1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0-or-later */
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun *
4*4882a593Smuzhiyun * Generic Bluetooth HCI UART driver
5*4882a593Smuzhiyun *
6*4882a593Smuzhiyun * Copyright (C) 2015-2018 Intel Corporation
7*4882a593Smuzhiyun */
8*4882a593Smuzhiyun
9*4882a593Smuzhiyun #include <asm/unaligned.h>
10*4882a593Smuzhiyun
11*4882a593Smuzhiyun struct h4_recv_pkt {
12*4882a593Smuzhiyun u8 type; /* Packet type */
13*4882a593Smuzhiyun u8 hlen; /* Header length */
14*4882a593Smuzhiyun u8 loff; /* Data length offset in header */
15*4882a593Smuzhiyun u8 lsize; /* Data length field size */
16*4882a593Smuzhiyun u16 maxlen; /* Max overall packet length */
17*4882a593Smuzhiyun int (*recv)(struct hci_dev *hdev, struct sk_buff *skb);
18*4882a593Smuzhiyun };
19*4882a593Smuzhiyun
20*4882a593Smuzhiyun #define H4_RECV_ACL \
21*4882a593Smuzhiyun .type = HCI_ACLDATA_PKT, \
22*4882a593Smuzhiyun .hlen = HCI_ACL_HDR_SIZE, \
23*4882a593Smuzhiyun .loff = 2, \
24*4882a593Smuzhiyun .lsize = 2, \
25*4882a593Smuzhiyun .maxlen = HCI_MAX_FRAME_SIZE \
26*4882a593Smuzhiyun
27*4882a593Smuzhiyun #define H4_RECV_SCO \
28*4882a593Smuzhiyun .type = HCI_SCODATA_PKT, \
29*4882a593Smuzhiyun .hlen = HCI_SCO_HDR_SIZE, \
30*4882a593Smuzhiyun .loff = 2, \
31*4882a593Smuzhiyun .lsize = 1, \
32*4882a593Smuzhiyun .maxlen = HCI_MAX_SCO_SIZE
33*4882a593Smuzhiyun
34*4882a593Smuzhiyun #define H4_RECV_EVENT \
35*4882a593Smuzhiyun .type = HCI_EVENT_PKT, \
36*4882a593Smuzhiyun .hlen = HCI_EVENT_HDR_SIZE, \
37*4882a593Smuzhiyun .loff = 1, \
38*4882a593Smuzhiyun .lsize = 1, \
39*4882a593Smuzhiyun .maxlen = HCI_MAX_EVENT_SIZE
40*4882a593Smuzhiyun
h4_recv_buf(struct hci_dev * hdev,struct sk_buff * skb,const unsigned char * buffer,int count,const struct h4_recv_pkt * pkts,int pkts_count)41*4882a593Smuzhiyun static inline struct sk_buff *h4_recv_buf(struct hci_dev *hdev,
42*4882a593Smuzhiyun struct sk_buff *skb,
43*4882a593Smuzhiyun const unsigned char *buffer,
44*4882a593Smuzhiyun int count,
45*4882a593Smuzhiyun const struct h4_recv_pkt *pkts,
46*4882a593Smuzhiyun int pkts_count)
47*4882a593Smuzhiyun {
48*4882a593Smuzhiyun /* Check for error from previous call */
49*4882a593Smuzhiyun if (IS_ERR(skb))
50*4882a593Smuzhiyun skb = NULL;
51*4882a593Smuzhiyun
52*4882a593Smuzhiyun while (count) {
53*4882a593Smuzhiyun int i, len;
54*4882a593Smuzhiyun
55*4882a593Smuzhiyun if (!skb) {
56*4882a593Smuzhiyun for (i = 0; i < pkts_count; i++) {
57*4882a593Smuzhiyun if (buffer[0] != (&pkts[i])->type)
58*4882a593Smuzhiyun continue;
59*4882a593Smuzhiyun
60*4882a593Smuzhiyun skb = bt_skb_alloc((&pkts[i])->maxlen,
61*4882a593Smuzhiyun GFP_ATOMIC);
62*4882a593Smuzhiyun if (!skb)
63*4882a593Smuzhiyun return ERR_PTR(-ENOMEM);
64*4882a593Smuzhiyun
65*4882a593Smuzhiyun hci_skb_pkt_type(skb) = (&pkts[i])->type;
66*4882a593Smuzhiyun hci_skb_expect(skb) = (&pkts[i])->hlen;
67*4882a593Smuzhiyun break;
68*4882a593Smuzhiyun }
