bluetooth/bluetooth.h>
0031 #include <net/bluetooth/hci_core.h>
0032
0033 #include "hci_uart.h"
0034
0035 struct h4_struct {
0036     struct sk_buff *rx_skb;
0037     struct sk_buff_head txq;
0038 };
0039
0040 /* Initialize protocol */
0041 static int h4_open(struct hci_uart *hu)
0042 {
0043     struct h4_struct *h4;
0044
0045     BT_DBG("hu %p", hu);
0046
0047     h4 = kzalloc(sizeof(*h4), GFP_KERNEL);
0048     if (!h4)
0049         return -ENOMEM;
0050
0051     skb_queue_head_init(&h4->txq);
0052
0053     hu->priv = h4;
0054     return 0;
0055 }
0056
0057 /* Flush protocol data */
0058 static int h4_flush(struct hci_uart *hu)
0059 {
0060     struct h4_struct *h4 = hu->priv;
0061
0062     BT_DBG("hu %p", hu);
0063
0064     skb_queue_purge(&h4->txq);
0065
0066     return 0;
0067 }
0068
0069 /* Close protocol */
0070 static int h4_close(struct hci_uart *hu)
0071 {
0072     struct h4_struct *h4 = hu->priv;
0073
0074     BT_DBG("hu %p", hu);
0075
0076     skb_queue_purge(&h4->txq);
0077
0078     kfree_skb(h4->rx_skb);
0079
0080     hu->priv = NULL;
0081     kfree(h4);
0082
0083     return 0;
0084 }
0085
0086 /* Enqueue frame for transmission (padding, crc, etc) */
0087 static int h4_enqueue(struct hci_uart *hu, struct sk_buff *skb)
0088 {
0089     struct h4_struct *h4 = hu->priv;
0090
0091     BT_DBG("hu %p skb %p", hu, skb);
0092
0093     /* Prepend skb with frame type */
0094     memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
0095     skb_queue_tail(&h4->txq, skb);
0096
0097     return 0;
0098 }
0099
0100 static const struct h4_recv_pkt h4_recv_pkts[] = {
0101     { H4_RECV_ACL,   .recv = hci_recv_frame },
0102     { H4_RECV_SCO,   .recv = hci_recv_frame },
0103     { H4_RECV_EVENT, .recv = hci_recv_frame },
0104     { H4_RECV_ISO,   .recv = hci_recv_frame },
0105 };
0106
0107 /* Recv data */
0108 static int h4_recv(struct hci_uart *hu, const void *data, int count)
0109 {
0110     struct h4_struct *h4 = hu->priv;
0111
0112     if (!test_bit(HCI_UART_REGISTERED, &hu->flags))
0113         return -EUNATCH;
0114
0115     h4->rx_skb = h4_recv_buf(hu->hdev, h4->rx_skb, data, count,
0116                  h4_recv_pkts, ARRAY_SIZE(h4_recv_pkts));
0117     if (IS_ERR(h4->rx_skb)) {
0118         int err = PTR_ERR(h4->rx_skb);
0119         bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err);
0120         h4->rx_skb = NULL;
0121         return err;
0122     }
0123
0124     return count;
0125 }
0126
0127 static struct sk_buff *h4_dequeue(struct hci_uart *hu)
0128 {
0129     struct h4_struct *h4 = hu->priv;
0130     return skb_dequeue(&h4->txq);
0131 }
0132
0133 static const struct hci_uart_proto h4p = {
0134     .id     = HCI_UART_H4,
0135     .name       = "H4",
0136     .open       = h4_open,
0137     .close      = h4_close,
0138     .recv       = h4_recv,
0139     .enqueue    = h4_enqueue,
0140     .dequeue    = h4_dequeue,
0141     .flush      = h4_flush,
0142 };
0143
0144 int __init h4_init(void)
0145 {
0146     return hci_uart_register_proto(&h4p);
0147 }
0148
0149 int __exit h4_deinit(void)
0150 {
0151     return hci_uart_unregister_proto(&h4p);
0152 }
0153
0154 struct sk_buff *h4_recv_buf(struct hci_dev *hdev, struct sk_buff *skb,
0155                 const unsigned char *buffer, int count,
0156                 const struct h4_recv_pkt *pkts, int pkts_count)
0157 {
0158     struct hci_uart *hu = hci_get_drvdata(hdev);
0159     u8 alignment = hu->alignment ? hu->alignment : 1;
0160
0161     /* Check for error from previous call */
0162     if (IS_ERR(skb))
0163         skb = NULL;
0164
0165     while (count) {
