1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * this file contains the functions relating to link management. A "link"
22 * is a connection between this device and another device. Only ACL links
23 * are managed.
24 *
25 ******************************************************************************/
26
27 #include <base/logging.h>
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <string.h>
31
32 #include "bt_common.h"
33 #include "bt_types.h"
34 #include "bt_utils.h"
35 #include "btm_api.h"
36 #include "btm_int.h"
37 #include "btu.h"
38 #include "device/include/controller.h"
39 #include "hcimsgs.h"
40 #include "l2c_api.h"
41 #include "l2c_int.h"
42 #include "l2cdefs.h"
43 #include "log/log.h"
44 #include "osi/include/osi.h"
45
46 static bool l2c_link_send_to_lower(tL2C_LCB* p_lcb, BT_HDR* p_buf,
47 tL2C_TX_COMPLETE_CB_INFO* p_cbi);
48
49 /*******************************************************************************
50 *
51 * Function l2c_link_hci_conn_req
52 *
53 * Description This function is called when an HCI Connection Request
54 * event is received.
55 *
56 * Returns true, if accept conn
57 *
58 ******************************************************************************/
l2c_link_hci_conn_req(const RawAddress & bd_addr)59 bool l2c_link_hci_conn_req(const RawAddress& bd_addr) {
60 tL2C_LCB* p_lcb;
61 tL2C_LCB* p_lcb_cur;
62 int xx;
63 bool no_links;
64
65 /* See if we have a link control block for the remote device */
66 p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_BR_EDR);
67
68 /* If we don't have one, create one and accept the connection. */
69 if (!p_lcb) {
70 p_lcb = l2cu_allocate_lcb(bd_addr, false, BT_TRANSPORT_BR_EDR);
71 if (!p_lcb) {
72 btsnd_hcic_reject_conn(bd_addr, HCI_ERR_HOST_REJECT_RESOURCES);
73 L2CAP_TRACE_ERROR("L2CAP failed to allocate LCB");
74 return false;
75 }
76
77 no_links = true;
78
79 /* If we already have connection, accept as a master */
80 for (xx = 0, p_lcb_cur = &l2cb.lcb_pool[0]; xx < MAX_L2CAP_LINKS;
81 xx++, p_lcb_cur++) {
82 if (p_lcb_cur == p_lcb) continue;
83
84 if (p_lcb_cur->in_use) {
85 no_links = false;
86 p_lcb->link_role = HCI_ROLE_MASTER;
87 break;
88 }
89 }
90
91 if (no_links) {
92 if (!btm_dev_support_switch(bd_addr))
93 p_lcb->link_role = HCI_ROLE_SLAVE;
94 else
95 p_lcb->link_role = l2cu_get_conn_role(p_lcb);
96 }
97
98 /* Tell the other side we accept the connection */
99 btsnd_hcic_accept_conn(bd_addr, p_lcb->link_role);
100
101 p_lcb->link_state = LST_CONNECTING;
102
103 /* Start a timer waiting for connect complete */
104 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, L2CAP_LINK_CONNECT_TIMEOUT_MS,
105 l2c_lcb_timer_timeout, p_lcb);
106 return (true);
107 }
108
109 /* We already had a link control block to the guy. Check what state it is in
110 */
111 if ((p_lcb->link_state == LST_CONNECTING) ||
112 (p_lcb->link_state == LST_CONNECT_HOLDING)) {
113 /* Connection collision. Accept the connection anyways. */
114
115 if (!btm_dev_support_switch(bd_addr))
116 p_lcb->link_role = HCI_ROLE_SLAVE;
117 else
118 p_lcb->link_role = l2cu_get_conn_role(p_lcb);
119
120 btsnd_hcic_accept_conn(bd_addr, p_lcb->link_role);
121
122 p_lcb->link_state = LST_CONNECTING;
123 return (true);
124 } else if (p_lcb->link_state == LST_DISCONNECTING) {
125 /* In disconnecting state, reject the connection. */
126 btsnd_hcic_reject_conn(bd_addr, HCI_ERR_HOST_REJECT_DEVICE);
127 } else {
128 L2CAP_TRACE_ERROR(
129 "L2CAP got conn_req while connected (state:%d). Reject it",
130 p_lcb->link_state);
131 /* Reject the connection with ACL Connection Already exist reason */
132 btsnd_hcic_reject_conn(bd_addr, HCI_ERR_CONNECTION_EXISTS);
133 }
134 return (false);
135 }
136
137 /*******************************************************************************
138 *
139 * Function l2c_link_hci_conn_comp
140 *
141 * Description This function is called when an HCI Connection Complete
142 * event is received.
143 *
144 * Returns void
145 *
146 ******************************************************************************/
l2c_link_hci_conn_comp(uint8_t status,uint16_t handle,const RawAddress & p_bda)147 bool l2c_link_hci_conn_comp(uint8_t status, uint16_t handle,
148 const RawAddress& p_bda) {
149 tL2C_CONN_INFO ci;
150 tL2C_LCB* p_lcb;
151 tL2C_CCB* p_ccb;
152 tBTM_SEC_DEV_REC* p_dev_info = NULL;
153
154 btm_acl_update_busy_level(BTM_BLI_PAGE_DONE_EVT);
155
156 /* Save the parameters */
157 ci.status = status;
158 ci.bd_addr = p_bda;
159
160 /* See if we have a link control block for the remote device */
161 p_lcb = l2cu_find_lcb_by_bd_addr(ci.bd_addr, BT_TRANSPORT_BR_EDR);
162
163 /* If we don't have one, allocate one */
164 if (p_lcb == nullptr) {
165 L2CAP_TRACE_WARNING("No available link control block, try allocate one");
166 p_lcb = l2cu_allocate_lcb(ci.bd_addr, false, BT_TRANSPORT_BR_EDR);
167 if (p_lcb == nullptr) {
168 L2CAP_TRACE_WARNING("%s: Failed to allocate an LCB", __func__);
169 return (false);
170 }
171 p_lcb->link_state = LST_CONNECTING;
172 }
173
174 if ((p_lcb->link_state == LST_CONNECTED) &&
175 (status == HCI_ERR_CONNECTION_EXISTS)) {
176 L2CAP_TRACE_WARNING("%s: An ACL connection already exists. Handle:%d",
177 __func__, handle);
178 return (true);
179 } else if (p_lcb->link_state != LST_CONNECTING) {
180 L2CAP_TRACE_ERROR("L2CAP got conn_comp in bad state: %d status: 0x%d",
181 p_lcb->link_state, status);
182
