2 BlueCore Serial Protocol (BCSP) for Linux Bluetooth stack (BlueZ).
3 Copyright 2002 by Fabrizio Gennari <fabrizio.gennari@philips.com>
6 hci_h4.c by Maxim Krasnyansky <maxk@qualcomm.com>
7 ABCSP by Carl Orsborn <cjo@csr.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
28 * $Id: hci_bcsp.c,v 1.1.1.1 2005/04/11 02:50:17 jack Exp $
33 #include <linux/config.h>
34 #include <linux/module.h>
36 #include <linux/version.h>
37 #include <linux/config.h>
38 #include <linux/kernel.h>
39 #include <linux/init.h>
40 #include <linux/sched.h>
41 #include <linux/types.h>
42 #include <linux/fcntl.h>
43 #include <linux/interrupt.h>
44 #include <linux/ptrace.h>
45 #include <linux/poll.h>
47 #include <linux/slab.h>
48 #include <linux/tty.h>
49 #include <linux/errno.h>
50 #include <linux/string.h>
51 #include <linux/signal.h>
52 #include <linux/ioctl.h>
53 #include <linux/skbuff.h>
55 #include <net/bluetooth/bluetooth.h>
56 #include <net/bluetooth/hci_core.h>
60 #ifndef HCI_UART_DEBUG
62 #define BT_DBG( A... )
64 #define BT_DMP( A... )
67 /* ---- BCSP CRC calculation ---- */
69 /* Table for calculating CRC for polynomial 0x1021, LSB processed first,
70 initial value 0xffff, bits shifted in reverse order. */
72 static const u16 crc_table[] = {
73 0x0000, 0x1081, 0x2102, 0x3183,
74 0x4204, 0x5285, 0x6306, 0x7387,
75 0x8408, 0x9489, 0xa50a, 0xb58b,
76 0xc60c, 0xd68d, 0xe70e, 0xf78f
79 /* Initialise the crc calculator */
80 #define BCSP_CRC_INIT(x) x = 0xffff
83 Update crc with next data byte
86 The data byte is treated as two nibbles. The crc is generated
87 in reverse, i.e., bits are fed into the register from the top.
89 static void bcsp_crc_update(u16 *crc, u8 d)
93 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
94 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
100 Get reverse of generated crc
103 The crc generator (bcsp_crc_init() and bcsp_crc_update())
104 creates a reversed crc, so it needs to be swapped back before
107 static u16 bcsp_crc_reverse(u16 crc)
111 for (b = 0, rev = 0; b < 16; b++) {
119 /* ---- BCSP core ---- */
121 static void bcsp_slip_msgdelim(struct sk_buff *skb)
123 const char pkt_delim = 0xc0;
124 memcpy(skb_put(skb, 1), &pkt_delim, 1);
127 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
129 const char esc_c0[2] = { 0xdb, 0xdc };
130 const char esc_db[2] = { 0xdb, 0xdd };
134 memcpy(skb_put(skb, 2), &esc_c0, 2);
137 memcpy(skb_put(skb, 2), &esc_db, 2);
140 memcpy(skb_put(skb, 1), &c, 1);
144 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
146 struct bcsp_struct *bcsp = hu->priv;
148 if (skb->len > 0xFFF) {
149 BT_ERR("Packet too long");
154 switch (skb->pkt_type) {
155 case HCI_ACLDATA_PKT:
156 case HCI_COMMAND_PKT:
157 skb_queue_tail(&bcsp->rel, skb);
160 case HCI_SCODATA_PKT:
161 skb_queue_tail(&bcsp->unrel, skb);
165 BT_ERR("Unknown packet type");
172 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
173 int len, int pkt_type)
175 struct sk_buff *nskb;
179 #ifdef CONFIG_BLUEZ_HCIUART_BCSP_TXCRC
180 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
184 case HCI_ACLDATA_PKT:
185 chan = 6; /* BCSP ACL channel */
186 rel = 1; /* reliable channel */
188 case HCI_COMMAND_PKT:
189 chan = 5; /* BCSP cmd/evt channel */
190 rel = 1; /* reliable channel */
192 case HCI_SCODATA_PKT:
193 chan = 7; /* BCSP SCO channel */
194 rel = 0; /* unreliable channel */
197 chan = 1; /* BCSP LE channel */
198 rel = 0; /* unreliable channel */
201 chan = 0; /* BCSP internal channel */
202 rel = 0; /* unreliable channel */
205 BT_ERR("Unknown packet type");
209 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
