1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * this file contains the functions relating to link management. A "link"
22 * is a connection between this device and another device. Only ACL links
23 * are managed.
24 *
25 ******************************************************************************/
26
27 #include <base/logging.h>
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <string.h>
31
32 #include "bt_common.h"
33 #include "bt_types.h"
34 #include "bt_utils.h"
35 #include "btm_api.h"
36 #include "btm_int.h"
37 #include "btu.h"
38 #include "device/include/controller.h"
39 #include "hcimsgs.h"
40 #include "l2c_api.h"
41 #include "l2c_int.h"
42 #include "l2cdefs.h"
43 #include "osi/include/osi.h"
44
45 static bool l2c_link_send_to_lower(tL2C_LCB* p_lcb, BT_HDR* p_buf,
46 tL2C_TX_COMPLETE_CB_INFO* p_cbi);
47
48 /*******************************************************************************
49 *
50 * Function l2c_link_hci_conn_req
51 *
52 * Description This function is called when an HCI Connection Request
53 * event is received.
54 *
55 * Returns true, if accept conn
56 *
57 ******************************************************************************/
l2c_link_hci_conn_req(const RawAddress & bd_addr)58 bool l2c_link_hci_conn_req(const RawAddress& bd_addr) {
59 tL2C_LCB* p_lcb;
60 tL2C_LCB* p_lcb_cur;
61 int xx;
62 bool no_links;
63
64 /* See if we have a link control block for the remote device */
65 p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_BR_EDR);
66
67 /* If we don't have one, create one and accept the connection. */
68 if (!p_lcb) {
69 p_lcb = l2cu_allocate_lcb(bd_addr, false, BT_TRANSPORT_BR_EDR);
70 if (!p_lcb) {
71 btsnd_hcic_reject_conn(bd_addr, HCI_ERR_HOST_REJECT_RESOURCES);
72 L2CAP_TRACE_ERROR("L2CAP failed to allocate LCB");
73 return false;
74 }
75
76 no_links = true;
77
78 /* If we already have connection, accept as a master */
79 for (xx = 0, p_lcb_cur = &l2cb.lcb_pool[0]; xx < MAX_L2CAP_LINKS;
80 xx++, p_lcb_cur++) {
81 if (p_lcb_cur == p_lcb) continue;
82
83 if (p_lcb_cur->in_use) {
84 no_links = false;
85 p_lcb->link_role = HCI_ROLE_MASTER;
86 break;
87 }
88 }
89
90 if (no_links) {
91 if (!btm_dev_support_switch(bd_addr))
92 p_lcb->link_role = HCI_ROLE_SLAVE;
93 else
94 p_lcb->link_role = l2cu_get_conn_role(p_lcb);
95 }
96
97 /* Tell the other side we accept the connection */
98 btsnd_hcic_accept_conn(bd_addr, p_lcb->link_role);
99
100 p_lcb->link_state = LST_CONNECTING;
101
102 /* Start a timer waiting for connect complete */
103 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, L2CAP_LINK_CONNECT_TIMEOUT_MS,
104 l2c_lcb_timer_timeout, p_lcb);
105 return (true);
106 }
107
108 /* We already had a link control block to the guy. Check what state it is in
109 */
110 if ((p_lcb->link_state == LST_CONNECTING) ||
111 (p_lcb->link_state == LST_CONNECT_HOLDING)) {
112 /* Connection collision. Accept the connection anyways. */
113
114 if (!btm_dev_support_switch(bd_addr))
115 p_lcb->link_role = HCI_ROLE_SLAVE;
116 else
117 p_lcb->link_role = l2cu_get_conn_role(p_lcb);
118
119 btsnd_hcic_accept_conn(bd_addr, p_lcb->link_role);
120
121 p_lcb->link_state = LST_CONNECTING;
122 return (true);
123 } else if (p_lcb->link_state == LST_DISCONNECTING) {
124 /* In disconnecting state, reject the connection. */
125 btsnd_hcic_reject_conn(bd_addr, HCI_ERR_HOST_REJECT_DEVICE);
126 } else {
127 L2CAP_TRACE_ERROR(
128 "L2CAP got conn_req while connected (state:%d). Reject it",
129 p_lcb->link_state);
130 /* Reject the connection with ACL Connection Already exist reason */
131 btsnd_hcic_reject_conn(bd_addr, HCI_ERR_CONNECTION_EXISTS);
132 }
133 return (false);
134 }
135
136 /*******************************************************************************
137 *
138 * Function l2c_link_hci_conn_comp
139 *
140 * Description This function is called when an HCI Connection Complete
141 * event is received.
142 *
143 * Returns void
144 *
145 ******************************************************************************/
l2c_link_hci_conn_comp(uint8_t status,uint16_t handle,const RawAddress & p_bda)146 bool l2c_link_hci_conn_comp(uint8_t status, uint16_t handle,
147 const RawAddress& p_bda) {
148 tL2C_CONN_INFO ci;
149 tL2C_LCB* p_lcb;
150 tL2C_CCB* p_ccb;
151 tBTM_SEC_DEV_REC* p_dev_info = NULL;
152
153 btm_acl_update_busy_level(BTM_BLI_PAGE_DONE_EVT);
154
155 /* Save the parameters */
156 ci.status = status;
157 ci.bd_addr = p_bda;
158
159 /* See if we have a link control block for the remote device */
160 p_lcb = l2cu_find_lcb_by_bd_addr(ci.bd_addr, BT_TRANSPORT_BR_EDR);
161
162 /* If we don't have one, allocate one */
163 if (p_lcb == nullptr) {
164 L2CAP_TRACE_WARNING("No available link control block, try allocate one");
165 p_lcb = l2cu_allocate_lcb(ci.bd_addr, false, BT_TRANSPORT_BR_EDR);
166 if (p_lcb == nullptr) {
167 L2CAP_TRACE_WARNING("%s: Failed to allocate an LCB", __func__);
168 return (false);
169 }
170 p_lcb->link_state = LST_CONNECTING;
171 }
172
173 if (p_lcb->link_state != LST_CONNECTING) {
174 L2CAP_TRACE_ERROR("L2CAP got conn_comp in bad state: %d status: 0x%d",
175 p_lcb->link_state, status);
176
177 if (status != HCI_SUCCESS) l2c_link_hci_disc_comp(p_lcb->handle, status);
178
179 return (false);
180 }
181
182 /* Save the handle */
183 p_lcb->handle = handle;