183 if (status != HCI_SUCCESS) l2c_link_hci_disc_comp(p_lcb->handle, status);
184
185 return (false);
186 }
187
188 /* Save the handle */
189 p_lcb->handle = handle;
190
191 if (ci.status == HCI_SUCCESS) {
192 /* Connected OK. Change state to connected */
193 p_lcb->link_state = LST_CONNECTED;
194
195 /* Get the peer information if the l2cap flow-control/rtrans is supported */
196 l2cu_send_peer_info_req(p_lcb, L2CAP_EXTENDED_FEATURES_INFO_TYPE);
197
198 /* Tell BTM Acl management about the link */
199 p_dev_info = btm_find_dev(p_bda);
200 if (p_dev_info != NULL)
201 btm_acl_created(ci.bd_addr, p_dev_info->dev_class,
202 p_dev_info->sec_bd_name, handle, p_lcb->link_role,
203 BT_TRANSPORT_BR_EDR);
204 else
205 btm_acl_created(ci.bd_addr, NULL, NULL, handle, p_lcb->link_role,
206 BT_TRANSPORT_BR_EDR);
207
208 BTM_SetLinkSuperTout(ci.bd_addr, btm_cb.btm_def_link_super_tout);
209
210 /* If dedicated bonding do not process any further */
211 if (p_lcb->is_bonding) {
212 if (l2cu_start_post_bond_timer(handle)) return (true);
213 }
214
215 /* Update the timeouts in the hold queue */
216 l2c_process_held_packets(false);
217
218 alarm_cancel(p_lcb->l2c_lcb_timer);
219
220 /* For all channels, send the event through their FSMs */
221 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
222 p_ccb = p_ccb->p_next_ccb) {
223 l2c_csm_execute(p_ccb, L2CEVT_LP_CONNECT_CFM, &ci);
224 }
225
226 if (p_lcb->p_echo_rsp_cb) {
227 l2cu_send_peer_echo_req(p_lcb, NULL, 0);
228 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, L2CAP_ECHO_RSP_TIMEOUT_MS,
229 l2c_lcb_timer_timeout, p_lcb);
230 } else if (!p_lcb->ccb_queue.p_first_ccb) {
231 uint64_t timeout_ms = L2CAP_LINK_STARTUP_TOUT * 1000;
232 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, timeout_ms,
233 l2c_lcb_timer_timeout, p_lcb);
234 }
235 }
236 /* Max number of acl connections. */
237 /* If there's an lcb disconnecting set this one to holding */
238 else if ((ci.status == HCI_ERR_MAX_NUM_OF_CONNECTIONS) &&
239 l2cu_lcb_disconnecting()) {
240 p_lcb->link_state = LST_CONNECT_HOLDING;
241 p_lcb->handle = HCI_INVALID_HANDLE;
242 } else {
243 /* Just in case app decides to try again in the callback context */
244 p_lcb->link_state = LST_DISCONNECTING;
245
246 /* Connection failed. For all channels, send the event through */
247 /* their FSMs. The CCBs should remove themselves from the LCB */
248 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
249 tL2C_CCB* pn = p_ccb->p_next_ccb;
250
251 l2c_csm_execute(p_ccb, L2CEVT_LP_CONNECT_CFM_NEG, &ci);
252
253 p_ccb = pn;
254 }
255
256 p_lcb->disc_reason = status;
257 /* Release the LCB */
258 if (p_lcb->ccb_queue.p_first_ccb == NULL)
259 l2cu_release_lcb(p_lcb);
260 else /* there are any CCBs remaining */
261 {
262 if (ci.status == HCI_ERR_CONNECTION_EXISTS) {
263 /* we are in collision situation, wait for connecttion request from
264 * controller */
265 p_lcb->link_state = LST_CONNECTING;
266 } else {
267 l2cu_create_conn_br_edr(p_lcb);
268 }
269 }
270 }
271 return (true);
272 }
273
274 /*******************************************************************************
275 *
276 * Function l2c_link_sec_comp
277 *
278 * Description This function is called when required security procedures
279 * are completed.
280 *
281 * Returns void
282 *
283 ******************************************************************************/
l2c_link_sec_comp(const RawAddress * p_bda,UNUSED_ATTR tBT_TRANSPORT transport,void * p_ref_data,uint8_t status)284 void l2c_link_sec_comp(const RawAddress* p_bda,
285 UNUSED_ATTR tBT_TRANSPORT transport, void* p_ref_data,
286 uint8_t status) {
287 l2c_link_sec_comp2(*p_bda, transport, p_ref_data, status);
288 }
289
l2c_link_sec_comp2(const RawAddress & p_bda,UNUSED_ATTR tBT_TRANSPORT transport,void * p_ref_data,uint8_t status)290 void l2c_link_sec_comp2(const RawAddress& p_bda,
291 UNUSED_ATTR tBT_TRANSPORT transport, void* p_ref_data,
292 uint8_t status) {
293 tL2C_CONN_INFO ci;
294 tL2C_LCB* p_lcb;
295 tL2C_CCB* p_ccb;
296 tL2C_CCB* p_next_ccb;
297 uint8_t event;
298
299 L2CAP_TRACE_DEBUG("%s: status=%d, p_ref_data=%p, BD_ADDR=%s", __func__,
300 status, p_ref_data, p_bda.ToString().c_str());
301
302 if (status == BTM_SUCCESS_NO_SECURITY) status = BTM_SUCCESS;
303
304 /* Save the parameters */
305 ci.status = status;
306 ci.bd_addr = p_bda;
307
308 p_lcb = l2cu_find_lcb_by_bd_addr(p_bda, transport);
309
310 /* If we don't have one, this is an error */
311 if (!p_lcb) {
312 L2CAP_TRACE_WARNING("L2CAP got sec_comp for unknown BD_ADDR");
313 return;
314 }
315
316 /* Match p_ccb with p_ref_data returned by sec manager */
317 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_next_ccb) {
318 p_next_ccb = p_ccb->p_next_ccb;
319
320 if (p_ccb == p_ref_data) {
321 switch (status) {
322 case BTM_SUCCESS:
323 event = L2CEVT_SEC_COMP;
324 break;
325
326 case BTM_DELAY_CHECK:
327 /* start a timer - encryption change not received before L2CAP connect
328 * req */
329 alarm_set_on_mloop(p_ccb->l2c_ccb_timer,
330 L2CAP_DELAY_CHECK_SM4_TIMEOUT_MS,
331 l2c_ccb_timer_timeout, p_ccb);
332 return;
333
334 default:
335 event = L2CEVT_SEC_COMP_NEG;
336 }
337 l2c_csm_execute(p_ccb, event, &ci);
338 break;
339 }
340 }
341 }
342
343 /*******************************************************************************
344 *
345 * Function l2c_link_hci_disc_comp
346 *
347 * Description This function is called when an HCI Disconnect Complete
348 * event is received.
