2 BlueCore Serial Protocol (BCSP) for Linux Bluetooth stack (BlueZ).
3 Copyright 2002 by Fabrizio Gennari <fabrizio.gennari@philips.com>
6 hci_h4.c by Maxim Krasnyansky <maxk@qualcomm.com>
7 ABCSP by Carl Orsborn <cjo@csr.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
28 * $Id: hci_bcsp.c,v 1.2 2002/09/26 05:05:14 maxk Exp $
33 #include <linux/config.h>
34 #include <linux/module.h>
36 #include <linux/config.h>
37 #include <linux/kernel.h>
38 #include <linux/init.h>
39 #include <linux/sched.h>
40 #include <linux/types.h>
41 #include <linux/fcntl.h>
42 #include <linux/interrupt.h>
43 #include <linux/ptrace.h>
44 #include <linux/poll.h>
46 #include <linux/slab.h>
47 #include <linux/tty.h>
48 #include <linux/errno.h>
49 #include <linux/string.h>
50 #include <linux/signal.h>
51 #include <linux/ioctl.h>
52 #include <linux/skbuff.h>
54 #include <net/bluetooth/bluetooth.h>
55 #include <net/bluetooth/hci_core.h>
59 #ifndef CONFIG_BT_HCIUART_DEBUG
61 #define BT_DBG( A... )
63 #define BT_DMP( A... )
66 /* ---- BCSP CRC calculation ---- */
68 /* Table for calculating CRC for polynomial 0x1021, LSB processed first,
69 initial value 0xffff, bits shifted in reverse order. */
71 static const u16 crc_table[] = {
72 0x0000, 0x1081, 0x2102, 0x3183,
73 0x4204, 0x5285, 0x6306, 0x7387,
74 0x8408, 0x9489, 0xa50a, 0xb58b,
75 0xc60c, 0xd68d, 0xe70e, 0xf78f
78 /* Initialise the crc calculator */
79 #define BCSP_CRC_INIT(x) x = 0xffff
82 Update crc with next data byte
85 The data byte is treated as two nibbles. The crc is generated
86 in reverse, i.e., bits are fed into the register from the top.
88 static void bcsp_crc_update(u16 *crc, u8 d)
92 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
93 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
99 Get reverse of generated crc
102 The crc generator (bcsp_crc_init() and bcsp_crc_update())
103 creates a reversed crc, so it needs to be swapped back before
106 static u16 bcsp_crc_reverse(u16 crc)
110 for (b = 0, rev = 0; b < 16; b++) {
118 /* ---- BCSP core ---- */
120 static void bcsp_slip_msgdelim(struct sk_buff *skb)
122 const char pkt_delim = 0xc0;
123 memcpy(skb_put(skb, 1), &pkt_delim, 1);
126 static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
128 const char esc_c0[2] = { 0xdb, 0xdc };
129 const char esc_db[2] = { 0xdb, 0xdd };
133 memcpy(skb_put(skb, 2), &esc_c0, 2);
136 memcpy(skb_put(skb, 2), &esc_db, 2);
139 memcpy(skb_put(skb, 1), &c, 1);
143 static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
145 struct bcsp_struct *bcsp = hu->priv;
147 if (skb->len > 0xFFF) {
148 BT_ERR("Packet too long");
153 switch (skb->pkt_type) {
154 case HCI_ACLDATA_PKT:
155 case HCI_COMMAND_PKT:
156 skb_queue_tail(&bcsp->rel, skb);
159 case HCI_SCODATA_PKT:
160 skb_queue_tail(&bcsp->unrel, skb);
164 BT_ERR("Unknown packet type");
171 static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
172 int len, int pkt_type)
174 struct sk_buff *nskb;
178 #ifdef CONFIG_BT_HCIUART_BCSP_TXCRC
179 u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
183 case HCI_ACLDATA_PKT:
184 chan = 6; /* BCSP ACL channel */
185 rel = 1; /* reliable channel */
187 case HCI_COMMAND_PKT:
188 chan = 5; /* BCSP cmd/evt channel */
189 rel = 1; /* reliable channel */
191 case HCI_SCODATA_PKT:
192 chan = 7; /* BCSP SCO channel */
193 rel = 0; /* unreliable channel */
196 chan = 1; /* BCSP LE channel */
197 rel = 0; /* unreliable channel */
200 chan = 0; /* BCSP internal channel */
201 rel = 0; /* unreliable channel */
204 BT_ERR("Unknown packet type");
208 /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
