1 /* Copyright (c) 2023 Nordic Semiconductor ASA
2  * SPDX-License-Identifier: Apache-2.0
3  */
4 
5 #include <zephyr/kernel.h>
6 #include <zephyr/sys/__assert.h>
7 #include <zephyr/sys/time_units.h>
8 #include <zephyr/toolchain/common.h>
9 #include <errno.h>
10 #include <stddef.h>
11 #include <string.h>
12 
13 #include <zephyr/arch/cpu.h>
14 #include <zephyr/sys/byteorder.h>
15 #include <zephyr/logging/log.h>
16 #include <zephyr/sys/util.h>
17 
18 #include <zephyr/device.h>
19 #include <zephyr/init.h>
20 #include <zephyr/drivers/uart.h>
21 
22 #include <zephyr/usb/usb_device.h>
23 
24 #include <zephyr/net_buf.h>
25 #include <zephyr/bluetooth/bluetooth.h>
26 #include <zephyr/bluetooth/l2cap.h>
27 #include <zephyr/bluetooth/hci.h>
28 #include <zephyr/bluetooth/buf.h>
29 #include <zephyr/bluetooth/hci_raw.h>
30 
31 LOG_MODULE_REGISTER(hci_uart_async, LOG_LEVEL_DBG);
32 
33 static const struct device *const hci_uart_dev = DEVICE_DT_GET(DT_CHOSEN(zephyr_bt_c2h_uart));
34 
35 static K_THREAD_STACK_DEFINE(h2c_thread_stack, CONFIG_BT_HCI_TX_STACK_SIZE);
36 static struct k_thread h2c_thread;
37 
38 struct k_poll_signal uart_h2c_rx_sig;
39 struct k_poll_signal uart_c2h_tx_sig;
40 
41 static K_FIFO_DEFINE(c2h_queue);
42 
43 /** Send raw data on c2h UART.
44  *
45  * Blocks until completion. Not thread-safe.
46  *
47  * @retval 0 on success
48  * @retval -EBUSY Another transmission is in progress. This a
49  * thread-safety violation.
50  * @retval -errno @ref uart_tx error.
51  */
uart_c2h_tx(const uint8_t * data,size_t size)52 static int uart_c2h_tx(const uint8_t *data, size_t size)
53 {
54 	int err;
55 	struct k_poll_signal *sig = &uart_c2h_tx_sig;
56 	struct k_poll_event done[] = {
57 		K_POLL_EVENT_INITIALIZER(K_POLL_TYPE_SIGNAL, K_POLL_MODE_NOTIFY_ONLY, sig),
58 	};
59 
60 	k_poll_signal_reset(sig);
61 	err = uart_tx(hci_uart_dev, data, size, SYS_FOREVER_US);
62 
63 	if (err) {
64 		LOG_ERR("uart c2h tx: err %d", err);
65 		return err;
66 	}
67 
68 	err = k_poll(done, ARRAY_SIZE(done), K_FOREVER);
69 	__ASSERT_NO_MSG(err == 0);
70 
71 	return 0;
72 }
73 
74 /* Function expects that type is validated and only CMD, ISO or ACL will be used. */
hci_payload_size(const uint8_t * hdr_buf,uint8_t h4_type)75 static uint32_t hci_payload_size(const uint8_t *hdr_buf, uint8_t h4_type)
76 {
77 	switch (h4_type) {
78 	case BT_HCI_H4_CMD:
79 		return ((const struct bt_hci_cmd_hdr *)hdr_buf)->param_len;
80 	case BT_HCI_H4_ACL:
81 		return sys_le16_to_cpu(((const struct bt_hci_acl_hdr *)hdr_buf)->len);
82 	case BT_HCI_H4_ISO:
83 		return bt_iso_hdr_len(
84 			sys_le16_to_cpu(((const struct bt_hci_iso_hdr *)hdr_buf)->len));
85 	default:
86 		LOG_ERR("Invalid type: %u", h4_type);
87 		return 0;
88 	}
89 }
90 
hci_hdr_size(uint8_t h4_type)91 static uint8_t hci_hdr_size(uint8_t h4_type)
92 {
93 	switch (h4_type) {
94 	case BT_HCI_H4_CMD:
95 		return sizeof(struct bt_hci_cmd_hdr);
96 	case BT_HCI_H4_ACL:
97 		return sizeof(struct bt_hci_acl_hdr);
98 	case BT_HCI_H4_ISO:
99 		return sizeof(struct bt_hci_iso_hdr);
100 	default:
101 		LOG_ERR("Unexpected h4 type: %u", h4_type);
102 		return 0;
103 	}
104 }
105 
106 /** Send raw data on c2h UART.
