1/*
2 *
3 *  Bluetooth HCI UART driver
4 *
5 *  Copyright (C) 2002-2003  Fabrizio Gennari <fabrizio.gennari@philips.com>
6 *  Copyright (C) 2004-2005  Marcel Holtmann <marcel@holtmann.org>
7 *
8 *
9 *  This program is free software; you can redistribute it and/or modify
10 *  it under the terms of the GNU General Public License as published by
11 *  the Free Software Foundation; either version 2 of the License, or
12 *  (at your option) any later version.
13 *
14 *  This program is distributed in the hope that it will be useful,
15 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
16 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 *  GNU General Public License for more details.
18 *
19 *  You should have received a copy of the GNU General Public License
20 *  along with this program; if not, write to the Free Software
21 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22 *
23 */
24
25#include <linux/module.h>
26
27#include <linux/kernel.h>
28#include <linux/init.h>
29#include <linux/types.h>
30#include <linux/fcntl.h>
31#include <linux/interrupt.h>
32#include <linux/ptrace.h>
33#include <linux/poll.h>
34
35#include <linux/slab.h>
36#include <linux/tty.h>
37#include <linux/errno.h>
38#include <linux/string.h>
39#include <linux/signal.h>
40#include <linux/ioctl.h>
41#include <linux/skbuff.h>
42
43#include <net/bluetooth/bluetooth.h>
44#include <net/bluetooth/hci_core.h>
45
46#include "hci_uart.h"
47
48#ifndef CONFIG_BT_HCIUART_DEBUG
49#undef  BT_DBG
50#define BT_DBG( A... )
51#endif
52
53#define VERSION "0.3"
54
55static int txcrc = 1;
56static int hciextn = 1;
57
58#define BCSP_TXWINSIZE	4
59
60#define BCSP_ACK_PKT	0x05
61#define BCSP_LE_PKT	0x06
62
63struct bcsp_struct {
64	struct sk_buff_head unack;	/* Unack'ed packets queue */
65	struct sk_buff_head rel;	/* Reliable packets queue */
66	struct sk_buff_head unrel;	/* Unreliable packets queue */
67
68	unsigned long rx_count;
69	struct	sk_buff *rx_skb;
70	u8	rxseq_txack;		/* rxseq == txack. */
71	u8	rxack;			/* Last packet sent by us that the peer ack'ed */
72	struct	timer_list tbcsp;
73
74	enum {
75		BCSP_W4_PKT_DELIMITER,
76		BCSP_W4_PKT_START,
77		BCSP_W4_BCSP_HDR,
78		BCSP_W4_DATA,
79		BCSP_W4_CRC
80	} rx_state;
81
82	enum {
83		BCSP_ESCSTATE_NOESC,
84		BCSP_ESCSTATE_ESC
85	} rx_esc_state;
86
87	u8	use_crc;
88	u16	message_crc;
89	u8	txack_req;		/* Do we need to send ack's to the peer? */
90
91	/* Reliable packet sequence number - used to assign seq to each rel pkt. */
92	u8	msgq_txseq;
93};
94
95/* ---- BCSP CRC calculation ---- */
96
97/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
98initial value 0xffff, bits shifted in reverse order. */
99
100static const u16 crc_table[] = {
101	0x0000, 0x1081, 0x2102, 0x3183,
102	0x4204, 0x5285, 0x6306, 0x7387,
103	0x8408, 0x9489, 0xa50a, 0xb58b,
104	0xc60c, 0xd68d, 0xe70e, 0xf78f
105};
106
107/* Initialise the crc calculator */
108#define BCSP_CRC_INIT(x) x = 0xffff
109
110/*
111   Update crc with next data byte
112
113   Implementation note
114        The data byte is treated as two nibbles.  The crc is generated
115        in reverse, i.e., bits are fed into the register from the top.
116*/
117static void bcsp_crc_update(u16 *crc, u8 d)
118{
119	u16 reg = *crc;
120
121	reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
122	reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
123
124	*crc = reg;
125}
126
127/*
128   Get reverse of generated crc
129
130   Implementation note
131        The crc generator (bcsp_crc_init() and bcsp_crc_update())
132        creates a reversed crc, so it needs to be swapped back before
133        being passed on.
