1/*
2 *  Texas Instruments' Bluetooth HCILL UART protocol
3 *
4 *  HCILL (HCI Low Level) is a Texas Instruments' power management
5 *  protocol extension to H4.
6 *
7 *  Copyright (C) 2007 Texas Instruments, Inc.
8 *
9 *  Written by Ohad Ben-Cohen <ohad@bencohen.org>
10 *
11 *  Acknowledgements:
12 *  This file is based on hci_h4.c, which was written
13 *  by Maxim Krasnyansky and Marcel Holtmann.
14 *
15 *  This program is free software; you can redistribute it and/or modify
16 *  it under the terms of the GNU General Public License version 2
17 *  as published by the Free Software Foundation
18 *
19 *  This program is distributed in the hope that it will be useful,
20 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
21 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
22 *  GNU General Public License for more details.
23 *
24 *  You should have received a copy of the GNU General Public License
25 *  along with this program; if not, write to the Free Software
26 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
27 *
28 */
29
30#include <linux/module.h>
31#include <linux/kernel.h>
32
33#include <linux/init.h>
34#include <linux/sched.h>
35#include <linux/types.h>
36#include <linux/fcntl.h>
37#include <linux/interrupt.h>
38#include <linux/ptrace.h>
39#include <linux/poll.h>
40
41#include <linux/slab.h>
42#include <linux/tty.h>
43#include <linux/errno.h>
44#include <linux/string.h>
45#include <linux/signal.h>
46#include <linux/ioctl.h>
47#include <linux/skbuff.h>
48
49#include <net/bluetooth/bluetooth.h>
50#include <net/bluetooth/hci_core.h>
51
52#include "hci_uart.h"
53
54/* HCILL commands */
55#define HCILL_GO_TO_SLEEP_IND	0x30
56#define HCILL_GO_TO_SLEEP_ACK	0x31
57#define HCILL_WAKE_UP_IND	0x32
58#define HCILL_WAKE_UP_ACK	0x33
59
60/* HCILL receiver States */
61#define HCILL_W4_PACKET_TYPE	0
62#define HCILL_W4_EVENT_HDR	1
63#define HCILL_W4_ACL_HDR	2
64#define HCILL_W4_SCO_HDR	3
65#define HCILL_W4_DATA		4
66
67/* HCILL states */
68enum hcill_states_e {
69	HCILL_ASLEEP,
70	HCILL_ASLEEP_TO_AWAKE,
71	HCILL_AWAKE,
72	HCILL_AWAKE_TO_ASLEEP
73};
74
75struct hcill_cmd {
76	u8 cmd;
77} __packed;
78
79struct ll_struct {
80	unsigned long rx_state;
81	unsigned long rx_count;
82	struct sk_buff *rx_skb;
83	struct sk_buff_head txq;
84	spinlock_t hcill_lock;		/* HCILL state lock	*/
85	unsigned long hcill_state;	/* HCILL power state	*/
86	struct sk_buff_head tx_wait_q;	/* HCILL wait queue	*/
87};
88
89/*
90 * Builds and sends an HCILL command packet.
91 * These are very simple packets with only 1 cmd byte
92 */
93static int send_hcill_cmd(u8 cmd, struct hci_uart *hu)
94{
95	int err = 0;
96	struct sk_buff *skb = NULL;
97	struct ll_struct *ll = hu->priv;
98	struct hcill_cmd *hcill_packet;
99
100	BT_DBG("hu %p cmd 0x%x", hu, cmd);
101
102	/* allocate packet */
103	skb = bt_skb_alloc(1, GFP_ATOMIC);
104	if (!skb) {
105		BT_ERR("cannot allocate memory for HCILL packet");
106		err = -ENOMEM;
107		goto out;
108	}
109
110	/* prepare packet */
111	hcill_packet = (struct hcill_cmd *) skb_put(skb, 1);
112	hcill_packet->cmd = cmd;
113
114	/* send packet */
115	skb_queue_tail(&ll->txq, skb);
116out:
117	return err;
118}
119
120/* Initialize protocol */
121static int ll_open(struct hci_uart *hu)
122{
123	struct ll_struct *ll;
124
125	BT_DBG("hu %p", hu);
126
127	ll = kzalloc(sizeof(*ll), GFP_KERNEL);
128	if (!ll)
129		return -ENOMEM;
130
131	skb_queue_head_init(&ll->txq);
132	skb_queue_head_init(&ll->tx_wait_q);
133	spin_lock_init(&ll->hcill_lock);
134
135	ll->hcill_state = HCILL_AWAKE;
136
137	hu->priv = ll;
138
139	return 0;
140}
141
142/* Flush protocol data */
143static int ll_flush(struct hci_uart *hu)
144{
145	struct ll_struct *ll = hu->priv;
146
147	BT_DBG("hu %p", hu);
148
149	skb_queue_purge(&ll->tx_wait_q);
150	skb_queue_purge(&ll->txq);
151
152	return 0;
153}
154
155/* Close protocol */
156static int ll_close(struct hci_uart *hu)
157{
158	struct ll_struct *ll = hu->priv;
159
160	BT_DBG("hu %p", hu);
161
162	skb_queue_purge(&ll->tx_wait_q);
163	skb_queue_purge(&ll->txq);
164
165	kfree_skb(ll->rx_skb);
166
167	hu->priv = NULL;
168
169	kfree(ll);
170
171	return 0;
172}
173
174/*
175 * internal function, which does common work of the device wake up process:
176 * 1. places all pending packets (waiting in tx_wait_q list) in txq list.