69*4882a593Smuzhiyun
70*4882a593Smuzhiyun /* Check for invalid packet type */
71*4882a593Smuzhiyun if (!skb)
72*4882a593Smuzhiyun return ERR_PTR(-EILSEQ);
73*4882a593Smuzhiyun
74*4882a593Smuzhiyun count -= 1;
75*4882a593Smuzhiyun buffer += 1;
76*4882a593Smuzhiyun }
77*4882a593Smuzhiyun
78*4882a593Smuzhiyun len = min_t(uint, hci_skb_expect(skb) - skb->len, count);
79*4882a593Smuzhiyun skb_put_data(skb, buffer, len);
80*4882a593Smuzhiyun
81*4882a593Smuzhiyun count -= len;
82*4882a593Smuzhiyun buffer += len;
83*4882a593Smuzhiyun
84*4882a593Smuzhiyun /* Check for partial packet */
85*4882a593Smuzhiyun if (skb->len < hci_skb_expect(skb))
86*4882a593Smuzhiyun continue;
87*4882a593Smuzhiyun
88*4882a593Smuzhiyun for (i = 0; i < pkts_count; i++) {
89*4882a593Smuzhiyun if (hci_skb_pkt_type(skb) == (&pkts[i])->type)
90*4882a593Smuzhiyun break;
91*4882a593Smuzhiyun }
92*4882a593Smuzhiyun
93*4882a593Smuzhiyun if (i >= pkts_count) {
94*4882a593Smuzhiyun kfree_skb(skb);
95*4882a593Smuzhiyun return ERR_PTR(-EILSEQ);
96*4882a593Smuzhiyun }
97*4882a593Smuzhiyun
98*4882a593Smuzhiyun if (skb->len == (&pkts[i])->hlen) {
99*4882a593Smuzhiyun u16 dlen;
100*4882a593Smuzhiyun
101*4882a593Smuzhiyun switch ((&pkts[i])->lsize) {
102*4882a593Smuzhiyun case 0:
103*4882a593Smuzhiyun /* No variable data length */
104*4882a593Smuzhiyun dlen = 0;
105*4882a593Smuzhiyun break;
106*4882a593Smuzhiyun case 1:
107*4882a593Smuzhiyun /* Single octet variable length */
108*4882a593Smuzhiyun dlen = skb->data[(&pkts[i])->loff];
109*4882a593Smuzhiyun hci_skb_expect(skb) += dlen;
110*4882a593Smuzhiyun
111*4882a593Smuzhiyun if (skb_tailroom(skb) < dlen) {
112*4882a593Smuzhiyun kfree_skb(skb);
113*4882a593Smuzhiyun return ERR_PTR(-EMSGSIZE);
114*4882a593Smuzhiyun }
115*4882a593Smuzhiyun break;
116*4882a593Smuzhiyun case 2:
117*4882a593Smuzhiyun /* Double octet variable length */
118*4882a593Smuzhiyun dlen = get_unaligned_le16(skb->data +
119*4882a593Smuzhiyun (&pkts[i])->loff);
120*4882a593Smuzhiyun hci_skb_expect(skb) += dlen;
121*4882a593Smuzhiyun
122*4882a593Smuzhiyun if (skb_tailroom(skb) < dlen) {
123*4882a593Smuzhiyun kfree_skb(skb);
124*4882a593Smuzhiyun return ERR_PTR(-EMSGSIZE);
125*4882a593Smuzhiyun }
126*4882a593Smuzhiyun break;
127*4882a593Smuzhiyun default:
128*4882a593Smuzhiyun /* Unsupported variable length */
129*4882a593Smuzhiyun kfree_skb(skb);
130*4882a593Smuzhiyun return ERR_PTR(-EILSEQ);
131*4882a593Smuzhiyun }
132*4882a593Smuzhiyun
133*4882a593Smuzhiyun if (!dlen) {
134*4882a593Smuzhiyun /* No more data, complete frame */
135*4882a593Smuzhiyun (&pkts[i])->recv(hdev, skb);
136*4882a593Smuzhiyun skb = NULL;
137*4882a593Smuzhiyun }
138*4882a593Smuzhiyun } else {
139*4882a593Smuzhiyun /* Complete frame */
140*4882a593Smuzhiyun (&pkts[i])->recv(hdev, skb);
141*4882a593Smuzhiyun skb = NULL;
142*4882a593Smuzhiyun }
143*4882a593Smuzhiyun }
144*4882a593Smuzhiyun
145*4882a593Smuzhiyun return skb;
146*4882a593Smuzhiyun }
147