134*/
135static u16 bcsp_crc_reverse(u16 crc)
136{
137	u16 b, rev;
138
139	for (b = 0, rev = 0; b < 16; b++) {
140		rev = rev << 1;
141		rev |= (crc & 1);
142		crc = crc >> 1;
143	}
144
145	return (rev);
146}
147
148/* ---- BCSP core ---- */
149
150static void bcsp_slip_msgdelim(struct sk_buff *skb)
151{
152	const char pkt_delim = 0xc0;
153
154	memcpy(skb_put(skb, 1), &pkt_delim, 1);
155}
156
157static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
158{
159	const char esc_c0[2] = { 0xdb, 0xdc };
160	const char esc_db[2] = { 0xdb, 0xdd };
161
162	switch (c) {
163	case 0xc0:
164		memcpy(skb_put(skb, 2), &esc_c0, 2);
165		break;
166	case 0xdb:
167		memcpy(skb_put(skb, 2), &esc_db, 2);
168		break;
169	default:
170		memcpy(skb_put(skb, 1), &c, 1);
171	}
172}
173
174static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
175{
176	struct bcsp_struct *bcsp = hu->priv;
177
178	if (skb->len > 0xFFF) {
179		BT_ERR("Packet too long");
180		kfree_skb(skb);
181		return 0;
182	}
183
184	switch (bt_cb(skb)->pkt_type) {
185	case HCI_ACLDATA_PKT:
186	case HCI_COMMAND_PKT:
187		skb_queue_tail(&bcsp->rel, skb);
188		break;
189
190	case HCI_SCODATA_PKT:
191		skb_queue_tail(&bcsp->unrel, skb);
192		break;
193
194	default:
195		BT_ERR("Unknown packet type");
196		kfree_skb(skb);
197		break;
198	}
199
200	return 0;
201}
202
203static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
204		int len, int pkt_type)
205{
206	struct sk_buff *nskb;
207	u8 hdr[4], chan;
208	u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
209	int rel, i;
210
211	switch (pkt_type) {
212	case HCI_ACLDATA_PKT:
213		chan = 6;	/* BCSP ACL channel */
214		rel = 1;	/* reliable channel */
215		break;
216	case HCI_COMMAND_PKT:
217		chan = 5;	/* BCSP cmd/evt channel */
218		rel = 1;	/* reliable channel */
219		break;
220	case HCI_SCODATA_PKT:
221		chan = 7;	/* BCSP SCO channel */
222		rel = 0;	/* unreliable channel */
223		break;
224	case BCSP_LE_PKT:
225		chan = 1;	/* BCSP LE channel */
226		rel = 0;	/* unreliable channel */
227		break;
228	case BCSP_ACK_PKT:
229		chan = 0;	/* BCSP internal channel */
230		rel = 0;	/* unreliable channel */
231		break;
232	default:
233		BT_ERR("Unknown packet type");
234		return NULL;
235	}
236
237	if (hciextn && chan == 5) {
238		struct hci_command_hdr *hdr = (struct hci_command_hdr *) data;
239
240		if (hci_opcode_ogf(__le16_to_cpu(hdr->opcode)) == OGF_VENDOR_CMD) {
241			u8 desc = *(data + HCI_COMMAND_HDR_SIZE);
242			if ((desc & 0xf0) == 0xc0) {
243				data += HCI_COMMAND_HDR_SIZE + 1;
244				len  -= HCI_COMMAND_HDR_SIZE + 1;
245				chan = desc & 0x0f;
246			}
247		}
248	}
249
250	/* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
251	   (because bytes 0xc0 and 0xdb are escaped, worst case is
252	   when the packet is all made of 0xc0 and 0xdb :) )
253	   + 2 (0xc0 delimiters at start and end). */
254
255	nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
256	if (!nskb)
257		return NULL;
258
259	bt_cb(nskb)->pkt_type = pkt_type;
260
261	bcsp_slip_msgdelim(nskb);
262
263	hdr[0] = bcsp->rxseq_txack << 3;
264	bcsp->txack_req = 0;
265	BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
266
267	if (rel) {
268		hdr[0] |= 0x80 + bcsp->msgq_txseq;
269		BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
270		bcsp->msgq_txseq = ++(bcsp->msgq_txseq) & 0x07;
271	}
272
273	if (bcsp->use_crc)
274		hdr[0] |= 0x40;
275
276	hdr[1] = ((len << 4) & 0xff) | chan;
277	hdr[2] = len >> 4;
278	hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
279
280	/* Put BCSP header */
281	for (i = 0; i < 4; i++) {
282		bcsp_slip_one_byte(nskb, hdr[i]);
283
284		if (bcsp->use_crc)
285			bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
286	}
287
288	/* Put payload */
289	for (i = 0; i < len; i++) {
290		bcsp_slip_one_byte(nskb, data[i]);
291
292		if (bcsp->use_crc)
293			bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
294	}
295
296	/* Put CRC */
297	if (bcsp->use_crc) {