209 (because bytes 0xc0 and 0xdb are escaped, worst case is
210 when the packet is all made of 0xc0 and 0xdb :) )
211 + 2 (0xc0 delimiters at start and end). */
213 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
217 nskb->pkt_type = pkt_type;
219 bcsp_slip_msgdelim(nskb);
221 hdr[0] = bcsp->rxseq_txack << 3;
223 BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
226 hdr[0] |= 0x80 + bcsp->msgq_txseq;
227 BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
228 bcsp->msgq_txseq = ++(bcsp->msgq_txseq) & 0x07;
230 #ifdef CONFIG_BT_HCIUART_BCSP_TXCRC
234 hdr[1] = (len << 4) & 0xFF;
237 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
239 /* Put BCSP header */
240 for (i = 0; i < 4; i++) {
241 bcsp_slip_one_byte(nskb, hdr[i]);
242 #ifdef CONFIG_BT_HCIUART_BCSP_TXCRC
243 bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
248 for (i = 0; i < len; i++) {
249 bcsp_slip_one_byte(nskb, data[i]);
250 #ifdef CONFIG_BT_HCIUART_BCSP_TXCRC
251 bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
255 #ifdef CONFIG_BT_HCIUART_BCSP_TXCRC
257 bcsp_txmsg_crc = bcsp_crc_reverse(bcsp_txmsg_crc);
258 bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
259 bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
262 bcsp_slip_msgdelim(nskb);
266 /* This is a rewrite of pkt_avail in ABCSP */
267 static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
269 struct bcsp_struct *bcsp = (struct bcsp_struct *) hu->priv;
273 /* First of all, check for unreliable messages in the queue,
274 since they have priority */
276 if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) {
277 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, skb->pkt_type);
282 skb_queue_head(&bcsp->unrel, skb);
283 BT_ERR("Could not dequeue pkt because alloc_skb failed");
287 /* Now, try to send a reliable pkt. We can only send a
288 reliable packet if the number of packets sent but not yet ack'ed
289 is < than the winsize */
291 spin_lock_irqsave(&bcsp->unack.lock, flags);
293 if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) {
294 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, skb->pkt_type);
296 __skb_queue_tail(&bcsp->unack, skb);
297 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
298 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
301 skb_queue_head(&bcsp->rel, skb);
302 BT_ERR("Could not dequeue pkt because alloc_skb failed");
306 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
309 /* We could not send a reliable packet, either because there are
310 none or because there are too many unack'ed pkts. Did we receive
311 any packets we have not acknowledged yet ? */
313 if (bcsp->txack_req) {
314 /* if so, craft an empty ACK pkt and send it on BCSP unreliable
316 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
320 /* We have nothing to send */
324 static int bcsp_flush(struct hci_uart *hu)
330 /* Remove ack'ed packets */
331 static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
335 int i, pkts_to_be_removed;
338 spin_lock_irqsave(&bcsp->unack.lock, flags);
340 pkts_to_be_removed = bcsp->unack.qlen;
341 seqno = bcsp->msgq_txseq;
343 while (pkts_to_be_removed) {
344 if (bcsp->rxack == seqno)
346 pkts_to_be_removed--;
347 seqno = (seqno - 1) & 0x07;
350 if (bcsp->rxack != seqno)
351 BT_ERR("Peer acked invalid packet");
353 BT_DBG("Removing %u pkts out of %u, up to seqno %u",
354 pkts_to_be_removed, bcsp->unack.qlen, (seqno - 1) & 0x07);
356 for (i = 0, skb = ((struct sk_buff *) &bcsp->unack)->next; i < pkts_to_be_removed
357 && skb != (struct sk_buff *) &bcsp->unack; i++) {
358 struct sk_buff *nskb;