210 (because bytes 0xc0 and 0xdb are escaped, worst case is
211 when the packet is all made of 0xc0 and 0xdb :) )
212 + 2 (0xc0 delimiters at start and end). */
214 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
218 nskb->pkt_type = pkt_type;
220 bcsp_slip_msgdelim(nskb);
222 hdr[0] = bcsp->rxseq_txack << 3;
224 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
227 hdr[0] |= 0x80 + bcsp->msgq_txseq;
228 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
229 bcsp->msgq_txseq = ++(bcsp->msgq_txseq) & 0x07;
231 #ifdef CONFIG_BLUEZ_HCIUART_BCSP_TXCRC
235 hdr[1] = (len << 4) & 0xFF;
238 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
240 /* Put BCSP header */
241 for (i = 0; i < 4; i++) {
242 bcsp_slip_one_byte(nskb, hdr[i]);
243 #ifdef CONFIG_BLUEZ_HCIUART_BCSP_TXCRC
244 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
249 for (i = 0; i < len; i++) {
250 bcsp_slip_one_byte(nskb, data[i]);
251 #ifdef CONFIG_BLUEZ_HCIUART_BCSP_TXCRC
252 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
256 #ifdef CONFIG_BLUEZ_HCIUART_BCSP_TXCRC
258 bcsp_txmsg_crc = bcsp_crc_reverse(bcsp_txmsg_crc);
259 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
260 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
263 bcsp_slip_msgdelim(nskb);
267 /* This is a rewrite of pkt_avail in ABCSP */
268 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
270 struct bcsp_struct *bcsp = (struct bcsp_struct *) hu->priv;
274 /* First of all, check for unreliable messages in the queue,
275 since they have priority */
277 if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) {
278 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, skb->pkt_type);
283 skb_queue_head(&bcsp->unrel, skb);
284 BT_ERR("Could not dequeue pkt because alloc_skb failed");
288 /* Now, try to send a reliable pkt. We can only send a
289 reliable packet if the number of packets sent but not yet ack'ed
290 is < than the winsize */
292 spin_lock_irqsave(&bcsp->unack.lock, flags);
294 if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) {
295 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, skb->pkt_type);
297 __skb_queue_tail(&bcsp->unack, skb);
298 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
299 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
302 skb_queue_head(&bcsp->rel, skb);
303 BT_ERR("Could not dequeue pkt because alloc_skb failed");
307 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
310 /* We could not send a reliable packet, either because there are
311 none or because there are too many unack'ed pkts. Did we receive
312 any packets we have not acknowledged yet ? */
314 if (bcsp->txack_req) {
315 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
317 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
321 /* We have nothing to send */
325 static int bcsp_flush(struct hci_uart *hu)
331 /* Remove ack'ed packets */
332 static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
336 int i, pkts_to_be_removed;
339 spin_lock_irqsave(&bcsp->unack.lock, flags);
341 pkts_to_be_removed = bcsp->unack.qlen;
342 seqno = bcsp->msgq_txseq;
344 while (pkts_to_be_removed) {
345 if (bcsp->rxack == seqno)
347 pkts_to_be_removed--;
348 seqno = (seqno - 1) & 0x07;
351 if (bcsp->rxack != seqno)
352 BT_ERR("Peer acked invalid packet");
354 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
355 pkts_to_be_removed, bcsp->unack.qlen, (seqno - 1) & 0x07);
357 for (i = 0, skb = ((struct sk_buff *) &bcsp->unack)->next; i < pkts_to_be_removed
358 && skb != (struct sk_buff *) &bcsp->unack; i++) {
359 struct sk_buff *nskb;