349 *
350 * Returns true if the link is known about, else false
351 *
352 ******************************************************************************/
l2c_link_hci_disc_comp(uint16_t handle,uint8_t reason)353 bool l2c_link_hci_disc_comp(uint16_t handle, uint8_t reason) {
354 tL2C_LCB* p_lcb;
355 tL2C_CCB* p_ccb;
356 bool status = true;
357 bool lcb_is_free = true;
358 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
359
360 /* See if we have a link control block for the connection */
361 p_lcb = l2cu_find_lcb_by_handle(handle);
362
363 /* If we don't have one, maybe an SCO link. Send to MM */
364 if (!p_lcb) {
365 status = false;
366 } else {
367 /* There can be a case when we rejected PIN code authentication */
368 /* otherwise save a new reason */
369 if (btm_cb.acl_disc_reason != HCI_ERR_HOST_REJECT_SECURITY)
370 btm_cb.acl_disc_reason = reason;
371
372 p_lcb->disc_reason = btm_cb.acl_disc_reason;
373
374 /* Just in case app decides to try again in the callback context */
375 p_lcb->link_state = LST_DISCONNECTING;
376
377 /* Check for BLE and handle that differently */
378 if (p_lcb->transport == BT_TRANSPORT_LE)
379 btm_ble_update_link_topology_mask(p_lcb->link_role, false);
380 /* Link is disconnected. For all channels, send the event through */
381 /* their FSMs. The CCBs should remove themselves from the LCB */
382 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
383 tL2C_CCB* pn = p_ccb->p_next_ccb;
384
385 /* Keep connect pending control block (if exists)
386 * Possible Race condition when a reconnect occurs
387 * on the channel during a disconnect of link. This
388 * ccb will be automatically retried after link disconnect
389 * arrives
390 */
391 if (p_ccb != p_lcb->p_pending_ccb) {
392 l2c_csm_execute(p_ccb, L2CEVT_LP_DISCONNECT_IND, &reason);
393 }
394 p_ccb = pn;
395 }
396
397 if (p_lcb->transport == BT_TRANSPORT_BR_EDR)
398 /* Tell SCO management to drop any SCOs on this ACL */
399 btm_sco_acl_removed(&p_lcb->remote_bd_addr);
400
401 /* If waiting for disconnect and reconnect is pending start the reconnect
402 now
403 race condition where layer above issued connect request on link that was
404 disconnecting
405 */
406 if (p_lcb->ccb_queue.p_first_ccb != NULL || p_lcb->p_pending_ccb) {
407 L2CAP_TRACE_DEBUG(
408 "l2c_link_hci_disc_comp: Restarting pending ACL request");
409 /* Release any held buffers */
410 while (!list_is_empty(p_lcb->link_xmit_data_q)) {
411 BT_HDR* p_buf =
412 static_cast<BT_HDR*>(list_front(p_lcb->link_xmit_data_q));
413 list_remove(p_lcb->link_xmit_data_q, p_buf);
414 osi_free(p_buf);
415 }
416 transport = p_lcb->transport;
417 /* for LE link, always drop and re-open to ensure to get LE remote feature
418 */
419 if (p_lcb->transport == BT_TRANSPORT_LE) {
420 btm_acl_removed(p_lcb->remote_bd_addr, p_lcb->transport);
421 } else {
422 #if (L2CAP_NUM_FIXED_CHNLS > 0)
423 /* If we are going to re-use the LCB without dropping it, release all
424 fixed channels
425 here */
426 int xx;
427 for (xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++) {
428 if (p_lcb->p_fixed_ccbs[xx] &&
429 p_lcb->p_fixed_ccbs[xx] != p_lcb->p_pending_ccb) {
430 (*l2cb.fixed_reg[xx].pL2CA_FixedConn_Cb)(
431 xx + L2CAP_FIRST_FIXED_CHNL, p_lcb->remote_bd_addr, false,
432 p_lcb->disc_reason, p_lcb->transport);
433 if (p_lcb->p_fixed_ccbs[xx] == NULL) {
434 L2CAP_TRACE_ERROR(
435 "%s: unexpected p_fixed_ccbs[%d] is NULL remote_bd_addr = %s "
436 "p_lcb = %p in_use = %d link_state = %d handle = %d "
437 "link_role = %d is_bonding = %d disc_reason = %d transport = "
438 "%d",
439 __func__, xx, p_lcb->remote_bd_addr.ToString().c_str(), p_lcb,
440 p_lcb->in_use, p_lcb->link_state, p_lcb->handle,
441 p_lcb->link_role, p_lcb->is_bonding, p_lcb->disc_reason,
442 p_lcb->transport);
443 }
444 CHECK(p_lcb->p_fixed_ccbs[xx] != NULL);
445 l2cu_release_ccb(p_lcb->p_fixed_ccbs[xx]);
446
447 p_lcb->p_fixed_ccbs[xx] = NULL;
448 }
449 }
450 #endif
451 }
452 if (p_lcb->transport == BT_TRANSPORT_LE) {
453 if (l2cu_create_conn_le(p_lcb))
454 lcb_is_free = false; /* still using this lcb */
455 } else {
456 if (l2cu_create_conn_br_edr(p_lcb))
457 lcb_is_free = false; /* still using this lcb */
458 }
459 }
460
461 p_lcb->p_pending_ccb = NULL;
462
463 /* Release the LCB */
464 if (lcb_is_free) l2cu_release_lcb(p_lcb);
465 }
466
467 /* Now that we have a free acl connection, see if any lcbs are pending */
468 if (lcb_is_free &&
469 ((p_lcb = l2cu_find_lcb_by_state(LST_CONNECT_HOLDING)) != NULL)) {
470 /* we found one-- create a connection */
471 l2cu_create_conn_br_edr(p_lcb);
472 }
473
474 return status;
475 }
476
477 /*******************************************************************************
478 *
479 * Function l2c_link_hci_qos_violation
480 *
481 * Description This function is called when an HCI QOS Violation
482 * event is received.
483 *
484 * Returns true if the link is known about, else false
485 *
486 ******************************************************************************/
l2c_link_hci_qos_violation(uint16_t handle)487 bool l2c_link_hci_qos_violation(uint16_t handle) {
488 tL2C_LCB* p_lcb;
489 tL2C_CCB* p_ccb;
490
491 /* See if we have a link control block for the connection */
492 p_lcb = l2cu_find_lcb_by_handle(handle);
493
494 /* If we don't have one, maybe an SCO link. */
495 if (!p_lcb) return (false);
496
497 /* For all channels, tell the upper layer about it */
498 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb) {
499 if (p_ccb->p_rcb->api.pL2CA_QoSViolationInd_Cb)
500 l2c_csm_execute(p_ccb, L2CEVT_LP_QOS_VIOLATION_IND, NULL);
501 }
502
503 return (true);
504 }
505
506 /*******************************************************************************