184
185 if (ci.status == HCI_SUCCESS) {
186 /* Connected OK. Change state to connected */
187 p_lcb->link_state = LST_CONNECTED;
188
189 /* Get the peer information if the l2cap flow-control/rtrans is supported */
190 l2cu_send_peer_info_req(p_lcb, L2CAP_EXTENDED_FEATURES_INFO_TYPE);
191
192 /* Tell BTM Acl management about the link */
193 p_dev_info = btm_find_dev(p_bda);
194 if (p_dev_info != NULL)
195 btm_acl_created(ci.bd_addr, p_dev_info->dev_class,
196 p_dev_info->sec_bd_name, handle, p_lcb->link_role,
197 BT_TRANSPORT_BR_EDR);
198 else
199 btm_acl_created(ci.bd_addr, NULL, NULL, handle, p_lcb->link_role,
200 BT_TRANSPORT_BR_EDR);
201
202 BTM_SetLinkSuperTout(ci.bd_addr, btm_cb.btm_def_link_super_tout);
203
204 /* If dedicated bonding do not process any further */
205 if (p_lcb->is_bonding) {
206 if (l2cu_start_post_bond_timer(handle)) return (true);
207 }
208
209 /* Update the timeouts in the hold queue */
210 l2c_process_held_packets(false);
211
212 alarm_cancel(p_lcb->l2c_lcb_timer);
213
214 /* For all channels, send the event through their FSMs */
215 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
216 p_ccb = p_ccb->p_next_ccb) {
217 l2c_csm_execute(p_ccb, L2CEVT_LP_CONNECT_CFM, &ci);
218 }
219
220 if (p_lcb->p_echo_rsp_cb) {
221 l2cu_send_peer_echo_req(p_lcb, NULL, 0);
222 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, L2CAP_ECHO_RSP_TIMEOUT_MS,
223 l2c_lcb_timer_timeout, p_lcb);
224 } else if (!p_lcb->ccb_queue.p_first_ccb) {
225 uint64_t timeout_ms = L2CAP_LINK_STARTUP_TOUT * 1000;
226 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, timeout_ms,
227 l2c_lcb_timer_timeout, p_lcb);
228 }
229 }
230 /* Max number of acl connections. */
231 /* If there's an lcb disconnecting set this one to holding */
232 else if ((ci.status == HCI_ERR_MAX_NUM_OF_CONNECTIONS) &&
233 l2cu_lcb_disconnecting()) {
234 p_lcb->link_state = LST_CONNECT_HOLDING;
235 p_lcb->handle = HCI_INVALID_HANDLE;
236 } else {
237 /* Just in case app decides to try again in the callback context */
238 p_lcb->link_state = LST_DISCONNECTING;
239
240 /* Connection failed. For all channels, send the event through */
241 /* their FSMs. The CCBs should remove themselves from the LCB */
242 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
243 tL2C_CCB* pn = p_ccb->p_next_ccb;
244
245 l2c_csm_execute(p_ccb, L2CEVT_LP_CONNECT_CFM_NEG, &ci);
246
247 p_ccb = pn;
248 }
249
250 p_lcb->disc_reason = status;
251 /* Release the LCB */
252 if (p_lcb->ccb_queue.p_first_ccb == NULL)
253 l2cu_release_lcb(p_lcb);
254 else /* there are any CCBs remaining */
255 {
256 if (ci.status == HCI_ERR_CONNECTION_EXISTS) {
257 /* we are in collision situation, wait for connecttion request from
258 * controller */
259 p_lcb->link_state = LST_CONNECTING;
260 } else {
261 l2cu_create_conn_br_edr(p_lcb);
262 }
263 }
264 }
265 return (true);
266 }
267
268 /*******************************************************************************
269 *
270 * Function l2c_link_sec_comp
271 *
272 * Description This function is called when required security procedures
273 * are completed.
274 *
275 * Returns void
276 *
277 ******************************************************************************/
l2c_link_sec_comp(const RawAddress * p_bda,UNUSED_ATTR tBT_TRANSPORT transport,void * p_ref_data,uint8_t status)278 void l2c_link_sec_comp(const RawAddress* p_bda,
279 UNUSED_ATTR tBT_TRANSPORT transport, void* p_ref_data,
280 uint8_t status) {
281 l2c_link_sec_comp2(*p_bda, transport, p_ref_data, status);
282 }
283
l2c_link_sec_comp2(const RawAddress & p_bda,UNUSED_ATTR tBT_TRANSPORT transport,void * p_ref_data,uint8_t status)284 void l2c_link_sec_comp2(const RawAddress& p_bda,
285 UNUSED_ATTR tBT_TRANSPORT transport, void* p_ref_data,
286 uint8_t status) {
287 tL2C_CONN_INFO ci;
288 tL2C_LCB* p_lcb;
289 tL2C_CCB* p_ccb;
290 tL2C_CCB* p_next_ccb;
291 uint8_t event;
292
293 L2CAP_TRACE_DEBUG("%s: status=%d, p_ref_data=%p, BD_ADDR=%s", __func__,
294 status, p_ref_data, p_bda.ToString().c_str());
295
296 if (status == BTM_SUCCESS_NO_SECURITY) status = BTM_SUCCESS;
297
298 /* Save the parameters */
299 ci.status = status;
300 ci.bd_addr = p_bda;
301
302 p_lcb = l2cu_find_lcb_by_bd_addr(p_bda, transport);
303
304 /* If we don't have one, this is an error */
305 if (!p_lcb) {
306 L2CAP_TRACE_WARNING("L2CAP got sec_comp for unknown BD_ADDR");
307 return;
308 }
309
310 /* Match p_ccb with p_ref_data returned by sec manager */
311 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_next_ccb) {
312 p_next_ccb = p_ccb->p_next_ccb;
313
314 if (p_ccb == p_ref_data) {
315 switch (status) {
316 case BTM_SUCCESS:
317 event = L2CEVT_SEC_COMP;
318 break;
319
320 case BTM_DELAY_CHECK:
321 /* start a timer - encryption change not received before L2CAP connect
322 * req */
323 alarm_set_on_mloop(p_ccb->l2c_ccb_timer,
324 L2CAP_DELAY_CHECK_SM4_TIMEOUT_MS,
325 l2c_ccb_timer_timeout, p_ccb);
326 return;
327
328 default:
329 event = L2CEVT_SEC_COMP_NEG;
330 }
331 l2c_csm_execute(p_ccb, event, &ci);
332 break;
333 }
334 }
335 }
336
337 /*******************************************************************************
338 *
339 * Function l2c_link_hci_disc_comp
340 *
341 * Description This function is called when an HCI Disconnect Complete
342 * event is received.