361 __skb_unlink(skb, &bcsp->unack);
365 if (bcsp->unack.qlen == 0)
366 del_timer(&bcsp->tbcsp);
367 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
369 if (i != pkts_to_be_removed)
370 BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
373 /* Handle BCSP link-establishment packets. When we
374 detect a "sync" packet, symptom that the BT module has reset,
375 we do nothing :) (yet) */
376 static void bcsp_handle_le_pkt(struct hci_uart *hu)
378 struct bcsp_struct *bcsp = hu->priv;
379 u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
380 u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
381 u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
383 /* spot "conf" pkts and reply with a "conf rsp" pkt */
384 if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
385 !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
386 struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
388 BT_DBG("Found a LE conf pkt");
391 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
392 nskb->pkt_type = BCSP_LE_PKT;
394 skb_queue_head(&bcsp->unrel, nskb);
395 hci_uart_tx_wakeup(hu);
397 /* Spot "sync" pkts. If we find one...disaster! */
398 else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
399 !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
400 BT_ERR("Found a LE sync pkt, card has reset");
404 static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
406 const u8 c0 = 0xc0, db = 0xdb;
408 switch (bcsp->rx_esc_state) {
409 case BCSP_ESCSTATE_NOESC:
412 bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
415 memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
416 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
417 bcsp->rx_state != BCSP_W4_CRC)
418 bcsp_crc_update(&bcsp->message_crc, byte);
423 case BCSP_ESCSTATE_ESC:
426 memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
427 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
428 bcsp->rx_state != BCSP_W4_CRC)
429 bcsp_crc_update(&bcsp-> message_crc, 0xc0);
430 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
435 memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
436 if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
437 bcsp->rx_state != BCSP_W4_CRC)
438 bcsp_crc_update(&bcsp-> message_crc, 0xdb);
439 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
444 BT_ERR ("Invalid byte %02x after esc byte", byte);
445 kfree_skb(bcsp->rx_skb);
447 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
453 static inline void bcsp_complete_rx_pkt(struct hci_uart *hu)
455 struct bcsp_struct *bcsp = hu->priv;
458 if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
459 BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
461 bcsp->rxseq_txack %= 0x8;
464 /* If needed, transmit an ack pkt */
465 hci_uart_tx_wakeup(hu);
468 bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
469 BT_DBG("Request for pkt %u from card", bcsp->rxack);
472 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
473 bcsp->rx_skb->data[0] & 0x80) {
474 bcsp->rx_skb->pkt_type = HCI_ACLDATA_PKT;
476 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
477 bcsp->rx_skb->data[0] & 0x80) {
478 bcsp->rx_skb->pkt_type = HCI_EVENT_PKT;
480 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
481 bcsp->rx_skb->pkt_type = HCI_SCODATA_PKT;
483 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
484 !(bcsp->rx_skb->data[0] & 0x80)) {
485 bcsp_handle_le_pkt(hu);
491 if ((bcsp->rx_skb->data[1] & 0x0f) != 0 &&
492 (bcsp->rx_skb->data[1] & 0x0f) != 1) {
493 BT_ERR ("Packet for unknown channel (%u %s)",
494 bcsp->rx_skb->data[1] & 0x0f,
495 bcsp->rx_skb->data[0] & 0x80 ?