507 *
508 * Function l2c_link_timeout
509 *
510 * Description This function is called when a link timer expires
511 *
512 * Returns void
513 *
514 ******************************************************************************/
l2c_link_timeout(tL2C_LCB * p_lcb)515 void l2c_link_timeout(tL2C_LCB* p_lcb) {
516 tL2C_CCB* p_ccb;
517 tBTM_STATUS rc;
518
519 L2CAP_TRACE_EVENT(
520 "L2CAP - l2c_link_timeout() link state %d first CCB %p is_bonding:%d",
521 p_lcb->link_state, p_lcb->ccb_queue.p_first_ccb, p_lcb->is_bonding);
522
523 /* If link was connecting or disconnecting, clear all channels and drop the
524 * LCB */
525 if ((p_lcb->link_state == LST_CONNECTING_WAIT_SWITCH) ||
526 (p_lcb->link_state == LST_CONNECTING) ||
527 (p_lcb->link_state == LST_CONNECT_HOLDING) ||
528 (p_lcb->link_state == LST_DISCONNECTING)) {
529 p_lcb->p_pending_ccb = NULL;
530
531 /* For all channels, send a disconnect indication event through */
532 /* their FSMs. The CCBs should remove themselves from the LCB */
533 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
534 tL2C_CCB* pn = p_ccb->p_next_ccb;
535
536 l2c_csm_execute(p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL);
537
538 p_ccb = pn;
539 }
540
541 /* Release the LCB */
542 l2cu_release_lcb(p_lcb);
543 }
544
545 /* If link is connected, check for inactivity timeout */
546 if (p_lcb->link_state == LST_CONNECTED) {
547 /* Check for ping outstanding */
548 if (p_lcb->p_echo_rsp_cb) {
549 tL2CA_ECHO_RSP_CB* p_cb = p_lcb->p_echo_rsp_cb;
550
551 /* Zero out the callback in case app immediately calls us again */
552 p_lcb->p_echo_rsp_cb = NULL;
553
554 (*p_cb)(L2CAP_PING_RESULT_NO_RESP);
555
556 L2CAP_TRACE_WARNING("L2CAP - ping timeout");
557
558 /* For all channels, send a disconnect indication event through */
559 /* their FSMs. The CCBs should remove themselves from the LCB */
560 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
561 tL2C_CCB* pn = p_ccb->p_next_ccb;
562
563 l2c_csm_execute(p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL);
564
565 p_ccb = pn;
566 }
567 }
568
569 /* If no channels in use, drop the link. */
570 if (!p_lcb->ccb_queue.p_first_ccb) {
571 uint64_t timeout_ms;
572 bool start_timeout = true;
573
574 rc = btm_sec_disconnect(p_lcb->handle, HCI_ERR_PEER_USER);
575
576 if (rc == BTM_CMD_STORED) {
577 /* Security Manager will take care of disconnecting, state will be
578 * updated at that time */
579 start_timeout = false;
580 } else if (rc == BTM_CMD_STARTED) {
581 p_lcb->link_state = LST_DISCONNECTING;
582 timeout_ms = L2CAP_LINK_DISCONNECT_TIMEOUT_MS;
583 } else if (rc == BTM_SUCCESS) {
584 l2cu_process_fixed_disc_cback(p_lcb);
585 /* BTM SEC will make sure that link is release (probably after pairing
586 * is done) */
587 p_lcb->link_state = LST_DISCONNECTING;
588 start_timeout = false;
589 } else if (rc == BTM_BUSY) {
590 /* BTM is still executing security process. Let lcb stay as connected */
591 start_timeout = false;
592 } else if (p_lcb->is_bonding) {
593 btsnd_hcic_disconnect(p_lcb->handle, HCI_ERR_PEER_USER);
594 l2cu_process_fixed_disc_cback(p_lcb);
595 p_lcb->link_state = LST_DISCONNECTING;
596 timeout_ms = L2CAP_LINK_DISCONNECT_TIMEOUT_MS;
597 } else {
598 /* probably no buffer to send disconnect */
599 timeout_ms = BT_1SEC_TIMEOUT_MS;
600 }
601
602 if (start_timeout) {
603 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, timeout_ms,
604 l2c_lcb_timer_timeout, p_lcb);
605 }
606 } else {
607 /* Check in case we were flow controlled */
608 l2c_link_check_send_pkts(p_lcb, NULL, NULL);
609 }
610 }
611 }
612
613 /*******************************************************************************
614 *
615 * Function l2c_info_resp_timer_timeout
616 *
617 * Description This function is called when an info request times out
618 *
619 * Returns void
620 *
621 ******************************************************************************/
l2c_info_resp_timer_timeout(void * data)622 void l2c_info_resp_timer_timeout(void* data) {
623 tL2C_LCB* p_lcb = (tL2C_LCB*)data;
624 tL2C_CCB* p_ccb;
625 tL2C_CONN_INFO ci;
626
627 /* If we timed out waiting for info response, just continue using basic if
628 * allowed */
629 if (p_lcb->w4_info_rsp) {
630 /* If waiting for security complete, restart the info response timer */
631 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
632 p_ccb = p_ccb->p_next_ccb) {
633 if ((p_ccb->chnl_state == CST_ORIG_W4_SEC_COMP) ||
634 (p_ccb->chnl_state == CST_TERM_W4_SEC_COMP)) {
635 alarm_set_on_mloop(p_lcb->info_resp_timer,
636 L2CAP_WAIT_INFO_RSP_TIMEOUT_MS,
637 l2c_info_resp_timer_timeout, p_lcb);
638 return;
639 }
640 }
641
642 p_lcb->w4_info_rsp = false;
643
644 /* If link is in process of being brought up */
645 if ((p_lcb->link_state != LST_DISCONNECTED) &&
646 (p_lcb->link_state != LST_DISCONNECTING)) {
647 /* Notify active channels that peer info is finished */
648 if (p_lcb->ccb_queue.p_first_ccb) {
649 ci.status = HCI_SUCCESS;
650 ci.bd_addr = p_lcb->remote_bd_addr;
651
652 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
653 p_ccb = p_ccb->p_next_ccb) {
654 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_INFO_RSP, &ci);
655 }
656 }
657 }
658 }
659 }
660
661 /*******************************************************************************
662 *
663 * Function l2c_link_adjust_allocation
664 *
665 * Description This function is called when a link is created or removed
666 * to calculate the amount of packets each link may send to
667 * the HCI without an ack coming back.
668 *
669 * Currently, this is a simple allocation, dividing the
670 * number of Controller Packets by the number of links. In
671 * the future, QOS configuration should be examined.