343 *
344 * Returns true if the link is known about, else false
345 *
346 ******************************************************************************/
l2c_link_hci_disc_comp(uint16_t handle,uint8_t reason)347 bool l2c_link_hci_disc_comp(uint16_t handle, uint8_t reason) {
348 tL2C_LCB* p_lcb;
349 tL2C_CCB* p_ccb;
350 bool status = true;
351 bool lcb_is_free = true;
352 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
353
354 /* See if we have a link control block for the connection */
355 p_lcb = l2cu_find_lcb_by_handle(handle);
356
357 /* If we don't have one, maybe an SCO link. Send to MM */
358 if (!p_lcb) {
359 status = false;
360 } else {
361 /* There can be a case when we rejected PIN code authentication */
362 /* otherwise save a new reason */
363 if (btm_cb.acl_disc_reason != HCI_ERR_HOST_REJECT_SECURITY)
364 btm_cb.acl_disc_reason = reason;
365
366 p_lcb->disc_reason = btm_cb.acl_disc_reason;
367
368 /* Just in case app decides to try again in the callback context */
369 p_lcb->link_state = LST_DISCONNECTING;
370
371 /* Check for BLE and handle that differently */
372 if (p_lcb->transport == BT_TRANSPORT_LE)
373 btm_ble_update_link_topology_mask(p_lcb->link_role, false);
374 /* Link is disconnected. For all channels, send the event through */
375 /* their FSMs. The CCBs should remove themselves from the LCB */
376 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
377 tL2C_CCB* pn = p_ccb->p_next_ccb;
378
379 /* Keep connect pending control block (if exists)
380 * Possible Race condition when a reconnect occurs
381 * on the channel during a disconnect of link. This
382 * ccb will be automatically retried after link disconnect
383 * arrives
384 */
385 if (p_ccb != p_lcb->p_pending_ccb) {
386 l2c_csm_execute(p_ccb, L2CEVT_LP_DISCONNECT_IND, &reason);
387 }
388 p_ccb = pn;
389 }
390
391 if (p_lcb->transport == BT_TRANSPORT_BR_EDR)
392 /* Tell SCO management to drop any SCOs on this ACL */
393 btm_sco_acl_removed(&p_lcb->remote_bd_addr);
394
395 /* If waiting for disconnect and reconnect is pending start the reconnect
396 now
397 race condition where layer above issued connect request on link that was
398 disconnecting
399 */
400 if (p_lcb->ccb_queue.p_first_ccb != NULL || p_lcb->p_pending_ccb) {
401 L2CAP_TRACE_DEBUG(
402 "l2c_link_hci_disc_comp: Restarting pending ACL request");
403 /* Release any held buffers */
404 while (!list_is_empty(p_lcb->link_xmit_data_q)) {
405 BT_HDR* p_buf =
406 static_cast<BT_HDR*>(list_front(p_lcb->link_xmit_data_q));
407 list_remove(p_lcb->link_xmit_data_q, p_buf);
408 osi_free(p_buf);
409 }
410 transport = p_lcb->transport;
411 /* for LE link, always drop and re-open to ensure to get LE remote feature
412 */
413 if (p_lcb->transport == BT_TRANSPORT_LE) {
414 btm_acl_removed(p_lcb->remote_bd_addr, p_lcb->transport);
415 } else {
416 #if (L2CAP_NUM_FIXED_CHNLS > 0)
417 /* If we are going to re-use the LCB without dropping it, release all
418 fixed channels
419 here */
420 int xx;
421 for (xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++) {
422 if (p_lcb->p_fixed_ccbs[xx] &&
423 p_lcb->p_fixed_ccbs[xx] != p_lcb->p_pending_ccb) {
424 (*l2cb.fixed_reg[xx].pL2CA_FixedConn_Cb)(
425 xx + L2CAP_FIRST_FIXED_CHNL, p_lcb->remote_bd_addr, false,
426 p_lcb->disc_reason, p_lcb->transport);
427 if (p_lcb->p_fixed_ccbs[xx] == NULL) {
428 L2CAP_TRACE_ERROR(
429 "%s: unexpected p_fixed_ccbs[%d] is NULL remote_bd_addr = %s "
430 "p_lcb = %p in_use = %d link_state = %d handle = %d "
431 "link_role = %d is_bonding = %d disc_reason = %d transport = "
432 "%d",
433 __func__, xx, p_lcb->remote_bd_addr.ToString().c_str(), p_lcb,
434 p_lcb->in_use, p_lcb->link_state, p_lcb->handle,
435 p_lcb->link_role, p_lcb->is_bonding, p_lcb->disc_reason,
436 p_lcb->transport);
437 }
438 CHECK(p_lcb->p_fixed_ccbs[xx] != NULL);
439 l2cu_release_ccb(p_lcb->p_fixed_ccbs[xx]);
440
441 p_lcb->p_fixed_ccbs[xx] = NULL;
442 }
443 }
444 #endif
445 }
446 if (p_lcb->transport == BT_TRANSPORT_LE) {
447 if (l2cu_create_conn_le(p_lcb))
448 lcb_is_free = false; /* still using this lcb */
449 } else {
450 if (l2cu_create_conn_br_edr(p_lcb))
451 lcb_is_free = false; /* still using this lcb */
452 }
453 }
454
455 p_lcb->p_pending_ccb = NULL;
456
457 /* Release the LCB */
458 if (lcb_is_free) l2cu_release_lcb(p_lcb);
459 }
460
461 /* Now that we have a free acl connection, see if any lcbs are pending */
462 if (lcb_is_free &&
463 ((p_lcb = l2cu_find_lcb_by_state(LST_CONNECT_HOLDING)) != NULL)) {
464 /* we found one-- create a connection */
465 l2cu_create_conn_br_edr(p_lcb);
466 }
467
468 return status;
469 }
470
471 /*******************************************************************************
472 *
473 * Function l2c_link_hci_qos_violation
474 *
475 * Description This function is called when an HCI QOS Violation
476 * event is received.
477 *
478 * Returns true if the link is known about, else false
479 *
480 ******************************************************************************/
l2c_link_hci_qos_violation(uint16_t handle)481 bool l2c_link_hci_qos_violation(uint16_t handle) {
482 tL2C_LCB* p_lcb;
483 tL2C_CCB* p_ccb;
484
485 /* See if we have a link control block for the connection */
486 p_lcb = l2cu_find_lcb_by_handle(handle);
487
488 /* If we don't have one, maybe an SCO link. */
489 if (!p_lcb) return (false);
490
491 /* For all channels, tell the upper layer about it */
492 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb) {
493 if (p_ccb->p_rcb->api.pL2CA_QoSViolationInd_Cb)
494 l2c_csm_execute(p_ccb, L2CEVT_LP_QOS_VIOLATION_IND, NULL);
495 }
496
497 return (true);
498 }
499
500 /*******************************************************************************