177 * 2. changes internal state to HCILL_AWAKE.
178 * Note: assumes that hcill_lock spinlock is taken,
179 * shouldn't be called otherwise!
180 */
181static void __ll_do_awake(struct ll_struct *ll)
182{
183	struct sk_buff *skb = NULL;
184
185	while ((skb = skb_dequeue(&ll->tx_wait_q)))
186		skb_queue_tail(&ll->txq, skb);
187
188	ll->hcill_state = HCILL_AWAKE;
189}
190
191/*
192 * Called upon a wake-up-indication from the device
193 */
194static void ll_device_want_to_wakeup(struct hci_uart *hu)
195{
196	unsigned long flags;
197	struct ll_struct *ll = hu->priv;
198
199	BT_DBG("hu %p", hu);
200
201	/* lock hcill state */
202	spin_lock_irqsave(&ll->hcill_lock, flags);
203
204	switch (ll->hcill_state) {
205	case HCILL_ASLEEP_TO_AWAKE:
206		/*
207		 * This state means that both the host and the BRF chip
208		 * have simultaneously sent a wake-up-indication packet.
209		 * Traditionally, in this case, receiving a wake-up-indication
210		 * was enough and an additional wake-up-ack wasn't needed.
211		 * This has changed with the BRF6350, which does require an
212		 * explicit wake-up-ack. Other BRF versions, which do not
213		 * require an explicit ack here, do accept it, thus it is
214		 * perfectly safe to always send one.
215		 */
216		BT_DBG("dual wake-up-indication");
217		/* deliberate fall-through - do not add break */
218	case HCILL_ASLEEP:
219		/* acknowledge device wake up */
220		if (send_hcill_cmd(HCILL_WAKE_UP_ACK, hu) < 0) {
221			BT_ERR("cannot acknowledge device wake up");
222			goto out;
223		}
224		break;
225	default:
226		/* any other state is illegal */
227		BT_ERR("received HCILL_WAKE_UP_IND in state %ld", ll->hcill_state);
228		break;
229	}
230
231	/* send pending packets and change state to HCILL_AWAKE */
232	__ll_do_awake(ll);
233
234out:
235	spin_unlock_irqrestore(&ll->hcill_lock, flags);
236
237	/* actually send the packets */
238	hci_uart_tx_wakeup(hu);
239}
240
241/*
242 * Called upon a sleep-indication from the device
243 */
244static void ll_device_want_to_sleep(struct hci_uart *hu)
245{
246	unsigned long flags;
247	struct ll_struct *ll = hu->priv;
248
249	BT_DBG("hu %p", hu);
250
251	/* lock hcill state */
252	spin_lock_irqsave(&ll->hcill_lock, flags);
253
254	/* sanity check */
255	if (ll->hcill_state != HCILL_AWAKE)
256		BT_ERR("ERR: HCILL_GO_TO_SLEEP_IND in state %ld", ll->hcill_state);
257
258	/* acknowledge device sleep */
259	if (send_hcill_cmd(HCILL_GO_TO_SLEEP_ACK, hu) < 0) {
260		BT_ERR("cannot acknowledge device sleep");
261		goto out;
262	}
263
264	/* update state */
265	ll->hcill_state = HCILL_ASLEEP;
266
267out:
268	spin_unlock_irqrestore(&ll->hcill_lock, flags);
269
270	/* actually send the sleep ack packet */
271	hci_uart_tx_wakeup(hu);
272}
273
274/*
275 * Called upon wake-up-acknowledgement from the device
276 */
277static void ll_device_woke_up(struct hci_uart *hu)
278{
279	unsigned long flags;
280	struct ll_struct *ll = hu->priv;
281
282	BT_DBG("hu %p", hu);
283
284	/* lock hcill state */
285	spin_lock_irqsave(&ll->hcill_lock, flags);
286
287	/* sanity check */