0166         int i, len;
0167
0168         /* remove padding bytes from buffer */
0169         for (; hu->padding && count > 0; hu->padding--) {
0170             count--;
0171             buffer++;
0172         }
0173         if (!count)
0174             break;
0175
0176         if (!skb) {
0177             for (i = 0; i < pkts_count; i++) {
0178                 if (buffer[0] != (&pkts[i])->type)
0179                     continue;
0180
0181                 skb = bt_skb_alloc((&pkts[i])->maxlen,
0182                            GFP_ATOMIC);
0183                 if (!skb)
0184                     return ERR_PTR(-ENOMEM);
0185
0186                 hci_skb_pkt_type(skb) = (&pkts[i])->type;
0187                 hci_skb_expect(skb) = (&pkts[i])->hlen;
0188                 break;
0189             }
0190
0191             /* Check for invalid packet type */
0192             if (!skb)
0193                 return ERR_PTR(-EILSEQ);
0194
0195             count -= 1;
0196             buffer += 1;
0197         }
0198
0199         len = min_t(uint, hci_skb_expect(skb) - skb->len, count);
0200         skb_put_data(skb, buffer, len);
0201
0202         count -= len;
0203         buffer += len;
0204
0205         /* Check for partial packet */
0206         if (skb->len < hci_skb_expect(skb))
0207             continue;
0208
0209         for (i = 0; i < pkts_count; i++) {
0210             if (hci_skb_pkt_type(skb) == (&pkts[i])->type)
0211                 break;
0212         }
0213
0214         if (i >= pkts_count) {
0215             kfree_skb(skb);
0216             return ERR_PTR(-EILSEQ);
0217         }
0218
0219         if (skb->len == (&pkts[i])->hlen) {
0220             u16 dlen;
0221
0222             switch ((&pkts[i])->lsize) {
0223             case 0:
0224                 /* No variable data length */
0225                 dlen = 0;
0226                 break;
0227             case 1:
0228                 /* Single octet variable length */
0229                 dlen = skb->data[(&pkts[i])->loff];
0230                 hci_skb_expect(skb) += dlen;
0231
0232                 if (skb_tailroom(skb) < dlen) {
0233                     kfree_skb(skb);
0234                     return ERR_PTR(-EMSGSIZE);
0235                 }
0236                 break;
0237             case 2:
0238                 /* Double octet variable length */
0239                 dlen = get_unaligned_le16(skb->data +
0240                               (&pkts[i])->loff);
0241                 hci_skb_expect(skb) += dlen;
0242
0243                 if (skb_tailroom(skb) < dlen) {
0244                     kfree_skb(skb);
0245                     return ERR_PTR(-EMSGSIZE);
0246                 }
0247                 break;
0248             default:
0249                 /* Unsupported variable length */
0250                 kfree_skb(skb);
0251                 return ERR_PTR(-EILSEQ);
0252             }
0253
0254             if (!dlen) {
0255                 hu->padding = (skb->len + 1) % alignment;
0256                 hu->padding = (alignment - hu->padding) % alignment;
0257
0258                 /* No more data, complete frame */
0259                 (&pkts[i])->recv(hdev, skb);
0260                 skb = NULL;
0261             }
0262         } else {
0263             hu->padding = (skb->len + 1) % alignment;
0264             hu->padding = (alignment - hu->padding) % alignment;
0265
0266             /* Complete frame */
0267             (&pkts[i])->recv(hdev, skb);
0268             skb = NULL;
0269         }
0270     }
0271
0272     return skb;
0273 }
0274 EXPORT_SYMBOL_GPL(h4_recv_buf);