672 *
673 * Returns void
674 *
675 ******************************************************************************/
l2c_link_adjust_allocation(void)676 void l2c_link_adjust_allocation(void) {
677 uint16_t qq, yy, qq_remainder;
678 tL2C_LCB* p_lcb;
679 uint16_t hi_quota, low_quota;
680 uint16_t num_lowpri_links = 0;
681 uint16_t num_hipri_links = 0;
682 uint16_t controller_xmit_quota = l2cb.num_lm_acl_bufs;
683 uint16_t high_pri_link_quota = L2CAP_HIGH_PRI_MIN_XMIT_QUOTA_A;
684 bool is_share_buffer =
685 (l2cb.num_lm_ble_bufs == L2C_DEF_NUM_BLE_BUF_SHARED) ? true : false;
686
687 /* If no links active, reset buffer quotas and controller buffers */
688 if (l2cb.num_links_active == 0) {
689 l2cb.controller_xmit_window = l2cb.num_lm_acl_bufs;
690 l2cb.round_robin_quota = l2cb.round_robin_unacked = 0;
691 return;
692 }
693
694 /* First, count the links */
695 for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++) {
696 if (p_lcb->in_use &&
697 (is_share_buffer || p_lcb->transport != BT_TRANSPORT_LE)) {
698 if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
699 num_hipri_links++;
700 else
701 num_lowpri_links++;
702 }
703 }
704
705 /* now adjust high priority link quota */
706 low_quota = num_lowpri_links ? 1 : 0;
707 while ((num_hipri_links * high_pri_link_quota + low_quota) >
708 controller_xmit_quota)
709 high_pri_link_quota--;
710
711 /* Work out the xmit quota and buffer quota high and low priorities */
712 hi_quota = num_hipri_links * high_pri_link_quota;
713 low_quota =
714 (hi_quota < controller_xmit_quota) ? controller_xmit_quota - hi_quota : 1;
715
716 /* Work out and save the HCI xmit quota for each low priority link */
717
718 /* If each low priority link cannot have at least one buffer */
719 if (num_lowpri_links > low_quota) {
720 l2cb.round_robin_quota = low_quota;
721 qq = qq_remainder = 1;
722 }
723 /* If each low priority link can have at least one buffer */
724 else if (num_lowpri_links > 0) {
725 l2cb.round_robin_quota = 0;
726 l2cb.round_robin_unacked = 0;
727 qq = low_quota / num_lowpri_links;
728 qq_remainder = low_quota % num_lowpri_links;
729 }
730 /* If no low priority link */
731 else {
732 l2cb.round_robin_quota = 0;
733 l2cb.round_robin_unacked = 0;
734 qq = qq_remainder = 1;
735 }
736
737 L2CAP_TRACE_EVENT(
738 "l2c_link_adjust_allocation num_hipri: %u num_lowpri: %u low_quota: "
739 "%u round_robin_quota: %u qq: %u",
740 num_hipri_links, num_lowpri_links, low_quota, l2cb.round_robin_quota, qq);
741
742 /* Now, assign the quotas to each link */
743 for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++) {
744 if (p_lcb->in_use &&
745 (is_share_buffer || p_lcb->transport != BT_TRANSPORT_LE)) {
746 if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH) {
747 p_lcb->link_xmit_quota = high_pri_link_quota;
748 } else {
749 /* Safety check in case we switched to round-robin with something
750 * outstanding */
751 /* if sent_not_acked is added into round_robin_unacked then don't add it
752 * again */
753 /* l2cap keeps updating sent_not_acked for exiting from round robin */
754 if ((p_lcb->link_xmit_quota > 0) && (qq == 0))
755 l2cb.round_robin_unacked += p_lcb->sent_not_acked;
756
757 p_lcb->link_xmit_quota = qq;
758 if (qq_remainder > 0) {
759 p_lcb->link_xmit_quota++;
760 qq_remainder--;
761 }
762 }
763
764 L2CAP_TRACE_EVENT(
765 "l2c_link_adjust_allocation LCB %d Priority: %d XmitQuota: %d", yy,
766 p_lcb->acl_priority, p_lcb->link_xmit_quota);
767
768 L2CAP_TRACE_EVENT(" SentNotAcked: %d RRUnacked: %d",
769 p_lcb->sent_not_acked, l2cb.round_robin_unacked);
770
771 /* There is a special case where we have readjusted the link quotas and */
772 /* this link may have sent anything but some other link sent packets so */
773 /* so we may need a timer to kick off this link's transmissions. */
774 if ((p_lcb->link_state == LST_CONNECTED) &&
775 (!list_is_empty(p_lcb->link_xmit_data_q)) &&
776 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
777 alarm_set_on_mloop(p_lcb->l2c_lcb_timer,
778 L2CAP_LINK_FLOW_CONTROL_TIMEOUT_MS,
779 l2c_lcb_timer_timeout, p_lcb);
780 }
781 }
782 }
783 }
784
785 /*******************************************************************************
786 *
787 * Function l2c_link_adjust_chnl_allocation
788 *
789 * Description This function is called to calculate the amount of packets
790 * each non-F&EC channel may have outstanding.
791 *
792 * Currently, this is a simple allocation, dividing the number
793 * of packets allocated to the link by the number of channels.
794 * In the future, QOS configuration should be examined.
795 *
796 * Returns void
797 *
798 ******************************************************************************/
l2c_link_adjust_chnl_allocation(void)799 void l2c_link_adjust_chnl_allocation(void) {
800 uint8_t xx;
801
802 L2CAP_TRACE_DEBUG("%s", __func__);
803
804 /* assign buffer quota to each channel based on its data rate requirement */
805 for (xx = 0; xx < MAX_L2CAP_CHANNELS; xx++) {
806 tL2C_CCB* p_ccb = l2cb.ccb_pool + xx;
807
808 if (!p_ccb->in_use) continue;
809
810 tL2CAP_CHNL_DATA_RATE data_rate = p_ccb->tx_data_rate + p_ccb->rx_data_rate;
811 p_ccb->buff_quota = L2CAP_CBB_DEFAULT_DATA_RATE_BUFF_QUOTA * data_rate;
812 L2CAP_TRACE_EVENT(
813 "CID:0x%04x FCR Mode:%u Priority:%u TxDataRate:%u RxDataRate:%u "
814 "Quota:%u",
815 p_ccb->local_cid, p_ccb->peer_cfg.fcr.mode, p_ccb->ccb_priority,
816 p_ccb->tx_data_rate, p_ccb->rx_data_rate, p_ccb->buff_quota);
817
818 /* quota may be change so check congestion */
819 l2cu_check_channel_congestion(p_ccb);
820 }
821 }
822
823 /*******************************************************************************
824 *
825 * Function l2c_link_processs_num_bufs
826 *
827 * Description This function is called when a "controller buffer size"
828 * event is first received from the controller. It updates
829 * the L2CAP values.
830 *
831 * Returns void
832 *
833 ******************************************************************************/
l2c_link_processs_num_bufs(uint16_t num_lm_acl_bufs)834 void l2c_link_processs_num_bufs(uint16_t num_lm_acl_bufs) {
835 l2cb.num_lm_acl_bufs = l2cb.controller_xmit_window = num_lm_acl_bufs;
836 }
837
838 /*******************************************************************************
839 *
840 * Function l2c_link_pkts_rcvd
841 *
842 * Description This function is called from the HCI transport when it is
843 * time to send a "Host ready for packets" command. This is
844 * only when host to controller flow control is used. It fills
845 * in the arrays of numbers of packets and handles.
846 *
847 * Returns count of number of entries filled in
848 *
849 ******************************************************************************/
l2c_link_pkts_rcvd(UNUSED_ATTR uint16_t * num_pkts,UNUSED_ATTR uint16_t * handles)850 uint8_t l2c_link_pkts_rcvd(UNUSED_ATTR uint16_t* num_pkts,
851 UNUSED_ATTR uint16_t* handles) {
852 uint8_t num_found = 0;
853
854 return (num_found);
855 }
856
857 /*******************************************************************************
858 *
859 * Function l2c_link_role_changed
860 *
861 * Description This function is called whan a link's master/slave role
862 * change event is received. It simply updates the link control
863 * block.
864 *
865 * Returns void
866 *
867 ******************************************************************************/
l2c_link_role_changed(const RawAddress * bd_addr,uint8_t new_role,uint8_t hci_status)868 void l2c_link_role_changed(const RawAddress* bd_addr, uint8_t new_role,
869 uint8_t hci_status) {
870 tL2C_LCB* p_lcb;
871 int xx;
872
873 /* Make sure not called from HCI Command Status (bd_addr and new_role are
874 * invalid) */
875 if (bd_addr) {
876 /* If here came form hci role change event */
877 p_lcb = l2cu_find_lcb_by_bd_addr(*bd_addr, BT_TRANSPORT_BR_EDR);
878 if (p_lcb) {
879 p_lcb->link_role = new_role;
880
881 /* Reset high priority link if needed */
882 if (hci_status == HCI_SUCCESS)
883 l2cu_set_acl_priority(*bd_addr, p_lcb->acl_priority, true);
884 }
885 }
886
887 /* Check if any LCB was waiting for switch to be completed */
888 for (xx = 0, p_lcb = &l2cb.lcb_pool[0]; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) {
889 if ((p_lcb->in_use) && (p_lcb->link_state == LST_CONNECTING_WAIT_SWITCH)) {
890 l2cu_create_conn_after_switch(p_lcb);
891 }
892 }
893 }
894
895 /*******************************************************************************
896 *
897 * Function l2c_pin_code_request
898 *
899 * Description This function is called whan a pin-code request is received
900 * on a connection. If there are no channels active yet on the
901 * link, it extends the link first connection timer. Make sure
902 * that inactivity timer is not extended if PIN code happens
903 * to be after last ccb released.
