2 BlueCore Serial Protocol (BCSP) for Linux Bluetooth stack (BlueZ).
3 Copyright 2002 by Fabrizio Gennari <fabrizio.gennari@philips.com>
6 hci_h4.c by Maxim Krasnyansky <maxk@qualcomm.com>
7 ABCSP by Carl Orsborn <cjo@csr.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
28 * $Id: hci_bcsp.c,v 1.2 2002/09/26 05:05:14 maxk Exp $
33 #include <linux/config.h>
34 #include <linux/module.h>
36 #include <linux/kernel.h>
37 #include <linux/init.h>
38 #include <linux/sched.h>
39 #include <linux/types.h>
40 #include <linux/fcntl.h>
41 #include <linux/interrupt.h>
42 #include <linux/ptrace.h>
43 #include <linux/poll.h>
45 #include <linux/slab.h>
46 #include <linux/tty.h>
47 #include <linux/errno.h>
48 #include <linux/string.h>
49 #include <linux/signal.h>
50 #include <linux/ioctl.h>
51 #include <linux/skbuff.h>
53 #include <net/bluetooth/bluetooth.h>
54 #include <net/bluetooth/hci_core.h>
58 #ifndef CONFIG_BT_HCIUART_DEBUG
60 #define BT_DBG( A... )
64 static int hciextn = 1;
66 /* ---- BCSP CRC calculation ---- */
68 /* Table for calculating CRC for polynomial 0x1021, LSB processed first,
69 initial value 0xffff, bits shifted in reverse order. */
71 static const u16 crc_table[] = {
72 0x0000, 0x1081, 0x2102, 0x3183,
73 0x4204, 0x5285, 0x6306, 0x7387,
74 0x8408, 0x9489, 0xa50a, 0xb58b,
75 0xc60c, 0xd68d, 0xe70e, 0xf78f
78 /* Initialise the crc calculator */
79 #define BCSP_CRC_INIT(x) x = 0xffff
82 Update crc with next data byte
85 The data byte is treated as two nibbles. The crc is generated
86 in reverse, i.e., bits are fed into the register from the top.
88 static void bcsp_crc_update(u16 *crc, u8 d)
92 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
93 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
99 Get reverse of generated crc
102 The crc generator (bcsp_crc_init() and bcsp_crc_update())
103 creates a reversed crc, so it needs to be swapped back before
106 static u16 bcsp_crc_reverse(u16 crc)
110 for (b = 0, rev = 0; b < 16; b++) {
118 /* ---- BCSP core ---- */
120 static void bcsp_slip_msgdelim(struct sk_buff *skb)
122 const char pkt_delim = 0xc0;
123 memcpy(skb_put(skb, 1), &pkt_delim, 1);
126 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
128 const char esc_c0[2] = { 0xdb, 0xdc };
129 const char esc_db[2] = { 0xdb, 0xdd };
133 memcpy(skb_put(skb, 2), &esc_c0, 2);
136 memcpy(skb_put(skb, 2), &esc_db, 2);
139 memcpy(skb_put(skb, 1), &c, 1);
143 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
145 struct bcsp_struct *bcsp = hu->priv;
147 if (skb->len > 0xFFF) {
148 BT_ERR("Packet too long");
153 switch (bt_cb(skb)->pkt_type) {
154 case HCI_ACLDATA_PKT:
155 case HCI_COMMAND_PKT:
156 skb_queue_tail(&bcsp->rel, skb);
159 case HCI_SCODATA_PKT:
160 skb_queue_tail(&bcsp->unrel, skb);
164 BT_ERR("Unknown packet type");
172 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
173 int len, int pkt_type)
175 struct sk_buff *nskb;
177 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
181 case HCI_ACLDATA_PKT:
182 chan = 6; /* BCSP ACL channel */
183 rel = 1; /* reliable channel */
185 case HCI_COMMAND_PKT:
186 chan = 5; /* BCSP cmd/evt channel */
187 rel = 1; /* reliable channel */
189 case HCI_SCODATA_PKT:
190 chan = 7; /* BCSP SCO channel */
191 rel = 0; /* unreliable channel */
194 chan = 1; /* BCSP LE channel */
195 rel = 0; /* unreliable channel */
198 chan = 0; /* BCSP internal channel */
199 rel = 0; /* unreliable channel */
202 BT_ERR("Unknown packet type");
206 if (hciextn && chan == 5) {
207 struct hci_command_hdr *hdr = (struct hci_command_hdr *) data;
209 if (hci_opcode_ogf(__le16_to_cpu(hdr->opcode)) == OGF_VENDOR_CMD) {
210 u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
211 if ((desc & 0xf0) == 0xc0) {