107  *
108  * Blocks until either @p size has been received or special UART
109  * condition occurs on the UART RX line, like an UART break or parity
110  * error.
111  *
112  * Not thread-safe.
113  *
114  * @retval 0 on success
115  * @retval -EBUSY Another transmission is in progress. This a
116  * thread-safety violation.
117  * @retval -errno @ref uart_rx_enable error.
118  * @retval +stop_reason Special condition @ref uart_rx_stop_reason.
119  */
uart_h2c_rx(uint8_t * dst,size_t size)120 static int uart_h2c_rx(uint8_t *dst, size_t size)
121 {
122 	int err;
123 	struct k_poll_signal *sig = &uart_h2c_rx_sig;
124 	struct k_poll_event done[] = {
125 		K_POLL_EVENT_INITIALIZER(K_POLL_TYPE_SIGNAL, K_POLL_MODE_NOTIFY_ONLY, sig),
126 	};
127 
128 	k_poll_signal_reset(sig);
129 	err = uart_rx_enable(hci_uart_dev, dst, size, SYS_FOREVER_US);
130 
131 	if (err) {
132 		LOG_ERR("uart h2c rx: err %d", err);
133 		return err;
134 	}
135 
136 	k_poll(done, ARRAY_SIZE(done), K_FOREVER);
137 	return sig->result;
138 }
139 
140 /** Inject a HCI EVT Hardware error into the c2h packet stream.
141  *
142  * This uses `bt_recv`, just as if the controller is sending the error.
143  */
send_hw_error(void)144 static void send_hw_error(void)
145 {
146 	const uint8_t err_code = 0;
147 	const uint8_t hci_evt_hw_err[] = {BT_HCI_EVT_HARDWARE_ERROR,
148 					  sizeof(struct bt_hci_evt_hardware_error), err_code};
149 
150 	struct net_buf *buf = bt_buf_get_rx(BT_BUF_EVT, K_FOREVER);
151 
152 	net_buf_add_mem(buf, hci_evt_hw_err, sizeof(hci_evt_hw_err));
153 
154 	/* Inject the message into the c2h queue. */
155 	k_fifo_put(&c2h_queue, buf);
156 
157 	/* The c2h thread will send the message at some point. The host
158 	 * will receive it and reset the controller.
159 	 */
160 }
161 
recover_sync_by_reset_pattern(void)162 static void recover_sync_by_reset_pattern(void)
163 {
164 	/* { BT_HCI_H4_CMD, le_16(HCI_CMD_OP_RESET), len=0 } */
165 	const uint8_t h4_cmd_reset[] = {0x01, 0x03, 0x0C, 0x00};
166 	const uint32_t reset_pattern = sys_get_be32(h4_cmd_reset);
167 	int err;
168 	struct net_buf *h2c_cmd_reset;
169 	uint32_t shift_register = 0;
170 
171 	LOG_DBG("Looking for reset pattern");
172 
173 	while (shift_register != reset_pattern) {
174 		uint8_t read_byte;
175 
176 		uart_h2c_rx(&read_byte, sizeof(uint8_t));
177 		LOG_DBG("h2c: 0x%02x", read_byte);
178 		shift_register = (shift_register * 0x100) + read_byte;
179 	}
180 
181 	LOG_DBG("Pattern found");
182 	h2c_cmd_reset = bt_buf_get_tx(BT_BUF_CMD, K_FOREVER,
183 				      &h4_cmd_reset[1], sizeof(h4_cmd_reset) - 1);
184 	LOG_DBG("Fowarding reset");
185 
186 	err = bt_send(h2c_cmd_reset);
187 	__ASSERT(!err, "Failed to send reset: %d", err);
188 }
189 
h2c_h4_transport(void)190 static void h2c_h4_transport(void)
191 {
192 	/* When entering this function, the h2c stream should be
193 	 * 'synchronized'. I.e. The stream should be at a H4 packet
194 	 * boundary.