904 *
905 * Returns void
906 *
907 ******************************************************************************/
l2c_pin_code_request(const RawAddress & bd_addr)908 void l2c_pin_code_request(const RawAddress& bd_addr) {
909 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_BR_EDR);
910
911 if ((p_lcb) && (!p_lcb->ccb_queue.p_first_ccb)) {
912 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, L2CAP_LINK_CONNECT_EXT_TIMEOUT_MS,
913 l2c_lcb_timer_timeout, p_lcb);
914 }
915 }
916
917 #if (L2CAP_WAKE_PARKED_LINK == TRUE)
918 /*******************************************************************************
919 *
920 * Function l2c_link_check_power_mode
921 *
922 * Description This function is called to check power mode.
923 *
924 * Returns true if link is going to be active from park
925 * false if nothing to send or not in park mode
926 *
927 ******************************************************************************/
l2c_link_check_power_mode(tL2C_LCB * p_lcb)928 bool l2c_link_check_power_mode(tL2C_LCB* p_lcb) {
929 tBTM_PM_MODE mode;
930 tL2C_CCB* p_ccb;
931 bool need_to_active = false;
932
933 /*
934 * We only switch park to active only if we have unsent packets
935 */
936 if (list_is_empty(p_lcb->link_xmit_data_q)) {
937 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
938 p_ccb = p_ccb->p_next_ccb) {
939 if (!fixed_queue_is_empty(p_ccb->xmit_hold_q)) {
940 need_to_active = true;
941 break;
942 }
943 }
944 } else
945 need_to_active = true;
946
947 /* if we have packets to send */
948 if (need_to_active) {
949 /* check power mode */
950 if (BTM_ReadPowerMode(p_lcb->remote_bd_addr, &mode) == BTM_SUCCESS) {
951 if (mode == BTM_PM_STS_PENDING) {
952 L2CAP_TRACE_DEBUG("LCB(0x%x) is in PM pending state", p_lcb->handle);
953
954 return true;
955 }
956 }
957 }
958 return false;
959 }
960 #endif /* L2CAP_WAKE_PARKED_LINK == TRUE) */
961
962 /*******************************************************************************
963 *
964 * Function l2c_link_check_send_pkts
965 *
966 * Description This function is called to check if it can send packets
967 * to the Host Controller. It may be passed the address of
968 * a packet to send.
969 *
970 * Returns void
971 *
972 ******************************************************************************/
l2c_link_check_send_pkts(tL2C_LCB * p_lcb,tL2C_CCB * p_ccb,BT_HDR * p_buf)973 void l2c_link_check_send_pkts(tL2C_LCB* p_lcb, tL2C_CCB* p_ccb, BT_HDR* p_buf) {
974 int xx;
975 bool single_write = false;
976
977 /* Save the channel ID for faster counting */
978 if (p_buf) {
979 if (p_ccb != NULL) {
980 p_buf->event = p_ccb->local_cid;
981 single_write = true;
982 } else
983 p_buf->event = 0;
984
985 p_buf->layer_specific = 0;
986 list_append(p_lcb->link_xmit_data_q, p_buf);
987
988 if (p_lcb->link_xmit_quota == 0) {
989 if (p_lcb->transport == BT_TRANSPORT_LE)
990 l2cb.ble_check_round_robin = true;
991 else
992 l2cb.check_round_robin = true;
993 }
994 }
995
996 /* If this is called from uncongested callback context break recursive
997 *calling.
998 ** This LCB will be served when receiving number of completed packet event.
999 */
1000 if (l2cb.is_cong_cback_context) return;
1001
1002 /* If we are in a scenario where there are not enough buffers for each link to
1003 ** have at least 1, then do a round-robin for all the LCBs
1004 */
1005 if ((p_lcb == NULL) || (p_lcb->link_xmit_quota == 0)) {
1006 if (p_lcb == NULL)
1007 p_lcb = l2cb.lcb_pool;
1008 else if (!single_write)
1009 p_lcb++;
1010
1011 /* Loop through, starting at the next */
1012 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) {
1013 /* Check for wraparound */
1014 if (p_lcb == &l2cb.lcb_pool[MAX_L2CAP_LINKS]) p_lcb = &l2cb.lcb_pool[0];
1015
1016 /* If controller window is full, nothing to do */
1017 if (((l2cb.controller_xmit_window == 0 ||
1018 (l2cb.round_robin_unacked >= l2cb.round_robin_quota)) &&
1019 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1020 (p_lcb->transport == BT_TRANSPORT_LE &&
1021 (l2cb.ble_round_robin_unacked >= l2cb.ble_round_robin_quota ||
1022 l2cb.controller_le_xmit_window == 0)))
1023 continue;
1024
1025 if ((!p_lcb->in_use) || (p_lcb->partial_segment_being_sent) ||
1026 (p_lcb->link_state != LST_CONNECTED) ||
1027 (p_lcb->link_xmit_quota != 0) || (L2C_LINK_CHECK_POWER_MODE(p_lcb)))
1028 continue;
1029
1030 /* See if we can send anything from the Link Queue */
1031 if (!list_is_empty(p_lcb->link_xmit_data_q)) {
1032 p_buf = (BT_HDR*)list_front(p_lcb->link_xmit_data_q);
1033 list_remove(p_lcb->link_xmit_data_q, p_buf);
1034 l2c_link_send_to_lower(p_lcb, p_buf, NULL);
1035 } else if (single_write) {
1036 /* If only doing one write, break out */
1037 break;
1038 }
1039 /* If nothing on the link queue, check the channel queue */
1040 else {
1041 tL2C_TX_COMPLETE_CB_INFO cbi;
1042 p_buf = l2cu_get_next_buffer_to_send(p_lcb, &cbi);
1043 if (p_buf != NULL) {
1044 l2c_link_send_to_lower(p_lcb, p_buf, &cbi);
1045 }
1046 }
1047 }
1048
1049 /* If we finished without using up our quota, no need for a safety check */
1050 if ((l2cb.controller_xmit_window > 0) &&
1051 (l2cb.round_robin_unacked < l2cb.round_robin_quota) &&
1052 (p_lcb->transport == BT_TRANSPORT_BR_EDR))
1053 l2cb.check_round_robin = false;
1054
1055 if ((l2cb.controller_le_xmit_window > 0) &&
1056 (l2cb.ble_round_robin_unacked < l2cb.ble_round_robin_quota) &&
1057 (p_lcb->transport == BT_TRANSPORT_LE))
1058 l2cb.ble_check_round_robin = false;
1059 } else /* if this is not round-robin service */
1060 {
1061 /* If a partial segment is being sent, can't send anything else */
1062 if ((p_lcb->partial_segment_being_sent) ||
1063 (p_lcb->link_state != LST_CONNECTED) ||
1064 (L2C_LINK_CHECK_POWER_MODE(p_lcb)))
1065 return;
1066