212 data += HCI_COMMAND_HDR_SIZE + 1;
213 len -= HCI_COMMAND_HDR_SIZE + 1;
219 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
220 (because bytes 0xc0 and 0xdb are escaped, worst case is
221 when the packet is all made of 0xc0 and 0xdb :) )
222 + 2 (0xc0 delimiters at start and end). */
224 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
228 bt_cb(nskb)->pkt_type = pkt_type;
230 bcsp_slip_msgdelim(nskb);
232 hdr[0] = bcsp->rxseq_txack << 3;
234 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
237 hdr[0] |= 0x80 + bcsp->msgq_txseq;
238 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
239 bcsp->msgq_txseq = ++(bcsp->msgq_txseq) & 0x07;
245 hdr[1] = ((len << 4) & 0xff) | chan;
247 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
249 /* Put BCSP header */
250 for (i = 0; i < 4; i++) {
251 bcsp_slip_one_byte(nskb, hdr[i]);
254 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
258 for (i = 0; i < len; i++) {
259 bcsp_slip_one_byte(nskb, data[i]);
262 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
267 bcsp_txmsg_crc = bcsp_crc_reverse(bcsp_txmsg_crc);
268 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
269 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
272 bcsp_slip_msgdelim(nskb);
276 /* This is a rewrite of pkt_avail in ABCSP */
277 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
279 struct bcsp_struct *bcsp = hu->priv;
283 /* First of all, check for unreliable messages in the queue,
284 since they have priority */
286 if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) {
287 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
292 skb_queue_head(&bcsp->unrel, skb);
293 BT_ERR("Could not dequeue pkt because alloc_skb failed");
297 /* Now, try to send a reliable pkt. We can only send a
298 reliable packet if the number of packets sent but not yet ack'ed
299 is < than the winsize */
301 spin_lock_irqsave(&bcsp->unack.lock, flags);
303 if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) {
304 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
306 __skb_queue_tail(&bcsp->unack, skb);
307 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
308 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
311 skb_queue_head(&bcsp->rel, skb);
312 BT_ERR("Could not dequeue pkt because alloc_skb failed");
316 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
319 /* We could not send a reliable packet, either because there are
320 none or because there are too many unack'ed pkts. Did we receive
321 any packets we have not acknowledged yet ? */
323 if (bcsp->txack_req) {
324 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
326 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
330 /* We have nothing to send */
334 static int bcsp_flush(struct hci_uart *hu)
340 /* Remove ack'ed packets */
341 static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
345 int i, pkts_to_be_removed;
348 spin_lock_irqsave(&bcsp->unack.lock, flags);
350 pkts_to_be_removed = bcsp->unack.qlen;
351 seqno = bcsp->msgq_txseq;
353 while (pkts_to_be_removed) {
354 if (bcsp->rxack == seqno)
356 pkts_to_be_removed--;
357 seqno = (seqno - 1) & 0x07;
360 if (bcsp->rxack != seqno)
361 BT_ERR("Peer acked invalid packet");
363 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
364 pkts_to_be_removed, bcsp->unack.qlen, (seqno - 1) & 0x07);
366 for (i = 0, skb = ((struct sk_buff *) &bcsp->unack)->next; i < pkts_to_be_removed
367 && skb != (struct sk_buff *) &bcsp->unack; i++) {
368 struct sk_buff *nskb;
371 __skb_unlink(skb, &bcsp->unack);
375 if (bcsp->unack.qlen == 0)
376 del_timer(&bcsp->tbcsp);
377 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
379 if (i != pkts_to_be_removed)