501 *
502 * Function l2c_link_timeout
503 *
504 * Description This function is called when a link timer expires
505 *
506 * Returns void
507 *
508 ******************************************************************************/
l2c_link_timeout(tL2C_LCB * p_lcb)509 void l2c_link_timeout(tL2C_LCB* p_lcb) {
510 tL2C_CCB* p_ccb;
511 tBTM_STATUS rc;
512
513 L2CAP_TRACE_EVENT(
514 "L2CAP - l2c_link_timeout() link state %d first CCB %p is_bonding:%d",
515 p_lcb->link_state, p_lcb->ccb_queue.p_first_ccb, p_lcb->is_bonding);
516
517 /* If link was connecting or disconnecting, clear all channels and drop the
518 * LCB */
519 if ((p_lcb->link_state == LST_CONNECTING_WAIT_SWITCH) ||
520 (p_lcb->link_state == LST_CONNECTING) ||
521 (p_lcb->link_state == LST_CONNECT_HOLDING) ||
522 (p_lcb->link_state == LST_DISCONNECTING)) {
523 p_lcb->p_pending_ccb = NULL;
524
525 /* For all channels, send a disconnect indication event through */
526 /* their FSMs. The CCBs should remove themselves from the LCB */
527 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
528 tL2C_CCB* pn = p_ccb->p_next_ccb;
529
530 l2c_csm_execute(p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL);
531
532 p_ccb = pn;
533 }
534
535 /* Release the LCB */
536 l2cu_release_lcb(p_lcb);
537 }
538
539 /* If link is connected, check for inactivity timeout */
540 if (p_lcb->link_state == LST_CONNECTED) {
541 /* Check for ping outstanding */
542 if (p_lcb->p_echo_rsp_cb) {
543 tL2CA_ECHO_RSP_CB* p_cb = p_lcb->p_echo_rsp_cb;
544
545 /* Zero out the callback in case app immediately calls us again */
546 p_lcb->p_echo_rsp_cb = NULL;
547
548 (*p_cb)(L2CAP_PING_RESULT_NO_RESP);
549
550 L2CAP_TRACE_WARNING("L2CAP - ping timeout");
551
552 /* For all channels, send a disconnect indication event through */
553 /* their FSMs. The CCBs should remove themselves from the LCB */
554 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
555 tL2C_CCB* pn = p_ccb->p_next_ccb;
556
557 l2c_csm_execute(p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL);
558
559 p_ccb = pn;
560 }
561 }
562
563 /* If no channels in use, drop the link. */
564 if (!p_lcb->ccb_queue.p_first_ccb) {
565 uint64_t timeout_ms;
566 bool start_timeout = true;
567
568 rc = btm_sec_disconnect(p_lcb->handle, HCI_ERR_PEER_USER);
569
570 if (rc == BTM_CMD_STORED) {
571 /* Security Manager will take care of disconnecting, state will be
572 * updated at that time */
573 start_timeout = false;
574 } else if (rc == BTM_CMD_STARTED) {
575 p_lcb->link_state = LST_DISCONNECTING;
576 timeout_ms = L2CAP_LINK_DISCONNECT_TIMEOUT_MS;
577 } else if (rc == BTM_SUCCESS) {
578 l2cu_process_fixed_disc_cback(p_lcb);
579 /* BTM SEC will make sure that link is release (probably after pairing
580 * is done) */
581 p_lcb->link_state = LST_DISCONNECTING;
582 start_timeout = false;
583 } else if (rc == BTM_BUSY) {
584 /* BTM is still executing security process. Let lcb stay as connected */
585 start_timeout = false;
586 } else if (p_lcb->is_bonding) {
587 btsnd_hcic_disconnect(p_lcb->handle, HCI_ERR_PEER_USER);
588 l2cu_process_fixed_disc_cback(p_lcb);
589 p_lcb->link_state = LST_DISCONNECTING;
590 timeout_ms = L2CAP_LINK_DISCONNECT_TIMEOUT_MS;
591 } else {
592 /* probably no buffer to send disconnect */
593 timeout_ms = BT_1SEC_TIMEOUT_MS;
594 }
595
596 if (start_timeout) {
597 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, timeout_ms,
598 l2c_lcb_timer_timeout, p_lcb);
599 }
600 } else {
601 /* Check in case we were flow controlled */
602 l2c_link_check_send_pkts(p_lcb, NULL, NULL);
603 }
604 }
605 }
606
607 /*******************************************************************************
608 *
609 * Function l2c_info_resp_timer_timeout
610 *
611 * Description This function is called when an info request times out
612 *
613 * Returns void
614 *
615 ******************************************************************************/
l2c_info_resp_timer_timeout(void * data)616 void l2c_info_resp_timer_timeout(void* data) {
617 tL2C_LCB* p_lcb = (tL2C_LCB*)data;
618 tL2C_CCB* p_ccb;
619 tL2C_CONN_INFO ci;
620
621 /* If we timed out waiting for info response, just continue using basic if
622 * allowed */
623 if (p_lcb->w4_info_rsp) {
624 /* If waiting for security complete, restart the info response timer */
625 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
626 p_ccb = p_ccb->p_next_ccb) {
627 if ((p_ccb->chnl_state == CST_ORIG_W4_SEC_COMP) ||
628 (p_ccb->chnl_state == CST_TERM_W4_SEC_COMP)) {
629 alarm_set_on_mloop(p_lcb->info_resp_timer,
630 L2CAP_WAIT_INFO_RSP_TIMEOUT_MS,
631 l2c_info_resp_timer_timeout, p_lcb);
632 return;
633 }
634 }
635
636 p_lcb->w4_info_rsp = false;
637
638 /* If link is in process of being brought up */
639 if ((p_lcb->link_state != LST_DISCONNECTED) &&
640 (p_lcb->link_state != LST_DISCONNECTING)) {
641 /* Notify active channels that peer info is finished */
642 if (p_lcb->ccb_queue.p_first_ccb) {
643 ci.status = HCI_SUCCESS;
644 ci.bd_addr = p_lcb->remote_bd_addr;
645
646 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
647 p_ccb = p_ccb->p_next_ccb) {
648 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_INFO_RSP, &ci);
649 }
650 }
651 }
652 }
653 }
654
655 /*******************************************************************************
656 *
657 * Function l2c_link_adjust_allocation
658 *
659 * Description This function is called when a link is created or removed
660 * to calculate the amount of packets each link may send to
661 * the HCI without an ack coming back.
662 *
663 * Currently, this is a simple allocation, dividing the
664 * number of Controller Packets by the number of links. In
665 * the future, QOS configuration should be examined.