362 __skb_unlink(skb, &bcsp->unack);
366 if (bcsp->unack.qlen == 0)
367 del_timer(&bcsp->tbcsp);
368 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
370 if (i != pkts_to_be_removed)
371 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
374 /* Handle BCSP link-establishment packets. When we
375 detect a "sync" packet, symptom that the BT module has reset,
376 we do nothing :) (yet) */
377 static void bcsp_handle_le_pkt(struct hci_uart *hu)
379 struct bcsp_struct *bcsp = hu->priv;
380 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
381 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
382 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
384 /* spot "conf" pkts and reply with a "conf rsp" pkt */
385 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
386 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
387 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
389 BT_DBG("Found a LE conf pkt");
392 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
393 nskb->pkt_type = BCSP_LE_PKT;
395 skb_queue_head(&bcsp->unrel, nskb);
396 hci_uart_tx_wakeup(hu);
398 /* Spot "sync" pkts. If we find one...disaster! */
399 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
400 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
401 BT_ERR("Found a LE sync pkt, card has reset");
405 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
407 const u8 c0 = 0xc0, db = 0xdb;
409 switch (bcsp->rx_esc_state) {
410 case BCSP_ESCSTATE_NOESC:
413 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
416 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
417 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
418 bcsp->rx_state != BCSP_W4_CRC)
419 bcsp_crc_update(&bcsp->message_crc, byte);
424 case BCSP_ESCSTATE_ESC:
427 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
428 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
429 bcsp->rx_state != BCSP_W4_CRC)
430 bcsp_crc_update(&bcsp-> message_crc, 0xc0);
431 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
436 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
437 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
438 bcsp->rx_state != BCSP_W4_CRC)
439 bcsp_crc_update(&bcsp-> message_crc, 0xdb);
440 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
445 BT_ERR ("Invalid byte %02x after esc byte", byte);
446 kfree_skb(bcsp->rx_skb);
448 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
454 static inline void bcsp_complete_rx_pkt(struct hci_uart *hu)
456 struct bcsp_struct *bcsp = hu->priv;
459 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
460 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
462 bcsp->rxseq_txack %= 0x8;
465 /* If needed, transmit an ack pkt */
466 hci_uart_tx_wakeup(hu);
469 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
470 BT_DBG("Request for pkt %u from card", bcsp->rxack);
473 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
474 bcsp->rx_skb->data[0] & 0x80) {
475 bcsp->rx_skb->pkt_type = HCI_ACLDATA_PKT;
477 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
478 bcsp->rx_skb->data[0] & 0x80) {
479 bcsp->rx_skb->pkt_type = HCI_EVENT_PKT;
481 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
482 bcsp->rx_skb->pkt_type = HCI_SCODATA_PKT;
484 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
485 !(bcsp->rx_skb->data[0] & 0x80)) {
486 bcsp_handle_le_pkt(hu);
492 if ((bcsp->rx_skb->data[1] & 0x0f) != 0 &&
493 (bcsp->rx_skb->data[1] & 0x0f) != 1) {
494 BT_ERR ("Packet for unknown channel (%u %s)",
495 bcsp->rx_skb->data[1] & 0x0f,
496 bcsp->rx_skb->data[0] & 0x80 ?