288	if (ll->hcill_state != HCILL_ASLEEP_TO_AWAKE)
289		BT_ERR("received HCILL_WAKE_UP_ACK in state %ld", ll->hcill_state);
290
291	/* send pending packets and change state to HCILL_AWAKE */
292	__ll_do_awake(ll);
293
294	spin_unlock_irqrestore(&ll->hcill_lock, flags);
295
296	/* actually send the packets */
297	hci_uart_tx_wakeup(hu);
298}
299
300/* Enqueue frame for transmittion (padding, crc, etc) */
301/* may be called from two simultaneous tasklets */
302static int ll_enqueue(struct hci_uart *hu, struct sk_buff *skb)
303{
304	unsigned long flags = 0;
305	struct ll_struct *ll = hu->priv;
306
307	BT_DBG("hu %p skb %p", hu, skb);
308
309	/* Prepend skb with frame type */
310	memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1);
311
312	/* lock hcill state */
313	spin_lock_irqsave(&ll->hcill_lock, flags);
314
315	/* act according to current state */
316	switch (ll->hcill_state) {
317	case HCILL_AWAKE:
318		BT_DBG("device awake, sending normally");
319		skb_queue_tail(&ll->txq, skb);
320		break;
321	case HCILL_ASLEEP:
322		BT_DBG("device asleep, waking up and queueing packet");
323		/* save packet for later */
324		skb_queue_tail(&ll->tx_wait_q, skb);
325		/* awake device */
326		if (send_hcill_cmd(HCILL_WAKE_UP_IND, hu) < 0) {
327			BT_ERR("cannot wake up device");
328			break;
329		}
330		ll->hcill_state = HCILL_ASLEEP_TO_AWAKE;
331		break;
332	case HCILL_ASLEEP_TO_AWAKE:
333		BT_DBG("device waking up, queueing packet");
334		/* transient state; just keep packet for later */
335		skb_queue_tail(&ll->tx_wait_q, skb);
336		break;
337	default:
338		BT_ERR("illegal hcill state: %ld (losing packet)", ll->hcill_state);
339		kfree_skb(skb);
340		break;
341	}
342
343	spin_unlock_irqrestore(&ll->hcill_lock, flags);
344
345	return 0;
346}
347
348static inline int ll_check_data_len(struct hci_dev *hdev, struct ll_struct *ll, int len)
349{
350	int room = skb_tailroom(ll->rx_skb);
351
352	BT_DBG("len %d room %d", len, room);
353
354	if (!len) {
355		hci_recv_frame(hdev, ll->rx_skb);
356	} else if (len > room) {
357		BT_ERR("Data length is too large");
358		kfree_skb(ll->rx_skb);
359	} else {
360		ll->rx_state = HCILL_W4_DATA;
361		ll->rx_count = len;
362		return len;
363	}
364
365	ll->rx_state = HCILL_W4_PACKET_TYPE;
366	ll->rx_skb   = NULL;
367	ll->rx_count = 0;
368
369	return 0;
370}
371
372/* Recv data */
373static int ll_recv(struct hci_uart *hu, const void *data, int count)
374{
375	struct ll_struct *ll = hu->priv;
376	const char *ptr;
377	struct hci_event_hdr *eh;
378	struct hci_acl_hdr   *ah;
379	struct hci_sco_hdr   *sh;
380	int len, type, dlen;
381
382	BT_DBG("hu %p count %d rx_state %ld rx_count %ld", hu, count, ll->rx_state, ll->rx_count);
383
384	ptr = data;
385	while (count) {
386		if (ll->rx_count) {
387			len = min_t(unsigned int, ll->rx_count, count);
388			memcpy(skb_put(ll->rx_skb, len), ptr, len);
389			ll->rx_count -= len; count -= len; ptr += len;
390
391			if (ll->rx_count)
392				continue;
393
394			switch (ll->rx_state) {
395			case HCILL_W4_DATA:
396				BT_DBG("Complete data");
397				hci_recv_frame(hu->hdev, ll->rx_skb);
398