380 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
383 /* Handle BCSP link-establishment packets. When we
384 detect a "sync" packet, symptom that the BT module has reset,
385 we do nothing :) (yet) */
386 static void bcsp_handle_le_pkt(struct hci_uart *hu)
388 struct bcsp_struct *bcsp = hu->priv;
389 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
390 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
391 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
393 /* spot "conf" pkts and reply with a "conf rsp" pkt */
394 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
395 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
396 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
398 BT_DBG("Found a LE conf pkt");
401 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
402 bt_cb(nskb)->pkt_type = BCSP_LE_PKT;
404 skb_queue_head(&bcsp->unrel, nskb);
405 hci_uart_tx_wakeup(hu);
407 /* Spot "sync" pkts. If we find one...disaster! */
408 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
409 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
410 BT_ERR("Found a LE sync pkt, card has reset");
414 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
416 const u8 c0 = 0xc0, db = 0xdb;
418 switch (bcsp->rx_esc_state) {
419 case BCSP_ESCSTATE_NOESC:
422 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
425 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
426 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
427 bcsp->rx_state != BCSP_W4_CRC)
428 bcsp_crc_update(&bcsp->message_crc, byte);
433 case BCSP_ESCSTATE_ESC:
436 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
437 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
438 bcsp->rx_state != BCSP_W4_CRC)
439 bcsp_crc_update(&bcsp-> message_crc, 0xc0);
440 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
445 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
446 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
447 bcsp->rx_state != BCSP_W4_CRC)
448 bcsp_crc_update(&bcsp-> message_crc, 0xdb);
449 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
454 BT_ERR ("Invalid byte %02x after esc byte", byte);
455 kfree_skb(bcsp->rx_skb);
457 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
463 static inline void bcsp_complete_rx_pkt(struct hci_uart *hu)
465 struct bcsp_struct *bcsp = hu->priv;
468 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
469 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
471 bcsp->rxseq_txack %= 0x8;
474 /* If needed, transmit an ack pkt */
475 hci_uart_tx_wakeup(hu);
478 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
479 BT_DBG("Request for pkt %u from card", bcsp->rxack);
482 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
483 bcsp->rx_skb->data[0] & 0x80) {
484 bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT;
486 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
487 bcsp->rx_skb->data[0] & 0x80) {
488 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
490 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
491 bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT;
493 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
494 !(bcsp->rx_skb->data[0] & 0x80)) {
495 bcsp_handle_le_pkt(hu);
501 struct hci_event_hdr hdr;
502 u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
504 if (desc != 0 && desc != 1) {
507 skb_pull(bcsp->rx_skb, 4);
508 memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
511 hdr.plen = bcsp->rx_skb->len;
512 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
513 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
515 hci_recv_frame(bcsp->rx_skb);
517 BT_ERR ("Packet for unknown channel (%u %s)",
518 bcsp->rx_skb->data[1] & 0x0f,
519 bcsp->rx_skb->data[0] & 0x80 ?