496 "reliable" : "unreliable");
498 kfree_skb(bcsp->rx_skb);
500 /* Pull out BCSP hdr */
501 skb_pull(bcsp->rx_skb, 4);
503 hci_recv_frame(bcsp->rx_skb);
505 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
510 static int bcsp_recv(struct hci_uart *hu, void *data, int count)
512 struct bcsp_struct *bcsp = hu->priv;
513 register unsigned char *ptr;
515 BT_DBG("hu %p count %d rx_state %d rx_count %ld",
516 hu, count, bcsp->rx_state, bcsp->rx_count);
520 if (bcsp->rx_count) {
522 BT_ERR("Short BCSP packet");
523 kfree_skb(bcsp->rx_skb);
524 bcsp->rx_state = BCSP_W4_PKT_START;
527 bcsp_unslip_one_byte(bcsp, *ptr);
533 switch (bcsp->rx_state) {
534 case BCSP_W4_BCSP_HDR:
535 if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
536 bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
537 BT_ERR("Error in BCSP hdr checksum");
538 kfree_skb(bcsp->rx_skb);
539 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
543 if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */
544 && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
545 BT_ERR ("Out-of-order packet arrived, got %u expected %u",
546 bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
548 kfree_skb(bcsp->rx_skb);
549 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
553 bcsp->rx_state = BCSP_W4_DATA;
554 bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
555 (bcsp->rx_skb->data[2] << 4); /* May be 0 */
559 if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
560 bcsp->rx_state = BCSP_W4_CRC;
563 bcsp_complete_rx_pkt(hu);
567 if (bcsp_crc_reverse(bcsp->message_crc) !=
568 (bcsp->rx_skb->data[bcsp->rx_skb->len - 2] << 8) +
569 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]) {
571 BT_ERR ("Checksum failed: computed %04x received %04x",
572 bcsp_crc_reverse(bcsp->message_crc),
573 (bcsp->rx_skb-> data[bcsp->rx_skb->len - 2] << 8) +
574 bcsp->rx_skb->data[bcsp->rx_skb->len - 1]);
576 kfree_skb(bcsp->rx_skb);
577 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
581 skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
582 bcsp_complete_rx_pkt(hu);
585 case BCSP_W4_PKT_DELIMITER:
588 bcsp->rx_state = BCSP_W4_PKT_START;
591 /*BT_ERR("Ignoring byte %02x", *ptr);*/
597 case BCSP_W4_PKT_START:
604 bcsp->rx_state = BCSP_W4_BCSP_HDR;
606 bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
607 BCSP_CRC_INIT(bcsp->message_crc);
609 /* Do not increment ptr or decrement count
610 * Allocate packet. Max len of a BCSP pkt=
611 * 0xFFF (payload) +4 (header) +2 (crc) */
613 bcsp->rx_skb = bt_skb_alloc(0x1005, GFP_ATOMIC);
615 BT_ERR("Can't allocate mem for new packet");
616 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
620 bcsp->rx_skb->dev = (void *) hu->hdev;
629 /* Arrange to retransmit all messages in the relq. */
630 static void bcsp_timed_event(unsigned long arg)
632 struct hci_uart *hu = (struct hci_uart *) arg;
633 struct bcsp_struct *bcsp = (struct bcsp_struct *) hu->priv;
637 BT_ERR("Timeout, retransmitting %u pkts", bcsp->unack.qlen);
638 spin_lock_irqsave(&bcsp->unack.lock, flags);
640 while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
641 bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
642 skb_queue_head(&bcsp->rel, skb);
645 spin_unlock_irqrestore(&bcsp->unack.lock, flags);
647 hci_uart_tx_wakeup(hu);
650 static int bcsp_open(struct hci_uart *hu)
652 struct bcsp_struct *bcsp;
656 bcsp = kmalloc(sizeof(*bcsp), GFP_ATOMIC);
659 memset(bcsp, 0, sizeof(*bcsp));
662 skb_queue_head_init(&bcsp->unack);
663 skb_queue_head_init(&bcsp->rel);
664 skb_queue_head_init(&bcsp->unrel);
666 init_timer(&bcsp->tbcsp);
667 bcsp->tbcsp.function = bcsp_timed_event;
668 bcsp->tbcsp.data = (u_long) hu;
670 bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
675 static int bcsp_close(struct hci_uart *hu)
677 struct bcsp_struct *bcsp = hu->priv;
682 skb_queue_purge(&bcsp->unack);
683 skb_queue_purge(&bcsp->rel);
684 skb_queue_purge(&bcsp->unrel);
685 del_timer(&bcsp->tbcsp);
691 static struct hci_uart_proto bcsp = {
695 .enqueue = bcsp_enqueue,
696 .dequeue = bcsp_dequeue,
703 int err = hci_uart_register_proto(&bcsp);
705 BT_INFO("HCI BCSP protocol initialized");
707 BT_ERR("HCI BCSP protocol registration failed");
712 int bcsp_deinit(void)
714 return hci_uart_unregister_proto(&bcsp);