1067 /* See if we can send anything from the link queue */
1068 while (((l2cb.controller_xmit_window != 0 &&
1069 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1070 (l2cb.controller_le_xmit_window != 0 &&
1071 (p_lcb->transport == BT_TRANSPORT_LE))) &&
1072 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
1073 if (list_is_empty(p_lcb->link_xmit_data_q)) break;
1074
1075 p_buf = (BT_HDR*)list_front(p_lcb->link_xmit_data_q);
1076 list_remove(p_lcb->link_xmit_data_q, p_buf);
1077 if (!l2c_link_send_to_lower(p_lcb, p_buf, NULL)) break;
1078 }
1079
1080 if (!single_write) {
1081 /* See if we can send anything for any channel */
1082 while (((l2cb.controller_xmit_window != 0 &&
1083 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1084 (l2cb.controller_le_xmit_window != 0 &&
1085 (p_lcb->transport == BT_TRANSPORT_LE))) &&
1086 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
1087 tL2C_TX_COMPLETE_CB_INFO cbi;
1088 p_buf = l2cu_get_next_buffer_to_send(p_lcb, &cbi);
1089 if (p_buf == NULL) break;
1090
1091 if (!l2c_link_send_to_lower(p_lcb, p_buf, &cbi)) break;
1092 }
1093 }
1094
1095 /* There is a special case where we have readjusted the link quotas and */
1096 /* this link may have sent anything but some other link sent packets so */
1097 /* so we may need a timer to kick off this link's transmissions. */
1098 if ((!list_is_empty(p_lcb->link_xmit_data_q)) &&
1099 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
1100 alarm_set_on_mloop(p_lcb->l2c_lcb_timer,
1101 L2CAP_LINK_FLOW_CONTROL_TIMEOUT_MS,
1102 l2c_lcb_timer_timeout, p_lcb);
1103 }
1104 }
1105 }
1106
1107 /*******************************************************************************
1108 *
1109 * Function l2c_link_send_to_lower
1110 *
1111 * Description This function queues the buffer for HCI transmission
1112 *
1113 * Returns true for success, false for fail
1114 *
1115 ******************************************************************************/
l2c_link_send_to_lower(tL2C_LCB * p_lcb,BT_HDR * p_buf,tL2C_TX_COMPLETE_CB_INFO * p_cbi)1116 static bool l2c_link_send_to_lower(tL2C_LCB* p_lcb, BT_HDR* p_buf,
1117 tL2C_TX_COMPLETE_CB_INFO* p_cbi) {
1118 uint16_t num_segs;
1119 uint16_t xmit_window, acl_data_size;
1120 const controller_t* controller = controller_get_interface();
1121
1122 if ((p_buf->len <= controller->get_acl_packet_size_classic() &&
1123 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1124 ((p_lcb->transport == BT_TRANSPORT_LE) &&
1125 (p_buf->len <= controller->get_acl_packet_size_ble()))) {
1126 if (p_lcb->link_xmit_quota == 0) {
1127 if (p_lcb->transport == BT_TRANSPORT_LE)
1128 l2cb.ble_round_robin_unacked++;
1129 else
1130 l2cb.round_robin_unacked++;
1131 }
1132 p_lcb->sent_not_acked++;
1133 p_buf->layer_specific = 0;
1134
1135 if (p_lcb->transport == BT_TRANSPORT_LE) {
1136 l2cb.controller_le_xmit_window--;
1137 bte_main_hci_send(
1138 p_buf, (uint16_t)(BT_EVT_TO_LM_HCI_ACL | LOCAL_BLE_CONTROLLER_ID));
1139 } else {
1140 l2cb.controller_xmit_window--;
1141 bte_main_hci_send(p_buf, BT_EVT_TO_LM_HCI_ACL);
1142 }
1143 } else {
1144 if (p_lcb->transport == BT_TRANSPORT_LE) {
1145 acl_data_size = controller->get_acl_data_size_ble();
1146 xmit_window = l2cb.controller_le_xmit_window;
1147
1148 } else {
1149 acl_data_size = controller->get_acl_data_size_classic();
1150 xmit_window = l2cb.controller_xmit_window;
1151 }
1152 num_segs = (p_buf->len - HCI_DATA_PREAMBLE_SIZE + acl_data_size - 1) /
1153 acl_data_size;
1154
1155 /* If doing round-robin, then only 1 segment each time */
1156 if (p_lcb->link_xmit_quota == 0) {
1157 num_segs = 1;
1158 p_lcb->partial_segment_being_sent = true;
1159 } else {
1160 /* Multi-segment packet. Make sure it can fit */
1161 if (num_segs > xmit_window) {
1162 num_segs = xmit_window;
1163 p_lcb->partial_segment_being_sent = true;
1164 }
1165
1166 if (num_segs > (p_lcb->link_xmit_quota - p_lcb->sent_not_acked)) {
1167 num_segs = (p_lcb->link_xmit_quota - p_lcb->sent_not_acked);
1168 p_lcb->partial_segment_being_sent = true;
1169 }
1170 }
1171
1172 p_buf->layer_specific = num_segs;
1173 if (p_lcb->transport == BT_TRANSPORT_LE) {
1174 l2cb.controller_le_xmit_window -= num_segs;
1175 if (p_lcb->link_xmit_quota == 0) l2cb.ble_round_robin_unacked += num_segs;
1176 } else {
1177 l2cb.controller_xmit_window -= num_segs;
1178
1179 if (p_lcb->link_xmit_quota == 0) l2cb.round_robin_unacked += num_segs;
1180 }
1181
1182 p_lcb->sent_not_acked += num_segs;
1183 if (p_lcb->transport == BT_TRANSPORT_LE) {
1184 bte_main_hci_send(
1185 p_buf, (uint16_t)(BT_EVT_TO_LM_HCI_ACL | LOCAL_BLE_CONTROLLER_ID));
1186 } else {
1187 bte_main_hci_send(p_buf, BT_EVT_TO_LM_HCI_ACL);
1188 }
1189 }
1190
1191 #if (L2CAP_HCI_FLOW_CONTROL_DEBUG == TRUE)
1192 if (p_lcb->transport == BT_TRANSPORT_LE) {
1193 L2CAP_TRACE_DEBUG(
1194 "TotalWin=%d,Hndl=0x%x,Quota=%d,Unack=%d,RRQuota=%d,RRUnack=%d",
1195 l2cb.controller_le_xmit_window, p_lcb->handle, p_lcb->link_xmit_quota,
1196 p_lcb->sent_not_acked, l2cb.ble_round_robin_quota,
1197 l2cb.ble_round_robin_unacked);
1198 } else {
1199 L2CAP_TRACE_DEBUG(
1200 "TotalWin=%d,Hndl=0x%x,Quota=%d,Unack=%d,RRQuota=%d,RRUnack=%d",
1201 l2cb.controller_xmit_window, p_lcb->handle, p_lcb->link_xmit_quota,
1202 p_lcb->sent_not_acked, l2cb.round_robin_quota,
1203 l2cb.round_robin_unacked);
1204 }
1205 #endif
1206
1207 if (p_cbi) l2cu_tx_complete(p_cbi);
1208
1209 return true;
1210 }
1211
1212 /*******************************************************************************
1213 *
1214 * Function l2c_link_process_num_completed_pkts
1215 *
1216 * Description This function is called when a "number-of-completed-packets"
1217 * event is received from the controller. It updates all the
1218 * LCB transmit counts.