298		bcsp_txmsg_crc = bcsp_crc_reverse(bcsp_txmsg_crc);
299		bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
300		bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
301	}
302
303	bcsp_slip_msgdelim(nskb);
304	return nskb;
305}
306
307/* This is a rewrite of pkt_avail in ABCSP */
308static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
309{
310	struct bcsp_struct *bcsp = hu->priv;
311	unsigned long flags;
312	struct sk_buff *skb;
313
314	/* First of all, check for unreliable messages in the queue,
315	   since they have priority */
316
317	if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) {
318		struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
319		if (nskb) {
320			kfree_skb(skb);
321			return nskb;
322		} else {
323			skb_queue_head(&bcsp->unrel, skb);
324			BT_ERR("Could not dequeue pkt because alloc_skb failed");
325		}
326	}
327
328	/* Now, try to send a reliable pkt. We can only send a
329	   reliable packet if the number of packets sent but not yet ack'ed
330	   is < than the winsize */
331
332	spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
333
334	if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) {
335		struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
336		if (nskb) {
337			__skb_queue_tail(&bcsp->unack, skb);
338			mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
339			spin_unlock_irqrestore(&bcsp->unack.lock, flags);
340			return nskb;
341		} else {
342			skb_queue_head(&bcsp->rel, skb);
343			BT_ERR("Could not dequeue pkt because alloc_skb failed");
344		}
345	}
346
347	spin_unlock_irqrestore(&bcsp->unack.lock, flags);
348
349	/* We could not send a reliable packet, either because there are
350	   none or because there are too many unack'ed pkts. Did we receive
351	   any packets we have not acknowledged yet ? */
352
353	if (bcsp->txack_req) {
354		/* if so, craft an empty ACK pkt and send it on BCSP unreliable
355		   channel 0 */
356		struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
357		return nskb;
358	}
359
360	/* We have nothing to send */
361	return NULL;
362}
363
364static int bcsp_flush(struct hci_uart *hu)
365{
366	BT_DBG("hu %p", hu);
367	return 0;
368}
369
370/* Remove ack'ed packets */
371static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
372{
373	unsigned long flags;
374	struct sk_buff *skb;
375	int i, pkts_to_be_removed;
376	u8 seqno;
377
378	spin_lock_irqsave(&bcsp->unack.lock, flags);
379
380	pkts_to_be_removed = bcsp->unack.qlen;
381	seqno = bcsp->msgq_txseq;
382
383	while (pkts_to_be_removed) {
384		if (bcsp->rxack == seqno)
385			break;
386		pkts_to_be_removed--;
387		seqno = (seqno - 1) & 0x07;
388	}
389
390	if (bcsp->rxack != seqno)
391		BT_ERR("Peer acked invalid packet");
392
393	BT_DBG("Removing %u pkts out of %u, up to seqno %u",
394		pkts_to_be_removed, bcsp->unack.qlen, (seqno - 1) & 0x07);
395
396	for (i = 0, skb = ((struct sk_buff *) &bcsp->unack)->next; i < pkts_to_be_removed
397			&& skb != (struct sk_buff *) &bcsp->unack; i++) {
398		struct sk_buff *nskb;
399
400		nskb = skb->next;
401		__skb_unlink(skb, &bcsp->unack);
402		kfree_skb(skb);
403		skb = nskb;
404	}
405
406	if (bcsp->unack.qlen == 0)
407		del_timer(&bcsp->tbcsp);
408
409	spin_unlock_irqrestore(&bcsp->unack.lock, flags);
410
411	if (i != pkts_to_be_removed)
412		BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
413}
414
415/* Handle BCSP link-establishment packets. When we
416   detect a "sync" packet, symptom that the BT module has reset,
417   we do nothing :) (yet) */
418static void bcsp_handle_le_pkt(struct hci_uart *hu)
419{
420	struct bcsp_struct *bcsp = hu->priv;
421	u8 conf_pkt[4]     = { 0xad, 0xef, 0xac, 0xed };
422	u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
423	u8 sync_pkt[4]     = { 0xda, 0xdc, 0xed, 0xed };
424
425	/* spot "conf" pkts and reply with a "conf rsp" pkt */
426	if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
427			!memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