666 *
667 * Returns void
668 *
669 ******************************************************************************/
l2c_link_adjust_allocation(void)670 void l2c_link_adjust_allocation(void) {
671 uint16_t qq, yy, qq_remainder;
672 tL2C_LCB* p_lcb;
673 uint16_t hi_quota, low_quota;
674 uint16_t num_lowpri_links = 0;
675 uint16_t num_hipri_links = 0;
676 uint16_t controller_xmit_quota = l2cb.num_lm_acl_bufs;
677 uint16_t high_pri_link_quota = L2CAP_HIGH_PRI_MIN_XMIT_QUOTA_A;
678
679 /* If no links active, reset buffer quotas and controller buffers */
680 if (l2cb.num_links_active == 0) {
681 l2cb.controller_xmit_window = l2cb.num_lm_acl_bufs;
682 l2cb.round_robin_quota = l2cb.round_robin_unacked = 0;
683 return;
684 }
685
686 /* First, count the links */
687 for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++) {
688 if (p_lcb->in_use) {
689 if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
690 num_hipri_links++;
691 else
692 num_lowpri_links++;
693 }
694 }
695
696 /* now adjust high priority link quota */
697 low_quota = num_lowpri_links ? 1 : 0;
698 while ((num_hipri_links * high_pri_link_quota + low_quota) >
699 controller_xmit_quota)
700 high_pri_link_quota--;
701
702 /* Work out the xmit quota and buffer quota high and low priorities */
703 hi_quota = num_hipri_links * high_pri_link_quota;
704 low_quota =
705 (hi_quota < controller_xmit_quota) ? controller_xmit_quota - hi_quota : 1;
706
707 /* Work out and save the HCI xmit quota for each low priority link */
708
709 /* If each low priority link cannot have at least one buffer */
710 if (num_lowpri_links > low_quota) {
711 l2cb.round_robin_quota = low_quota;
712 qq = qq_remainder = 1;
713 }
714 /* If each low priority link can have at least one buffer */
715 else if (num_lowpri_links > 0) {
716 l2cb.round_robin_quota = 0;
717 l2cb.round_robin_unacked = 0;
718 qq = low_quota / num_lowpri_links;
719 qq_remainder = low_quota % num_lowpri_links;
720 }
721 /* If no low priority link */
722 else {
723 l2cb.round_robin_quota = 0;
724 l2cb.round_robin_unacked = 0;
725 qq = qq_remainder = 1;
726 }
727
728 L2CAP_TRACE_EVENT(
729 "l2c_link_adjust_allocation num_hipri: %u num_lowpri: %u low_quota: "
730 "%u round_robin_quota: %u qq: %u",
731 num_hipri_links, num_lowpri_links, low_quota, l2cb.round_robin_quota, qq);
732
733 /* Now, assign the quotas to each link */
734 for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++) {
735 if (p_lcb->in_use) {
736 if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH) {
737 p_lcb->link_xmit_quota = high_pri_link_quota;
738 } else {
739 /* Safety check in case we switched to round-robin with something
740 * outstanding */
741 /* if sent_not_acked is added into round_robin_unacked then don't add it
742 * again */
743 /* l2cap keeps updating sent_not_acked for exiting from round robin */
744 if ((p_lcb->link_xmit_quota > 0) && (qq == 0))
745 l2cb.round_robin_unacked += p_lcb->sent_not_acked;
746
747 p_lcb->link_xmit_quota = qq;
748 if (qq_remainder > 0) {
749 p_lcb->link_xmit_quota++;
750 qq_remainder--;
751 }
752 }
753
754 L2CAP_TRACE_EVENT(
755 "l2c_link_adjust_allocation LCB %d Priority: %d XmitQuota: %d", yy,
756 p_lcb->acl_priority, p_lcb->link_xmit_quota);
757
758 L2CAP_TRACE_EVENT(" SentNotAcked: %d RRUnacked: %d",
759 p_lcb->sent_not_acked, l2cb.round_robin_unacked);
760
761 /* There is a special case where we have readjusted the link quotas and */
762 /* this link may have sent anything but some other link sent packets so */
763 /* so we may need a timer to kick off this link's transmissions. */
764 if ((p_lcb->link_state == LST_CONNECTED) &&
765 (!list_is_empty(p_lcb->link_xmit_data_q)) &&
766 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
767 alarm_set_on_mloop(p_lcb->l2c_lcb_timer,
768 L2CAP_LINK_FLOW_CONTROL_TIMEOUT_MS,
769 l2c_lcb_timer_timeout, p_lcb);
770 }
771 }
772 }
773 }
774
775 /*******************************************************************************
776 *
777 * Function l2c_link_adjust_chnl_allocation
778 *
779 * Description This function is called to calculate the amount of packets
780 * each non-F&EC channel may have outstanding.
781 *
782 * Currently, this is a simple allocation, dividing the number
783 * of packets allocated to the link by the number of channels.
784 * In the future, QOS configuration should be examined.
785 *
786 * Returns void
787 *
788 ******************************************************************************/
l2c_link_adjust_chnl_allocation(void)789 void l2c_link_adjust_chnl_allocation(void) {
790 uint8_t xx;
791
792 L2CAP_TRACE_DEBUG("%s", __func__);
793
794 /* assign buffer quota to each channel based on its data rate requirement */
795 for (xx = 0; xx < MAX_L2CAP_CHANNELS; xx++) {
796 tL2C_CCB* p_ccb = l2cb.ccb_pool + xx;
797
798 if (!p_ccb->in_use) continue;
799
800 tL2CAP_CHNL_DATA_RATE data_rate = p_ccb->tx_data_rate + p_ccb->rx_data_rate;
801 p_ccb->buff_quota = L2CAP_CBB_DEFAULT_DATA_RATE_BUFF_QUOTA * data_rate;
802 L2CAP_TRACE_EVENT(
803 "CID:0x%04x FCR Mode:%u Priority:%u TxDataRate:%u RxDataRate:%u "
804 "Quota:%u",
805 p_ccb->local_cid, p_ccb->peer_cfg.fcr.mode, p_ccb->ccb_priority,
806 p_ccb->tx_data_rate, p_ccb->rx_data_rate, p_ccb->buff_quota);
807
808 /* quota may be change so check congestion */
809 l2cu_check_channel_congestion(p_ccb);
810 }
811 }
812
813 /*******************************************************************************
814 *
815 * Function l2c_link_processs_num_bufs
816 *
817 * Description This function is called when a "controller buffer size"
818 * event is first received from the controller. It updates
819 * the L2CAP values.
820 *
821 * Returns void
822 *
823 ******************************************************************************/
l2c_link_processs_num_bufs(uint16_t num_lm_acl_bufs)824 void l2c_link_processs_num_bufs(uint16_t num_lm_acl_bufs) {
825 l2cb.num_lm_acl_bufs = l2cb.controller_xmit_window = num_lm_acl_bufs;
826 }
827
828 /*******************************************************************************
829 *
830 * Function l2c_link_pkts_rcvd
831 *
832 * Description This function is called from the HCI transport when it is
833 * time to send a "Host ready for packets" command. This is
834 * only when host to controller flow control is used. It fills
835 * in the arrays of numbers of packets and handles.
836 *
837 * Returns count of number of entries filled in
838 *
839 ******************************************************************************/
l2c_link_pkts_rcvd(UNUSED_ATTR uint16_t * num_pkts,UNUSED_ATTR uint16_t * handles)840 uint8_t l2c_link_pkts_rcvd(UNUSED_ATTR uint16_t* num_pkts,
841 UNUSED_ATTR uint16_t* handles) {
842 uint8_t num_found = 0;
843
844 return (num_found);
845 }
846
847 /*******************************************************************************
848 *
849 * Function l2c_link_role_changed
850 *
851 * Description This function is called whan a link's master/slave role
852 * change event is received. It simply updates the link control
853 * block.
854 *
855 * Returns void
856 *
857 ******************************************************************************/
l2c_link_role_changed(const RawAddress * bd_addr,uint8_t new_role,uint8_t hci_status)858 void l2c_link_role_changed(const RawAddress* bd_addr, uint8_t new_role,
859 uint8_t hci_status) {
860 tL2C_LCB* p_lcb;
861 int xx;
862
863 /* Make sure not called from HCI Command Status (bd_addr and new_role are
864 * invalid) */
865 if (bd_addr) {
866 /* If here came form hci role change event */
867 p_lcb = l2cu_find_lcb_by_bd_addr(*bd_addr, BT_TRANSPORT_BR_EDR);
868 if (p_lcb) {
869 p_lcb->link_role = new_role;
870
871 /* Reset high priority link if needed */
872 if (hci_status == HCI_SUCCESS)
873 l2cu_set_acl_priority(*bd_addr, p_lcb->acl_priority, true);
874 }
875 }
876
877 /* Check if any LCB was waiting for switch to be completed */
878 for (xx = 0, p_lcb = &l2cb.lcb_pool[0]; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) {
879 if ((p_lcb->in_use) && (p_lcb->link_state == LST_CONNECTING_WAIT_SWITCH)) {
880 l2cu_create_conn_after_switch(p_lcb);
881 }
882 }
883 }
884
885 /*******************************************************************************
886 *
887 * Function l2c_pin_code_request
888 *
889 * Description This function is called whan a pin-code request is received
890 * on a connection. If there are no channels active yet on the
891 * link, it extends the link first connection timer. Make sure
892 * that inactivity timer is not extended if PIN code happens
893 * to be after last ccb released.