399				ll->rx_state = HCILL_W4_PACKET_TYPE;
400				ll->rx_skb = NULL;
401				continue;
402
403			case HCILL_W4_EVENT_HDR:
404				eh = hci_event_hdr(ll->rx_skb);
405
406				BT_DBG("Event header: evt 0x%2.2x plen %d", eh->evt, eh->plen);
407
408				ll_check_data_len(hu->hdev, ll, eh->plen);
409				continue;
410
411			case HCILL_W4_ACL_HDR:
412				ah = hci_acl_hdr(ll->rx_skb);
413				dlen = __le16_to_cpu(ah->dlen);
414
415				BT_DBG("ACL header: dlen %d", dlen);
416
417				ll_check_data_len(hu->hdev, ll, dlen);
418				continue;
419
420			case HCILL_W4_SCO_HDR:
421				sh = hci_sco_hdr(ll->rx_skb);
422
423				BT_DBG("SCO header: dlen %d", sh->dlen);
424
425				ll_check_data_len(hu->hdev, ll, sh->dlen);
426				continue;
427			}
428		}
429
430		/* HCILL_W4_PACKET_TYPE */
431		switch (*ptr) {
432		case HCI_EVENT_PKT:
433			BT_DBG("Event packet");
434			ll->rx_state = HCILL_W4_EVENT_HDR;
435			ll->rx_count = HCI_EVENT_HDR_SIZE;
436			type = HCI_EVENT_PKT;
437			break;
438
439		case HCI_ACLDATA_PKT:
440			BT_DBG("ACL packet");
441			ll->rx_state = HCILL_W4_ACL_HDR;
442			ll->rx_count = HCI_ACL_HDR_SIZE;
443			type = HCI_ACLDATA_PKT;
444			break;
445
446		case HCI_SCODATA_PKT:
447			BT_DBG("SCO packet");
448			ll->rx_state = HCILL_W4_SCO_HDR;
449			ll->rx_count = HCI_SCO_HDR_SIZE;
450			type = HCI_SCODATA_PKT;
451			break;
452
453		/* HCILL signals */
454		case HCILL_GO_TO_SLEEP_IND:
455			BT_DBG("HCILL_GO_TO_SLEEP_IND packet");
456			ll_device_want_to_sleep(hu);
457			ptr++; count--;
458			continue;
459
460		case HCILL_GO_TO_SLEEP_ACK:
461			/* shouldn't happen */
462			BT_ERR("received HCILL_GO_TO_SLEEP_ACK (in state %ld)", ll->hcill_state);
463			ptr++; count--;
464			continue;
465
466		case HCILL_WAKE_UP_IND:
467			BT_DBG("HCILL_WAKE_UP_IND packet");
468			ll_device_want_to_wakeup(hu);
469			ptr++; count--;
470			continue;
471
472		case HCILL_WAKE_UP_ACK:
473			BT_DBG("HCILL_WAKE_UP_ACK packet");
474			ll_device_woke_up(hu);
475			ptr++; count--;
476			continue;
477
478		default:
479			BT_ERR("Unknown HCI packet type %2.2x", (__u8)*ptr);
480			hu->hdev->stat.err_rx++;
481			ptr++; count--;
482			continue;
483		}
484
485		ptr++; count--;
486
487		/* Allocate packet */
488		ll->rx_skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC);
489		if (!ll->rx_skb) {
490			BT_ERR("Can't allocate mem for new packet");
491			ll->rx_state = HCILL_W4_PACKET_TYPE;
492			ll->rx_count = 0;
493			return -ENOMEM;
494		}
495
496		bt_cb(ll->rx_skb)->pkt_type = type;
497	}
498
499	return count;
500}
501
502static struct sk_buff *ll_dequeue(struct hci_uart *hu)
503{
504	struct ll_struct *ll = hu->priv;
505	return skb_dequeue(&ll->txq);
506}
507
508static const struct hci_uart_proto llp = {
509	.id		= HCI_UART_LL,
510	.name		= "LL",
511	.open		= ll_open,
512	.close		= ll_close,
513	.recv		= ll_recv,
514	.enqueue	= ll_enqueue,
515	.dequeue	= ll_dequeue,
516	.flush		= ll_flush,
517};
518
519int __init ll_init(void)
520{
521	return hci_uart_register_proto(&llp);
522}
523
524int __exit ll_deinit(void)
525{
526	return hci_uart_unregister_proto(&llp);
527}
528