428		struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
429
430		BT_DBG("Found a LE conf pkt");
431		if (!nskb)
432			return;
433		memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
434		bt_cb(nskb)->pkt_type = BCSP_LE_PKT;
435
436		skb_queue_head(&bcsp->unrel, nskb);
437		hci_uart_tx_wakeup(hu);
438	}
439	/* Spot "sync" pkts. If we find one...disaster! */
440	else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
441			!memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
442		BT_ERR("Found a LE sync pkt, card has reset");
443	}
444}
445
446static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
447{
448	const u8 c0 = 0xc0, db = 0xdb;
449
450	switch (bcsp->rx_esc_state) {
451	case BCSP_ESCSTATE_NOESC:
452		switch (byte) {
453		case 0xdb:
454			bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
455			break;
456		default:
457			memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
458			if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
459					bcsp->rx_state != BCSP_W4_CRC)
460				bcsp_crc_update(&bcsp->message_crc, byte);
461			bcsp->rx_count--;
462		}
463		break;
464
465	case BCSP_ESCSTATE_ESC:
466		switch (byte) {
467		case 0xdc:
468			memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
469			if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
470					bcsp->rx_state != BCSP_W4_CRC)
471				bcsp_crc_update(&bcsp-> message_crc, 0xc0);
472			bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
473			bcsp->rx_count--;
474			break;
475
476		case 0xdd:
477			memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
478			if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
479					bcsp->rx_state != BCSP_W4_CRC)
480				bcsp_crc_update(&bcsp-> message_crc, 0xdb);
481			bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
482			bcsp->rx_count--;
483			break;
484
485		default:
486			BT_ERR ("Invalid byte %02x after esc byte", byte);
487			kfree_skb(bcsp->rx_skb);
488			bcsp->rx_skb = NULL;
489			bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
490			bcsp->rx_count = 0;
491		}
492	}
493}
494
495static void bcsp_complete_rx_pkt(struct hci_uart *hu)
496{
497	struct bcsp_struct *bcsp = hu->priv;
498	int pass_up;
499
500	if (bcsp->rx_skb->data[0] & 0x80) {	/* reliable pkt */
501		BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
502		bcsp->rxseq_txack++;
503		bcsp->rxseq_txack %= 0x8;
504		bcsp->txack_req    = 1;
505
506		/* If needed, transmit an ack pkt */
507		hci_uart_tx_wakeup(hu);
508	}
509
510	bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
511	BT_DBG("Request for pkt %u from card", bcsp->rxack);
512
513	bcsp_pkt_cull(bcsp);
514	if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
515			bcsp->rx_skb->data[0] & 0x80) {
516		bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT;
517		pass_up = 1;
518	} else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
519			bcsp->rx_skb->data[0] & 0x80) {
520		bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
521		pass_up = 1;
522	} else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
523		bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT;
524		pass_up = 1;
525	} else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
526			!(bcsp->rx_skb->data[0] & 0x80)) {
527		bcsp_handle_le_pkt(hu);
528		pass_up = 0;
529	} else
530		pass_up = 0;
531
532	if (!pass_up) {
533		struct hci_event_hdr hdr;
534		u8 desc = (bcsp->rx_skb->data[1] & 0x0f);
535
536		if (desc != 0 && desc != 1) {
537			if (hciextn) {
538				desc |= 0xc0;
539				skb_pull(bcsp->rx_skb, 4);
540				memcpy(skb_push(bcsp->rx_skb, 1), &desc, 1);
541
542				hdr.evt = 0xff;
543				hdr.plen = bcsp->rx_skb->len;
544				memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
545				bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
546
547				hci_recv_frame(bcsp->rx_skb);
548			} else {
549				BT_ERR ("Packet for unknown channel (%u %s)",
550					bcsp->rx_skb->data[1] & 0x0f,
551					bcsp->rx_skb->data[0] & 0x80 ?