894 *
895 * Returns void
896 *
897 ******************************************************************************/
l2c_pin_code_request(const RawAddress & bd_addr)898 void l2c_pin_code_request(const RawAddress& bd_addr) {
899 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_BR_EDR);
900
901 if ((p_lcb) && (!p_lcb->ccb_queue.p_first_ccb)) {
902 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, L2CAP_LINK_CONNECT_EXT_TIMEOUT_MS,
903 l2c_lcb_timer_timeout, p_lcb);
904 }
905 }
906
907 #if (L2CAP_WAKE_PARKED_LINK == TRUE)
908 /*******************************************************************************
909 *
910 * Function l2c_link_check_power_mode
911 *
912 * Description This function is called to check power mode.
913 *
914 * Returns true if link is going to be active from park
915 * false if nothing to send or not in park mode
916 *
917 ******************************************************************************/
l2c_link_check_power_mode(tL2C_LCB * p_lcb)918 bool l2c_link_check_power_mode(tL2C_LCB* p_lcb) {
919 tBTM_PM_MODE mode;
920 tL2C_CCB* p_ccb;
921 bool need_to_active = false;
922
923 /*
924 * We only switch park to active only if we have unsent packets
925 */
926 if (list_is_empty(p_lcb->link_xmit_data_q)) {
927 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
928 p_ccb = p_ccb->p_next_ccb) {
929 if (!fixed_queue_is_empty(p_ccb->xmit_hold_q)) {
930 need_to_active = true;
931 break;
932 }
933 }
934 } else
935 need_to_active = true;
936
937 /* if we have packets to send */
938 if (need_to_active) {
939 /* check power mode */
940 if (BTM_ReadPowerMode(p_lcb->remote_bd_addr, &mode) == BTM_SUCCESS) {
941 if (mode == BTM_PM_STS_PENDING) {
942 L2CAP_TRACE_DEBUG("LCB(0x%x) is in PM pending state", p_lcb->handle);
943
944 return true;
945 }
946 }
947 }
948 return false;
949 }
950 #endif /* L2CAP_WAKE_PARKED_LINK == TRUE) */
951
952 /*******************************************************************************
953 *
954 * Function l2c_link_check_send_pkts
955 *
956 * Description This function is called to check if it can send packets
957 * to the Host Controller. It may be passed the address of
958 * a packet to send.
959 *
960 * Returns void
961 *
962 ******************************************************************************/
l2c_link_check_send_pkts(tL2C_LCB * p_lcb,tL2C_CCB * p_ccb,BT_HDR * p_buf)963 void l2c_link_check_send_pkts(tL2C_LCB* p_lcb, tL2C_CCB* p_ccb, BT_HDR* p_buf) {
964 int xx;
965 bool single_write = false;
966
967 /* Save the channel ID for faster counting */
968 if (p_buf) {
969 if (p_ccb != NULL) {
970 p_buf->event = p_ccb->local_cid;
971 single_write = true;
972 } else
973 p_buf->event = 0;
974
975 p_buf->layer_specific = 0;
976 list_append(p_lcb->link_xmit_data_q, p_buf);
977
978 if (p_lcb->link_xmit_quota == 0) {
979 if (p_lcb->transport == BT_TRANSPORT_LE)
980 l2cb.ble_check_round_robin = true;
981 else
982 l2cb.check_round_robin = true;
983 }
984 }
985
986 /* If this is called from uncongested callback context break recursive
987 *calling.
988 ** This LCB will be served when receiving number of completed packet event.
989 */
990 if (l2cb.is_cong_cback_context) return;
991
992 /* If we are in a scenario where there are not enough buffers for each link to
993 ** have at least 1, then do a round-robin for all the LCBs
994 */
995 if ((p_lcb == NULL) || (p_lcb->link_xmit_quota == 0)) {
996 if (p_lcb == NULL)
997 p_lcb = l2cb.lcb_pool;
998 else if (!single_write)
999 p_lcb++;
1000
1001 /* Loop through, starting at the next */
1002 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) {
1003 /* Check for wraparound */
1004 if (p_lcb == &l2cb.lcb_pool[MAX_L2CAP_LINKS]) p_lcb = &l2cb.lcb_pool[0];
1005
1006 /* If controller window is full, nothing to do */
1007 if (((l2cb.controller_xmit_window == 0 ||
1008 (l2cb.round_robin_unacked >= l2cb.round_robin_quota)) &&
1009 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1010 (p_lcb->transport == BT_TRANSPORT_LE &&
1011 (l2cb.ble_round_robin_unacked >= l2cb.ble_round_robin_quota ||
1012 l2cb.controller_le_xmit_window == 0)))
1013 continue;
1014
1015 if ((!p_lcb->in_use) || (p_lcb->partial_segment_being_sent) ||
1016 (p_lcb->link_state != LST_CONNECTED) ||
1017 (p_lcb->link_xmit_quota != 0) || (L2C_LINK_CHECK_POWER_MODE(p_lcb)))
1018 continue;
1019
1020 /* See if we can send anything from the Link Queue */
1021 if (!list_is_empty(p_lcb->link_xmit_data_q)) {
1022 p_buf = (BT_HDR*)list_front(p_lcb->link_xmit_data_q);
1023 list_remove(p_lcb->link_xmit_data_q, p_buf);
1024 l2c_link_send_to_lower(p_lcb, p_buf, NULL);
1025 } else if (single_write) {
1026 /* If only doing one write, break out */
1027 break;
1028 }
1029 /* If nothing on the link queue, check the channel queue */
1030 else {
1031 tL2C_TX_COMPLETE_CB_INFO cbi;
1032 p_buf = l2cu_get_next_buffer_to_send(p_lcb, &cbi);
1033 if (p_buf != NULL) {
1034 l2c_link_send_to_lower(p_lcb, p_buf, &cbi);
1035 }
1036 }
1037 }
1038
1039 /* If we finished without using up our quota, no need for a safety check */
1040 if ((l2cb.controller_xmit_window > 0) &&
1041 (l2cb.round_robin_unacked < l2cb.round_robin_quota) &&
1042 (p_lcb->transport == BT_TRANSPORT_BR_EDR))
1043 l2cb.check_round_robin = false;
1044
1045 if ((l2cb.controller_le_xmit_window > 0) &&
1046 (l2cb.ble_round_robin_unacked < l2cb.ble_round_robin_quota) &&
1047 (p_lcb->transport == BT_TRANSPORT_LE))
1048 l2cb.ble_check_round_robin = false;
1049 } else /* if this is not round-robin service */
1050 {
1051 /* If a partial segment is being sent, can't send anything else */
1052 if ((p_lcb->partial_segment_being_sent) ||
1053 (p_lcb->link_state != LST_CONNECTED) ||
1054 (L2C_LINK_CHECK_POWER_MODE(p_lcb)))
1055 return;
1056
