1 /*
2 *
3 * Generic Bluetooth HCI UART driver
4 *
5 * Copyright (C) 2015-2018 Intel Corporation
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24 #include <asm/unaligned.h>
25
26 struct h4_recv_pkt {
27 u8 type; /* Packet type */
28 u8 hlen; /* Header length */
29 u8 loff; /* Data length offset in header */
30 u8 lsize; /* Data length field size */
31 u16 maxlen; /* Max overall packet length */
32 int (*recv)(struct hci_dev *hdev, struct sk_buff *skb);
33 };
34
35 #define H4_RECV_ACL \
36 .type = HCI_ACLDATA_PKT, \
37 .hlen = HCI_ACL_HDR_SIZE, \
38 .loff = 2, \
39 .lsize = 2, \
40 .maxlen = HCI_MAX_FRAME_SIZE \
41
42 #define H4_RECV_SCO \
43 .type = HCI_SCODATA_PKT, \
44 .hlen = HCI_SCO_HDR_SIZE, \
45 .loff = 2, \
46 .lsize = 1, \
47 .maxlen = HCI_MAX_SCO_SIZE
48
49 #define H4_RECV_EVENT \
50 .type = HCI_EVENT_PKT, \
51 .hlen = HCI_EVENT_HDR_SIZE, \
52 .loff = 1, \
53 .lsize = 1, \
54 .maxlen = HCI_MAX_EVENT_SIZE
55
h4_recv_buf(struct hci_dev * hdev,struct sk_buff * skb,const unsigned char * buffer,int count,const struct h4_recv_pkt * pkts,int pkts_count)56 static inline struct sk_buff *h4_recv_buf(struct hci_dev *hdev,
57 struct sk_buff *skb,
58 const unsigned char *buffer,
59 int count,
60 const struct h4_recv_pkt *pkts,
61 int pkts_count)
62 {
63 /* Check for error from previous call */
64 if (IS_ERR(skb))
65 skb = NULL;
66
67 while (count) {
68 int i, len;
69
70 if (!count)
71 break;
72
73 if (!skb) {
74 for (i = 0; i < pkts_count; i++) {
75 if (buffer[0] != (&pkts[i])->type)
76 continue;
77
78 skb = bt_skb_alloc((&pkts[i])->maxlen,
79 GFP_ATOMIC);
80 if (!skb)
81 return ERR_PTR(-ENOMEM);
82
83 hci_skb_pkt_type(skb) = (&pkts[i])->type;
84 hci_skb_expect(skb) = (&pkts[i])->hlen;
85 break;
86 }
87
88 /* Check for invalid packet type */
89 if (!skb)
90 return ERR_PTR(-EILSEQ);
91
92 count -= 1;
93 buffer += 1;
94 }
95
96 len = min_t(uint, hci_skb_expect(skb) - skb->len, count);
97 skb_put_data(skb, buffer, len);
98
99 count -= len;
100 buffer += len;
101
102 /* Check for partial packet */
103 if (skb->len < hci_skb_expect(skb))
104 continue;
105
106 for (i = 0; i < pkts_count; i++) {
107 if (hci_skb_pkt_type(skb) == (&pkts[i])->type)
108 break;
109 }
110
111 if (i >= pkts_count) {
112 kfree_skb(skb);
113 return ERR_PTR(-EILSEQ);
114 }
115
116 if (skb->len == (&pkts[i])->hlen) {
117 u16 dlen;
118
119 switch ((&pkts[i])->lsize) {
120 case 0:
121 /* No variable data length */
122 dlen = 0;
123 break;
124 case 1:
125 /* Single octet variable length */
126 dlen = skb->data[(&pkts[i])->loff];
127 hci_skb_expect(skb) += dlen;
128
129 if (skb_tailroom(skb) < dlen) {
130 kfree_skb(skb);
131 return ERR_PTR(-EMSGSIZE);
132 }
133 break;
134 case 2:
135 /* Double octet variable length */
136 dlen = get_unaligned_le16(skb->data +
137 (&pkts[i])->loff);
138 hci_skb_expect(skb) += dlen;
139
140 if (skb_tailroom(skb) < dlen) {
141 kfree_skb(skb);
142 return ERR_PTR(-EMSGSIZE);
143 }
144 break;
145 default:
146 /* Unsupported variable length */
147 kfree_skb(skb);
148 return ERR_PTR(-EILSEQ);
149 }
150
151 if (!dlen) {
152 /* No more data, complete frame */
153 (&pkts[i])->recv(hdev, skb);
154 skb = NULL;
155 }
156 } else {
157 /* Complete frame */
158 (&pkts[i])->recv(hdev, skb);
159 skb = NULL;
160 }
161 }
162
163 return skb;
164 }
165