552					"reliable" : "unreliable");
553				kfree_skb(bcsp->rx_skb);
554			}
555		} else
556			kfree_skb(bcsp->rx_skb);
557	} else {
558		/* Pull out BCSP hdr */
559		skb_pull(bcsp->rx_skb, 4);
560
561		hci_recv_frame(bcsp->rx_skb);
562	}
563
564	bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
565	bcsp->rx_skb = NULL;
566}
567
568/* Recv data */
569static int bcsp_recv(struct hci_uart *hu, void *data, int count)
570{
571	struct bcsp_struct *bcsp = hu->priv;
572	register unsigned char *ptr;
573
574	BT_DBG("hu %p count %d rx_state %d rx_count %ld",
575		hu, count, bcsp->rx_state, bcsp->rx_count);
576
577	ptr = data;
578	while (count) {
579		if (bcsp->rx_count) {
580			if (*ptr == 0xc0) {
581				BT_ERR("Short BCSP packet");
582				kfree_skb(bcsp->rx_skb);
583				bcsp->rx_state = BCSP_W4_PKT_START;
584				bcsp->rx_count = 0;
585			} else
586				bcsp_unslip_one_byte(bcsp, *ptr);
587
588			ptr++; count--;
589			continue;
590		}
591
592		switch (bcsp->rx_state) {
593		case BCSP_W4_BCSP_HDR:
594			if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
595					bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
596				BT_ERR("Error in BCSP hdr checksum");
597				kfree_skb(bcsp->rx_skb);
598				bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
599				bcsp->rx_count = 0;
600				continue;
601			}
602			if (bcsp->rx_skb->data[0] & 0x80	/* reliable pkt */
603			    		&& (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
604				BT_ERR ("Out-of-order packet arrived, got %u expected %u",
605					bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
606
607				kfree_skb(bcsp->rx_skb);
608				bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
609				bcsp->rx_count = 0;
610				continue;
611			}
612			bcsp->rx_state = BCSP_W4_DATA;
613			bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
614					(bcsp->rx_skb->data[2] << 4);	/* May be 0 */
615			continue;
616
617		case BCSP_W4_DATA:
618			if (bcsp->rx_skb->data[0] & 0x40) {	/* pkt with crc */
619				bcsp->rx_state = BCSP_W4_CRC;
620				bcsp->rx_count = 2;
621			} else
622				bcsp_complete_rx_pkt(hu);
623			continue;
624
625		case BCSP_W4_CRC:
626			if (bcsp_crc_reverse(bcsp->message_crc) !=
627					(bcsp->rx_skb->data[bcsp->rx_skb->len - 2] << 8) +
628					bcsp->rx_skb->data[bcsp->rx_skb->len - 1]) {
629
630				BT_ERR ("Checksum failed: computed %04x received %04x",
631					bcsp_crc_reverse(bcsp->message_crc),
632					(bcsp->rx_skb-> data[bcsp->rx_skb->len - 2] << 8) +
633					bcsp->rx_skb->data[bcsp->rx_skb->len - 1]);
634
635				kfree_skb(bcsp->rx_skb);
636				bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
637				bcsp->rx_count = 0;
638				continue;
639			}
640			skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
641			bcsp_complete_rx_pkt(hu);
642			continue;
643
644		case BCSP_W4_PKT_DELIMITER:
645			switch (*ptr) {
646			case 0xc0:
647				bcsp->rx_state = BCSP_W4_PKT_START;
648				break;
649			default:
650				/*BT_ERR("Ignoring byte %02x", *ptr);*/
651				break;
652			}
653			ptr++; count--;
654			break;
655
656		case BCSP_W4_PKT_START:
657			switch (*ptr) {
658			case 0xc0:
659				ptr++; count--;
660				break;
661
662			default:
663				bcsp->rx_state = BCSP_W4_BCSP_HDR;
664				bcsp->rx_count = 4;
665				bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
666				BCSP_CRC_INIT(bcsp->message_crc);
667
668				/* Do not increment ptr or decrement count
669				 * Allocate packet. Max len of a BCSP pkt=
670				 * 0xFFF (payload) +4 (header) +2 (crc) */
671
672				bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
673				if (!bcsp->rx_skb) {
674					BT_ERR("Can't allocate mem for new packet");
675					bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
676					bcsp->rx_count = 0;
677					return 0;
678				}
679				bcsp->rx_skb->dev = (void *) hu->hdev;
680				break;
681			}
682			break;
683		}
684	}
685	return count;
686}
687
688	/* Arrange to retransmit all messages in the relq. */
689static void bcsp_timed_event(unsigned long arg)
690{
691	struct hci_uart *hu = (struct hci_uart *) arg;
692	struct bcsp_struct *bcsp = hu->priv;
693	struct sk_buff *skb;
694	unsigned long flags;
695
696	BT_DBG("hu %p retransmitting %u pkts", hu, bcsp->unack.qlen);
697
698	spin_lock_irqsave_nested(&bcsp->unack.lock, flags, SINGLE_DEPTH_NESTING);
699
700	while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
701		bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
702		skb_queue_head(&bcsp->rel, skb);
703	}
704
705	spin_unlock_irqrestore(&bcsp->unack.lock, flags);
706
707	hci_uart_tx_wakeup(hu);
708}
709
710static int bcsp_open(struct hci_uart *hu)
711{
712	struct bcsp_struct *bcsp;
713
714	BT_DBG("hu %p", hu);
715
716	bcsp = kzalloc(sizeof(*bcsp), GFP_ATOMIC);
717	if (!bcsp)
718		return -ENOMEM;
719
720	hu->priv = bcsp;
721	skb_queue_head_init(&bcsp->unack);
722	skb_queue_head_init(&bcsp->rel);
723	skb_queue_head_init(&bcsp->unrel);
724
725	init_timer(&bcsp->tbcsp);
726	bcsp->tbcsp.function = bcsp_timed_event;
727	bcsp->tbcsp.data     = (u_long) hu;
728
729	bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
730
731	if (txcrc)
732		bcsp->use_crc = 1;
733
734	return 0;
735}
736
737static int bcsp_close(struct hci_uart *hu)
738{
739	struct bcsp_struct *bcsp = hu->priv;
740	hu->priv = NULL;
741
742	BT_DBG("hu %p", hu);
743
744	skb_queue_purge(&bcsp->unack);
745	skb_queue_purge(&bcsp->rel);
746	skb_queue_purge(&bcsp->unrel);
747	del_timer(&bcsp->tbcsp);
748
749	kfree(bcsp);
750	return 0;
751}
752
753static struct hci_uart_proto bcsp = {
754	.id		= HCI_UART_BCSP,
755	.open		= bcsp_open,
756	.close		= bcsp_close,
757	.enqueue	= bcsp_enqueue,
758	.dequeue	= bcsp_dequeue,
759	.recv		= bcsp_recv,
760	.flush		= bcsp_flush
761};
762
763int bcsp_init(void)
764{
765	int err = hci_uart_register_proto(&bcsp);
766
767	if (!err)
768		BT_INFO("HCI BCSP protocol initialized");
769	else
770		BT_ERR("HCI BCSP protocol registration failed");
771
772	return err;
773}
774
775int bcsp_deinit(void)
776{
777	return hci_uart_unregister_proto(&bcsp);
778}
779
780module_param(txcrc, bool, 0644);
781MODULE_PARM_DESC(txcrc, "Transmit CRC with every BCSP packet");
782
783module_param(hciextn, bool, 0644);
784MODULE_PARM_DESC(hciextn, "Convert HCI Extensions into BCSP packets");
785