1057 /* See if we can send anything from the link queue */
1058 while (((l2cb.controller_xmit_window != 0 &&
1059 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1060 (l2cb.controller_le_xmit_window != 0 &&
1061 (p_lcb->transport == BT_TRANSPORT_LE))) &&
1062 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
1063 if (list_is_empty(p_lcb->link_xmit_data_q)) break;
1064
1065 p_buf = (BT_HDR*)list_front(p_lcb->link_xmit_data_q);
1066 list_remove(p_lcb->link_xmit_data_q, p_buf);
1067 if (!l2c_link_send_to_lower(p_lcb, p_buf, NULL)) break;
1068 }
1069
1070 if (!single_write) {
1071 /* See if we can send anything for any channel */
1072 while (((l2cb.controller_xmit_window != 0 &&
1073 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1074 (l2cb.controller_le_xmit_window != 0 &&
1075 (p_lcb->transport == BT_TRANSPORT_LE))) &&
1076 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
1077 tL2C_TX_COMPLETE_CB_INFO cbi;
1078 p_buf = l2cu_get_next_buffer_to_send(p_lcb, &cbi);
1079 if (p_buf == NULL) break;
1080
1081 if (!l2c_link_send_to_lower(p_lcb, p_buf, &cbi)) break;
1082 }
1083 }
1084
1085 /* There is a special case where we have readjusted the link quotas and */
1086 /* this link may have sent anything but some other link sent packets so */
1087 /* so we may need a timer to kick off this link's transmissions. */
1088 if ((!list_is_empty(p_lcb->link_xmit_data_q)) &&
1089 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
1090 alarm_set_on_mloop(p_lcb->l2c_lcb_timer,
1091 L2CAP_LINK_FLOW_CONTROL_TIMEOUT_MS,
1092 l2c_lcb_timer_timeout, p_lcb);
1093 }
1094 }
1095 }
1096
1097 /*******************************************************************************
1098 *
1099 * Function l2c_link_send_to_lower
1100 *
1101 * Description This function queues the buffer for HCI transmission
1102 *
1103 * Returns true for success, false for fail
1104 *
1105 ******************************************************************************/
l2c_link_send_to_lower(tL2C_LCB * p_lcb,BT_HDR * p_buf,tL2C_TX_COMPLETE_CB_INFO * p_cbi)1106 static bool l2c_link_send_to_lower(tL2C_LCB* p_lcb, BT_HDR* p_buf,
1107 tL2C_TX_COMPLETE_CB_INFO* p_cbi) {
1108 uint16_t num_segs;
1109 uint16_t xmit_window, acl_data_size;
1110 const controller_t* controller = controller_get_interface();
1111
1112 if ((p_buf->len <= controller->get_acl_packet_size_classic() &&
1113 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1114 ((p_lcb->transport == BT_TRANSPORT_LE) &&
1115 (p_buf->len <= controller->get_acl_packet_size_ble()))) {
1116 if (p_lcb->link_xmit_quota == 0) {
1117 if (p_lcb->transport == BT_TRANSPORT_LE)
1118 l2cb.ble_round_robin_unacked++;
1119 else
1120 l2cb.round_robin_unacked++;
1121 }
1122 p_lcb->sent_not_acked++;
1123 p_buf->layer_specific = 0;
1124
1125 if (p_lcb->transport == BT_TRANSPORT_LE) {
1126 l2cb.controller_le_xmit_window--;
1127 bte_main_hci_send(
1128 p_buf, (uint16_t)(BT_EVT_TO_LM_HCI_ACL | LOCAL_BLE_CONTROLLER_ID));
1129 } else {
1130 l2cb.controller_xmit_window--;
1131 bte_main_hci_send(p_buf, BT_EVT_TO_LM_HCI_ACL);
1132 }
1133 } else {
1134 if (p_lcb->transport == BT_TRANSPORT_LE) {
1135 acl_data_size = controller->get_acl_data_size_ble();
1136 xmit_window = l2cb.controller_le_xmit_window;
1137
1138 } else {
1139 acl_data_size = controller->get_acl_data_size_classic();
1140 xmit_window = l2cb.controller_xmit_window;
1141 }
1142 num_segs = (p_buf->len - HCI_DATA_PREAMBLE_SIZE + acl_data_size - 1) /
1143 acl_data_size;
1144
1145 /* If doing round-robin, then only 1 segment each time */
1146 if (p_lcb->link_xmit_quota == 0) {
1147 num_segs = 1;
1148 p_lcb->partial_segment_being_sent = true;
1149 } else {
1150 /* Multi-segment packet. Make sure it can fit */
1151 if (num_segs > xmit_window) {
1152 num_segs = xmit_window;
1153 p_lcb->partial_segment_being_sent = true;
1154 }
1155
1156 if (num_segs > (p_lcb->link_xmit_quota - p_lcb->sent_not_acked)) {
1157 num_segs = (p_lcb->link_xmit_quota - p_lcb->sent_not_acked);
1158 p_lcb->partial_segment_being_sent = true;
1159 }
1160 }
1161
1162 p_buf->layer_specific = num_segs;
1163 if (p_lcb->transport == BT_TRANSPORT_LE) {
1164 l2cb.controller_le_xmit_window -= num_segs;
1165 if (p_lcb->link_xmit_quota == 0) l2cb.ble_round_robin_unacked += num_segs;
1166 } else {
1167 l2cb.controller_xmit_window -= num_segs;
1168
1169 if (p_lcb->link_xmit_quota == 0) l2cb.round_robin_unacked += num_segs;
1170 }
1171
1172 p_lcb->sent_not_acked += num_segs;
1173 if (p_lcb->transport == BT_TRANSPORT_LE) {
1174 bte_main_hci_send(
1175 p_buf, (uint16_t)(BT_EVT_TO_LM_HCI_ACL | LOCAL_BLE_CONTROLLER_ID));
1176 } else {
1177 bte_main_hci_send(p_buf, BT_EVT_TO_LM_HCI_ACL);
1178 }
1179 }
1180
1181 #if (L2CAP_HCI_FLOW_CONTROL_DEBUG == TRUE)
1182 if (p_lcb->transport == BT_TRANSPORT_LE) {
1183 L2CAP_TRACE_DEBUG(
1184 "TotalWin=%d,Hndl=0x%x,Quota=%d,Unack=%d,RRQuota=%d,RRUnack=%d",
1185 l2cb.controller_le_xmit_window, p_lcb->handle, p_lcb->link_xmit_quota,
1186 p_lcb->sent_not_acked, l2cb.ble_round_robin_quota,
1187 l2cb.ble_round_robin_unacked);
1188 } else {
1189 L2CAP_TRACE_DEBUG(
1190 "TotalWin=%d,Hndl=0x%x,Quota=%d,Unack=%d,RRQuota=%d,RRUnack=%d",
1191 l2cb.controller_xmit_window, p_lcb->handle, p_lcb->link_xmit_quota,
1192 p_lcb->sent_not_acked, l2cb.round_robin_quota,
1193 l2cb.round_robin_unacked);
1194 }
1195 #endif
1196
1197 if (p_cbi) l2cu_tx_complete(p_cbi);
1198
1199 return true;
1200 }
1201
1202 /*******************************************************************************
1203 *
1204 * Function l2c_link_process_num_completed_pkts
1205 *
1206 * Description This function is called when a "number-of-completed-packets"
1207 * event is received from the controller. It updates all the
1208 * LCB transmit counts.