520 "reliable" : "unreliable");
521 kfree_skb(bcsp->rx_skb);
524 kfree_skb(bcsp->rx_skb);
526 /* Pull out BCSP hdr */
527 skb_pull(bcsp->rx_skb, 4);
529 hci_recv_frame(bcsp->rx_skb);
531 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
536 static int bcsp_recv(struct hci_uart *hu, void *data, int count)
538 struct bcsp_struct *bcsp = hu->priv;
539 register unsigned char *ptr;
541 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
542 hu, count, bcsp->rx_state, bcsp->rx_count);
546 if (bcsp->rx_count) {
548 BT_ERR("Short BCSP packet");
549 kfree_skb(bcsp->rx_skb);
550 bcsp->rx_state = BCSP_W4_PKT_START;
553 bcsp_unslip_one_byte(bcsp, *ptr);
559 switch (bcsp->rx_state) {
560 case BCSP_W4_BCSP_HDR:
561 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
562 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
563 BT_ERR("Error in BCSP hdr checksum");
564 kfree_skb(bcsp->rx_skb);
565 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
569 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */
570 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
571 BT_ERR ("Out-of-order packet arrived, got %u expected %u",
572 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
574 kfree_skb(bcsp->rx_skb);
575 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
579 bcsp->rx_state = BCSP_W4_DATA;
580 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
581 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
585 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
586 bcsp->rx_state = BCSP_W4_CRC;
589 bcsp_complete_rx_pkt(hu);
593 if (bcsp_crc_reverse(bcsp->message_crc) !=
594 (bcsp->rx_skb->data[bcsp->rx_skb->len - 2] << 8) +
595 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]) {
597 BT_ERR ("Checksum failed: computed %04x received %04x",
598 bcsp_crc_reverse(bcsp->message_crc),
599 (bcsp->rx_skb-> data[bcsp->rx_skb->len - 2] << 8) +
600 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]);
602 kfree_skb(bcsp->rx_skb);
603 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
607 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
608 bcsp_complete_rx_pkt(hu);
611 case BCSP_W4_PKT_DELIMITER:
614 bcsp->rx_state = BCSP_W4_PKT_START;
617 /*BT_ERR("Ignoring byte %02x", *ptr);*/
623 case BCSP_W4_PKT_START:
630 bcsp->rx_state = BCSP_W4_BCSP_HDR;
632 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
633 BCSP_CRC_INIT(bcsp->message_crc);
635 /* Do not increment ptr or decrement count
636 * Allocate packet. Max len of a BCSP pkt=
637 * 0xFFF (payload) +4 (header) +2 (crc) */
639 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
641 BT_ERR("Can't allocate mem for new packet");
642 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
646 bcsp->rx_skb->dev = (void *) hu->hdev;
655 /* Arrange to retransmit all messages in the relq. */
656 static void bcsp_timed_event(unsigned long arg)
658 struct hci_uart *hu = (struct hci_uart *) arg;
659 struct bcsp_struct *bcsp = hu->priv;
663 BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
665 spin_lock_irqsave(&bcsp->unack.lock, flags);
667 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
668 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
669 skb_queue_head(&bcsp->rel, skb);
672 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
674 hci_uart_tx_wakeup(hu);
677 static int bcsp_open(struct hci_uart *hu)
679 struct bcsp_struct *bcsp;
683 bcsp = kmalloc(sizeof(*bcsp), GFP_ATOMIC);
686 memset(bcsp, 0, sizeof(*bcsp));
689 skb_queue_head_init(&bcsp->unack);
690 skb_queue_head_init(&bcsp->rel);
691 skb_queue_head_init(&bcsp->unrel);
693 init_timer(&bcsp->tbcsp);
694 bcsp->tbcsp.function = bcsp_timed_event;
695 bcsp->tbcsp.data = (u_long) hu;
697 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
705 static int bcsp_close(struct hci_uart *hu)
707 struct bcsp_struct *bcsp = hu->priv;
712 skb_queue_purge(&bcsp->unack);
713 skb_queue_purge(&bcsp->rel);
714 skb_queue_purge(&bcsp->unrel);
715 del_timer(&bcsp->tbcsp);
721 static struct hci_uart_proto bcsp = {
725 .enqueue = bcsp_enqueue,
726 .dequeue = bcsp_dequeue,
733 int err = hci_uart_register_proto(&bcsp);
735 BT_INFO("HCI BCSP protocol initialized");
737 BT_ERR("HCI BCSP protocol registration failed");
742 int bcsp_deinit(void)
744 return hci_uart_unregister_proto(&bcsp);
747 module_param(txcrc, bool, 0644);
748 MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
750 module_param(hciextn, bool, 0644);
751 MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");