1219 *
1220 * Returns void
1221 *
1222 ******************************************************************************/
l2c_link_process_num_completed_pkts(uint8_t * p,uint8_t evt_len)1223 void l2c_link_process_num_completed_pkts(uint8_t* p, uint8_t evt_len) {
1224 uint8_t num_handles, xx;
1225 uint16_t handle;
1226 uint16_t num_sent;
1227 tL2C_LCB* p_lcb;
1228
1229 if (evt_len > 0) {
1230 STREAM_TO_UINT8(num_handles, p);
1231 } else {
1232 num_handles = 0;
1233 }
1234
1235 if (num_handles > evt_len / (2 * sizeof(uint16_t))) {
1236 android_errorWriteLog(0x534e4554, "141617601");
1237 num_handles = evt_len / (2 * sizeof(uint16_t));
1238 }
1239
1240 for (xx = 0; xx < num_handles; xx++) {
1241 STREAM_TO_UINT16(handle, p);
1242 /* Extract the handle */
1243 handle = HCID_GET_HANDLE(handle);
1244 STREAM_TO_UINT16(num_sent, p);
1245
1246 p_lcb = l2cu_find_lcb_by_handle(handle);
1247
1248 /* Callback for number of completed packet event */
1249 /* Originally designed for [3DSG] */
1250 if ((p_lcb != NULL) && (p_lcb->p_nocp_cb)) {
1251 L2CAP_TRACE_DEBUG("L2CAP - calling NoCP callback");
1252 (*p_lcb->p_nocp_cb)(p_lcb->remote_bd_addr);
1253 }
1254
1255 if (p_lcb) {
1256 if (p_lcb && (p_lcb->transport == BT_TRANSPORT_LE))
1257 l2cb.controller_le_xmit_window += num_sent;
1258 else {
1259 /* Maintain the total window to the controller */
1260 l2cb.controller_xmit_window += num_sent;
1261 }
1262 /* If doing round-robin, adjust communal counts */
1263 if (p_lcb->link_xmit_quota == 0) {
1264 if (p_lcb->transport == BT_TRANSPORT_LE) {
1265 /* Don't go negative */
1266 if (l2cb.ble_round_robin_unacked > num_sent)
1267 l2cb.ble_round_robin_unacked -= num_sent;
1268 else
1269 l2cb.ble_round_robin_unacked = 0;
1270 } else {
1271 /* Don't go negative */
1272 if (l2cb.round_robin_unacked > num_sent)
1273 l2cb.round_robin_unacked -= num_sent;
1274 else
1275 l2cb.round_robin_unacked = 0;
1276 }
1277 }
1278
1279 /* Don't go negative */
1280 if (p_lcb->sent_not_acked > num_sent)
1281 p_lcb->sent_not_acked -= num_sent;
1282 else
1283 p_lcb->sent_not_acked = 0;
1284
1285 l2c_link_check_send_pkts(p_lcb, NULL, NULL);
1286
1287 /* If we were doing round-robin for low priority links, check 'em */
1288 if ((p_lcb->acl_priority == L2CAP_PRIORITY_HIGH) &&
1289 (l2cb.check_round_robin) &&
1290 (l2cb.round_robin_unacked < l2cb.round_robin_quota)) {
1291 l2c_link_check_send_pkts(NULL, NULL, NULL);
1292 }
1293 if ((p_lcb->transport == BT_TRANSPORT_LE) &&
1294 (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH) &&
1295 ((l2cb.ble_check_round_robin) &&
1296 (l2cb.ble_round_robin_unacked < l2cb.ble_round_robin_quota))) {
1297 l2c_link_check_send_pkts(NULL, NULL, NULL);
1298 }
1299 }
1300
1301 #if (L2CAP_HCI_FLOW_CONTROL_DEBUG == TRUE)
1302 if (p_lcb) {
1303 if (p_lcb->transport == BT_TRANSPORT_LE) {
1304 L2CAP_TRACE_DEBUG(
1305 "TotalWin=%d,LinkUnack(0x%x)=%d,RRCheck=%d,RRUnack=%d",
1306 l2cb.controller_le_xmit_window, p_lcb->handle,
1307 p_lcb->sent_not_acked, l2cb.ble_check_round_robin,
1308 l2cb.ble_round_robin_unacked);
1309 } else {
1310 L2CAP_TRACE_DEBUG(
1311 "TotalWin=%d,LinkUnack(0x%x)=%d,RRCheck=%d,RRUnack=%d",
1312 l2cb.controller_xmit_window, p_lcb->handle, p_lcb->sent_not_acked,
1313 l2cb.check_round_robin, l2cb.round_robin_unacked);
1314 }
1315 } else {
1316 L2CAP_TRACE_DEBUG(
1317 "TotalWin=%d LE_Win: %d, Handle=0x%x, RRCheck=%d, RRUnack=%d",
1318 l2cb.controller_xmit_window, l2cb.controller_le_xmit_window, handle,
1319 l2cb.ble_check_round_robin, l2cb.ble_round_robin_unacked);
1320 }
1321 #endif
1322 }
1323 }
1324
1325 /*******************************************************************************
1326 *
1327 * Function l2c_link_segments_xmitted
1328 *
1329 * Description This function is called from the HCI Interface when an ACL
1330 * data packet segment is transmitted.
1331 *
1332 * Returns void
1333 *
1334 ******************************************************************************/
l2c_link_segments_xmitted(BT_HDR * p_msg)1335 void l2c_link_segments_xmitted(BT_HDR* p_msg) {
1336 uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset;
1337 uint16_t handle;
1338 tL2C_LCB* p_lcb;
1339
1340 /* Extract the handle */
1341 STREAM_TO_UINT16(handle, p);
1342 handle = HCID_GET_HANDLE(handle);
1343
1344 /* Find the LCB based on the handle */
1345 p_lcb = l2cu_find_lcb_by_handle(handle);
1346 if (p_lcb == NULL) {
1347 L2CAP_TRACE_WARNING("L2CAP - rcvd segment complete, unknown handle: %d",
1348 handle);
1349 osi_free(p_msg);
1350 return;
1351 }
1352
1353 if (p_lcb->link_state == LST_CONNECTED) {
1354 /* Enqueue the buffer to the head of the transmit queue, and see */
1355 /* if we can transmit anything more. */
1356 list_prepend(p_lcb->link_xmit_data_q, p_msg);
1357
1358 p_lcb->partial_segment_being_sent = false;
1359
1360 l2c_link_check_send_pkts(p_lcb, NULL, NULL);
1361 } else
1362 osi_free(p_msg);
1363 }
1364