497 "reliable" : "unreliable");
499 kfree_skb(bcsp->rx_skb);
501 /* Pull out BCSP hdr */
502 skb_pull(bcsp->rx_skb, 4);
504 hci_recv_frame(bcsp->rx_skb);
506 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
511 static int bcsp_recv(struct hci_uart *hu, void *data, int count)
513 struct bcsp_struct *bcsp = hu->priv;
514 register unsigned char *ptr;
516 BT_DBG("hu %p count %d rx_state %ld rx_count %ld",
517 hu, count, bcsp->rx_state, bcsp->rx_count);
521 if (bcsp->rx_count) {
523 BT_ERR("Short BCSP packet");
524 kfree_skb(bcsp->rx_skb);
525 bcsp->rx_state = BCSP_W4_PKT_START;
528 bcsp_unslip_one_byte(bcsp, *ptr);
534 switch (bcsp->rx_state) {
535 case BCSP_W4_BCSP_HDR:
536 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
537 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
538 BT_ERR("Error in BCSP hdr checksum");
539 kfree_skb(bcsp->rx_skb);
540 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
544 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */
545 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
546 BT_ERR ("Out-of-order packet arrived, got %u expected %u",
547 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
549 kfree_skb(bcsp->rx_skb);
550 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
554 bcsp->rx_state = BCSP_W4_DATA;
555 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
556 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
560 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
561 bcsp->rx_state = BCSP_W4_CRC;
564 bcsp_complete_rx_pkt(hu);
568 if (bcsp_crc_reverse(bcsp->message_crc) !=
569 (bcsp->rx_skb->data[bcsp->rx_skb->len - 2] << 8) +
570 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]) {
572 BT_ERR ("Checksum failed: computed %04x received %04x",
573 bcsp_crc_reverse(bcsp->message_crc),
574 (bcsp->rx_skb-> data[bcsp->rx_skb->len - 2] << 8) +
575 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]);
577 kfree_skb(bcsp->rx_skb);
578 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
582 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
583 bcsp_complete_rx_pkt(hu);
586 case BCSP_W4_PKT_DELIMITER:
589 bcsp->rx_state = BCSP_W4_PKT_START;
592 /*BT_ERR("Ignoring byte %02x", *ptr);*/
598 case BCSP_W4_PKT_START:
605 bcsp->rx_state = BCSP_W4_BCSP_HDR;
607 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
608 BCSP_CRC_INIT(bcsp->message_crc);
610 /* Do not increment ptr or decrement count
611 * Allocate packet. Max len of a BCSP pkt=
612 * 0xFFF (payload) +4 (header) +2 (crc) */
614 bcsp->rx_skb = bluez_skb_alloc(0x1005, GFP_ATOMIC);
616 BT_ERR("Can't allocate mem for new packet");
617 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
621 bcsp->rx_skb->dev = (void *) &hu->hdev;
630 /* Arrange to retransmit all messages in the relq. */
631 static void bcsp_timed_event(unsigned long arg)
633 struct hci_uart *hu = (struct hci_uart *) arg;
634 struct bcsp_struct *bcsp = (struct bcsp_struct *) hu->priv;
638 BT_ERR("Timeout, retransmitting %u pkts", bcsp->unack.qlen);
639 spin_lock_irqsave(&bcsp->unack.lock, flags);
641 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
642 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
643 skb_queue_head(&bcsp->rel, skb);
646 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
648 hci_uart_tx_wakeup(hu);
651 static int bcsp_open(struct hci_uart *hu)
653 struct bcsp_struct *bcsp;
657 bcsp = kmalloc(sizeof(*bcsp), GFP_ATOMIC);
660 memset(bcsp, 0, sizeof(*bcsp));
663 skb_queue_head_init(&bcsp->unack);
664 skb_queue_head_init(&bcsp->rel);
665 skb_queue_head_init(&bcsp->unrel);
667 init_timer(&bcsp->tbcsp);
668 bcsp->tbcsp.function = bcsp_timed_event;
669 bcsp->tbcsp.data = (u_long) hu;
671 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
676 static int bcsp_close(struct hci_uart *hu)
678 struct bcsp_struct *bcsp = hu->priv;
683 skb_queue_purge(&bcsp->unack);
684 skb_queue_purge(&bcsp->rel);
685 skb_queue_purge(&bcsp->unrel);
686 del_timer(&bcsp->tbcsp);
692 static struct hci_uart_proto bcsp = {
696 enqueue: bcsp_enqueue,
697 dequeue: bcsp_dequeue,
704 return hci_uart_register_proto(&bcsp);
707 int bcsp_deinit(void)
709 return hci_uart_unregister_proto(&bcsp);