1209 *
1210 * Returns void
1211 *
1212 ******************************************************************************/
l2c_link_process_num_completed_pkts(uint8_t * p)1213 void l2c_link_process_num_completed_pkts(uint8_t* p) {
1214 uint8_t num_handles, xx;
1215 uint16_t handle;
1216 uint16_t num_sent;
1217 tL2C_LCB* p_lcb;
1218
1219 STREAM_TO_UINT8(num_handles, p);
1220
1221 for (xx = 0; xx < num_handles; xx++) {
1222 STREAM_TO_UINT16(handle, p);
1223 STREAM_TO_UINT16(num_sent, p);
1224
1225 p_lcb = l2cu_find_lcb_by_handle(handle);
1226
1227 /* Callback for number of completed packet event */
1228 /* Originally designed for [3DSG] */
1229 if ((p_lcb != NULL) && (p_lcb->p_nocp_cb)) {
1230 L2CAP_TRACE_DEBUG("L2CAP - calling NoCP callback");
1231 (*p_lcb->p_nocp_cb)(p_lcb->remote_bd_addr);
1232 }
1233
1234 if (p_lcb) {
1235 if (p_lcb && (p_lcb->transport == BT_TRANSPORT_LE))
1236 l2cb.controller_le_xmit_window += num_sent;
1237 else {
1238 /* Maintain the total window to the controller */
1239 l2cb.controller_xmit_window += num_sent;
1240 }
1241 /* If doing round-robin, adjust communal counts */
1242 if (p_lcb->link_xmit_quota == 0) {
1243 if (p_lcb->transport == BT_TRANSPORT_LE) {
1244 /* Don't go negative */
1245 if (l2cb.ble_round_robin_unacked > num_sent)
1246 l2cb.ble_round_robin_unacked -= num_sent;
1247 else
1248 l2cb.ble_round_robin_unacked = 0;
1249 } else {
1250 /* Don't go negative */
1251 if (l2cb.round_robin_unacked > num_sent)
1252 l2cb.round_robin_unacked -= num_sent;
1253 else
1254 l2cb.round_robin_unacked = 0;
1255 }
1256 }
1257
1258 /* Don't go negative */
1259 if (p_lcb->sent_not_acked > num_sent)
1260 p_lcb->sent_not_acked -= num_sent;
1261 else
1262 p_lcb->sent_not_acked = 0;
1263
1264 l2c_link_check_send_pkts(p_lcb, NULL, NULL);
1265
1266 /* If we were doing round-robin for low priority links, check 'em */
1267 if ((p_lcb->acl_priority == L2CAP_PRIORITY_HIGH) &&
1268 (l2cb.check_round_robin) &&
1269 (l2cb.round_robin_unacked < l2cb.round_robin_quota)) {
1270 l2c_link_check_send_pkts(NULL, NULL, NULL);
1271 }
1272 if ((p_lcb->transport == BT_TRANSPORT_LE) &&
1273 (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH) &&
1274 ((l2cb.ble_check_round_robin) &&
1275 (l2cb.ble_round_robin_unacked < l2cb.ble_round_robin_quota))) {
1276 l2c_link_check_send_pkts(NULL, NULL, NULL);
1277 }
1278 }
1279
1280 #if (L2CAP_HCI_FLOW_CONTROL_DEBUG == TRUE)
1281 if (p_lcb) {
1282 if (p_lcb->transport == BT_TRANSPORT_LE) {
1283 L2CAP_TRACE_DEBUG(
1284 "TotalWin=%d,LinkUnack(0x%x)=%d,RRCheck=%d,RRUnack=%d",
1285 l2cb.controller_le_xmit_window, p_lcb->handle,
1286 p_lcb->sent_not_acked, l2cb.ble_check_round_robin,
1287 l2cb.ble_round_robin_unacked);
1288 } else {
1289 L2CAP_TRACE_DEBUG(
1290 "TotalWin=%d,LinkUnack(0x%x)=%d,RRCheck=%d,RRUnack=%d",
1291 l2cb.controller_xmit_window, p_lcb->handle, p_lcb->sent_not_acked,
1292 l2cb.check_round_robin, l2cb.round_robin_unacked);
1293 }
1294 } else {
1295 L2CAP_TRACE_DEBUG(
1296 "TotalWin=%d LE_Win: %d, Handle=0x%x, RRCheck=%d, RRUnack=%d",
1297 l2cb.controller_xmit_window, l2cb.controller_le_xmit_window, handle,
1298 l2cb.ble_check_round_robin, l2cb.ble_round_robin_unacked);
1299 }
1300 #endif
1301 }
1302 }
1303
1304 /*******************************************************************************
1305 *
1306 * Function l2c_link_segments_xmitted
1307 *
1308 * Description This function is called from the HCI Interface when an ACL
1309 * data packet segment is transmitted.
1310 *
1311 * Returns void
1312 *
1313 ******************************************************************************/
l2c_link_segments_xmitted(BT_HDR * p_msg)1314 void l2c_link_segments_xmitted(BT_HDR* p_msg) {
1315 uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset;
1316 uint16_t handle;
1317 tL2C_LCB* p_lcb;
1318
1319 /* Extract the handle */
1320 STREAM_TO_UINT16(handle, p);
1321 handle = HCID_GET_HANDLE(handle);
1322
1323 /* Find the LCB based on the handle */
1324 p_lcb = l2cu_find_lcb_by_handle(handle);
1325 if (p_lcb == NULL) {
1326 L2CAP_TRACE_WARNING("L2CAP - rcvd segment complete, unknown handle: %d",
1327 handle);
1328 osi_free(p_msg);
1329 return;
1330 }
1331
1332 if (p_lcb->link_state == LST_CONNECTED) {
1333 /* Enqueue the buffer to the head of the transmit queue, and see */
1334 /* if we can transmit anything more. */
1335 list_prepend(p_lcb->link_xmit_data_q, p_msg);
1336
1337 p_lcb->partial_segment_being_sent = false;
1338
1339 l2c_link_check_send_pkts(p_lcb, NULL, NULL);
1340 } else
1341 osi_free(p_msg);
1342 }
1343