195 	 *
196 	 * This function returns to signal a desynchronization.
197 	 * When this happens, the caller should resynchronize before
198 	 * entering this function again. It's up to the caller to decide
199 	 * how to resynchronize.
200 	 */
201 
202 	for (;;) {
203 		int err;
204 		struct net_buf *buf;
205 		uint8_t h4_type;
206 		uint8_t hdr_size;
207 		uint8_t *hdr_buf;
208 		uint16_t payload_size;
209 
210 		LOG_DBG("h2c: listening");
211 
212 		/* Read H4 type. */
213 		err = uart_h2c_rx(&h4_type, sizeof(uint8_t));
214 
215 		if (err) {
216 			return;
217 		}
218 		LOG_DBG("h2c: h4_type %d", h4_type);
219 
220 		/* Allocate buf. */
221 		buf = bt_buf_get_tx(bt_buf_type_from_h4(h4_type, BT_BUF_OUT), K_FOREVER, NULL, 0);
222 		LOG_DBG("h2c: buf %p", buf);
223 
224 		if (!buf) {
225 			/* `h4_type` was invalid. */
226 			__ASSERT_NO_MSG(hci_hdr_size(h4_type) == 0);
227 
228 			LOG_WRN("bt_buf_get_tx failed h4_type %d", h4_type);
229 			return;
230 		}
231 
232 		/* Read HCI header. */
233 		hdr_size = hci_hdr_size(h4_type);
234 		hdr_buf = net_buf_add(buf, hdr_size);
235 
236 		err = uart_h2c_rx(hdr_buf, hdr_size);
237 		if (err) {
238 			net_buf_unref(buf);
239 			return;
240 		}
241 		LOG_HEXDUMP_DBG(hdr_buf, hdr_size, "h2c: hci hdr");
242 
243 		/* Read HCI payload. */
244 		payload_size = hci_payload_size(hdr_buf, h4_type);
245 
246 		LOG_DBG("h2c: payload_size %u", payload_size);
247 
248 		if (payload_size == 0) {
249 			/* Done, dont rx zero bytes */
250 		} else if (payload_size <= net_buf_tailroom(buf)) {
251 			uint8_t *payload_dst = net_buf_add(buf, payload_size);
252 
253 			err = uart_h2c_rx(payload_dst, payload_size);
254 			if (err) {
255 				net_buf_unref(buf);
256 				return;
257 			}
258 			LOG_HEXDUMP_DBG(payload_dst, payload_size, "h2c: hci payload");
259 		} else {
260 			/* Discard oversize packet. */
261 			uint8_t *discard_dst;
262 			uint16_t discard_size;
263 
264 			LOG_WRN("h2c: Discarding oversize h4_type %d payload_size %d.", h4_type,
265 				payload_size);
266 
267 			/* Reset `buf` so all of it is available. */
268 			net_buf_reset(buf);
269 			discard_dst = net_buf_tail(buf);
270 			discard_size = net_buf_max_len(buf);
271 
272 			while (payload_size) {
273 				uint16_t read_size = MIN(payload_size, discard_size);
274 
275 				err = uart_h2c_rx(discard_dst, read_size);
276 				if (err) {
277 					net_buf_unref(buf);
278 					return;
279 				}
280 
281 				payload_size -= read_size;
282 			}
283 
284 			net_buf_unref(buf);
285 			buf = NULL;
286 		}
287 
288 		LOG_DBG("h2c: packet done");
289 
290 		/* Route buf to Controller. */
291 		if (buf) {
292 			err = bt_send(buf);
293 			if (err) {
294 				/* This is not a transport error. */
295 				LOG_ERR("bt_send err %d", err);
296 				net_buf_unref(buf);
297 				buf = NULL;
298 			}
299 		}
300 
301 		k_yield();
302 	}
303 }
304 
h2c_thread_entry(void * p1,void * p2,void * p3)305 static void h2c_thread_entry(void *p1, void *p2, void *p3)
306 {
307 	k_thread_name_set(k_current_get(), "HCI TX (h2c)");
308 
309 	for (;;) {
310 		LOG_DBG("Synchronized");
311 		h2c_h4_transport();
312 		LOG_WRN("Desynchronized");
313 		send_hw_error();
314 		recover_sync_by_reset_pattern();
315 	}
316 }
317 
callback(const struct device * dev,struct uart_event * evt,void * user_data)318 void callback(const struct device *dev, struct uart_event *evt, void *user_data)
319 {
320 	ARG_UNUSED(user_data);
321 
322 	if (evt->type == UART_RX_DISABLED) {
323 		(void)k_poll_signal_raise(&uart_h2c_rx_sig, 0);
324 	} else if (evt->type == UART_RX_STOPPED) {
325 		(void)k_poll_signal_raise(&uart_h2c_rx_sig, evt->data.rx_stop.reason);
326 	} else if (evt->type == UART_TX_DONE) {
327 		(void)k_poll_signal_raise(&uart_c2h_tx_sig, 0);
328 	}
329 }
330 
hci_uart_init(void)331 static int hci_uart_init(void)
332 {
333 	int err;
334 
335 	k_poll_signal_init(&uart_h2c_rx_sig);
336 	k_poll_signal_init(&uart_c2h_tx_sig);
337 
338 	LOG_DBG("");
339 
340 	if (!device_is_ready(hci_uart_dev)) {
341 		LOG_ERR("HCI UART %s is not ready", hci_uart_dev->name);
342 		return -EINVAL;
343 	}
344 
345 	BUILD_ASSERT(IS_ENABLED(CONFIG_UART_ASYNC_API));
346 	err = uart_callback_set(hci_uart_dev, callback, NULL);
347 
348 	/* Note: Asserts if CONFIG_UART_ASYNC_API is not enabled for `hci_uart_dev`. */
349 	__ASSERT(!err, "err %d", err);
350 
351 	return 0;
352 }
353 
354 SYS_INIT(hci_uart_init, APPLICATION, CONFIG_KERNEL_INIT_PRIORITY_DEVICE);
355 
356 const struct {
357 	uint8_t h4;
358 	struct bt_hci_evt_hdr hdr;
359 	struct bt_hci_evt_cmd_complete cc;
360 } __packed cc_evt = {
361 	.h4 = BT_HCI_H4_EVT,
362 	.hdr = {.evt = BT_HCI_EVT_CMD_COMPLETE, .len = sizeof(struct bt_hci_evt_cmd_complete)},
363 	.cc = {.ncmd = 1, .opcode = sys_cpu_to_le16(BT_OP_NOP)},
364 };
365 
c2h_thread_entry(void)366 static void c2h_thread_entry(void)
367 {
368 	k_thread_name_set(k_current_get(), "HCI RX (c2h)");
369 
370 	if (IS_ENABLED(CONFIG_BT_WAIT_NOP)) {
371 		uart_c2h_tx((char *)&cc_evt, sizeof(cc_evt));
372 	}
373 
374 	for (;;) {
375 		struct net_buf *buf;
376 
377 		buf = k_fifo_get(&c2h_queue, K_FOREVER);
378 		uart_c2h_tx(buf->data, buf->len);
379 		net_buf_unref(buf);
380 	}
381 }
382 
hci_uart_main(void)383 void hci_uart_main(void)
384 {
385 	int err;
386 
387 	err = bt_enable_raw(&c2h_queue);
388 	__ASSERT_NO_MSG(!err);
389 
390 	/* TX thread. */
391 	k_thread_create(&h2c_thread, h2c_thread_stack, K_THREAD_STACK_SIZEOF(h2c_thread_stack),
392 			h2c_thread_entry, NULL, NULL, NULL, K_PRIO_COOP(7), 0, K_NO_WAIT);
393 
394 	/* Reuse current thread as RX thread. */
395 	c2h_thread_entry();
396 }
397