1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * this file contains the functions relating to link management. A "link"
22 * is a connection between this device and another device. Only ACL links
23 * are managed.
24 *
25 ******************************************************************************/
26 #define LOG_TAG "l2c_link"
27
28 #include <cstdint>
29
30 #include "device/include/controller.h"
31 #include "main/shim/l2c_api.h"
32 #include "main/shim/shim.h"
33 #include "osi/include/allocator.h"
34 #include "osi/include/log.h"
35 #include "osi/include/osi.h"
36 #include "stack/btm/btm_int_types.h"
37 #include "stack/include/acl_api.h"
38 #include "stack/include/bt_hdr.h"
39 #include "stack/include/bt_types.h"
40 #include "stack/include/hci_error_code.h"
41 #include "stack/l2cap/l2c_int.h"
42 #include "types/bt_transport.h"
43 #include "types/raw_address.h"
44
45 extern tBTM_CB btm_cb;
46
47 bool BTM_ReadPowerMode(const RawAddress& remote_bda, tBTM_PM_MODE* p_mode);
48 bool btm_dev_support_role_switch(const RawAddress& bd_addr);
49 tBTM_STATUS btm_sec_disconnect(uint16_t handle, tHCI_STATUS reason,
50 std::string);
51 void btm_acl_created(const RawAddress& bda, uint16_t hci_handle,
52 uint8_t link_role, tBT_TRANSPORT transport);
53 void btm_acl_removed(uint16_t handle);
54 void btm_acl_set_paging(bool value);
55 void btm_ble_decrement_link_topology_mask(uint8_t link_role);
56 void btm_sco_acl_removed(const RawAddress* bda);
57
58 static void l2c_link_send_to_lower(tL2C_LCB* p_lcb, BT_HDR* p_buf);
59 static BT_HDR* l2cu_get_next_buffer_to_send(tL2C_LCB* p_lcb);
60
61 /*******************************************************************************
62 *
63 * Function l2c_link_hci_conn_req
64 *
65 * Description This function is called when an HCI Connection Request
66 * event is received.
67 *
68 ******************************************************************************/
l2c_link_hci_conn_req(const RawAddress & bd_addr)69 void l2c_link_hci_conn_req(const RawAddress& bd_addr) {
70 tL2C_LCB* p_lcb;
71 tL2C_LCB* p_lcb_cur;
72 int xx;
73 bool no_links;
74
75 /* See if we have a link control block for the remote device */
76 p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_BR_EDR);
77
78 /* If we don't have one, create one and accept the connection. */
79 if (!p_lcb) {
80 p_lcb = l2cu_allocate_lcb(bd_addr, false, BT_TRANSPORT_BR_EDR);
81 if (!p_lcb) {
82 btsnd_hcic_reject_conn(bd_addr, HCI_ERR_HOST_REJECT_RESOURCES);
83 LOG_ERROR("L2CAP failed to allocate LCB");
84 return;
85 }
86
87 no_links = true;
88
89 /* If we already have connection, accept as a central */
90 for (xx = 0, p_lcb_cur = &l2cb.lcb_pool[0]; xx < MAX_L2CAP_LINKS;
91 xx++, p_lcb_cur++) {
92 if (p_lcb_cur == p_lcb) continue;
93
94 if (p_lcb_cur->in_use) {
95 no_links = false;
96 p_lcb->SetLinkRoleAsCentral();
97 break;
98 }
99 }
100
101 if (no_links) {
102 if (!btm_dev_support_role_switch(bd_addr))
103 p_lcb->SetLinkRoleAsPeripheral();
104 else
105 p_lcb->SetLinkRoleAsCentral();
106 }
107
108 /* Tell the other side we accept the connection */
109 acl_accept_connection_request(bd_addr, p_lcb->LinkRole());
110
111 p_lcb->link_state = LST_CONNECTING;
112
113 /* Start a timer waiting for connect complete */
114 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, L2CAP_LINK_CONNECT_TIMEOUT_MS,
115 l2c_lcb_timer_timeout, p_lcb);
116 return;
117 }
118
119 /* We already had a link control block. Check what state it is in
120 */
121 if ((p_lcb->link_state == LST_CONNECTING) ||
122 (p_lcb->link_state == LST_CONNECT_HOLDING)) {
123 if (!btm_dev_support_role_switch(bd_addr))
124 p_lcb->SetLinkRoleAsPeripheral();
125 else
126 p_lcb->SetLinkRoleAsCentral();
127
128 acl_accept_connection_request(bd_addr, p_lcb->LinkRole());
129
130 p_lcb->link_state = LST_CONNECTING;
131 } else if (p_lcb->link_state == LST_DISCONNECTING) {
132 acl_reject_connection_request(bd_addr, HCI_ERR_HOST_REJECT_DEVICE);
133 } else {
134 LOG_ERROR("L2CAP got conn_req while connected (state:%d). Reject it",
135 p_lcb->link_state);
136 acl_reject_connection_request(bd_addr, HCI_ERR_CONNECTION_EXISTS);
137 }
138 }
139
l2c_link_hci_conn_comp(tHCI_STATUS status,uint16_t handle,const RawAddress & p_bda)140 void l2c_link_hci_conn_comp(tHCI_STATUS status, uint16_t handle,
141 const RawAddress& p_bda) {
142 if (bluetooth::shim::is_gd_l2cap_enabled()) {
143 return;
144 }
145 tL2C_CONN_INFO ci;
146 tL2C_LCB* p_lcb;
147 tL2C_CCB* p_ccb;
148
149 /* Save the parameters */
150 ci.status = status;
151 ci.bd_addr = p_bda;
152
153 /* See if we have a link control block for the remote device */
154 p_lcb = l2cu_find_lcb_by_bd_addr(ci.bd_addr, BT_TRANSPORT_BR_EDR);
155
156 /* If we don't have one, allocate one */
157 if (p_lcb == nullptr) {
158 p_lcb = l2cu_allocate_lcb(ci.bd_addr, false, BT_TRANSPORT_BR_EDR);
159 if (p_lcb == nullptr) {
160 LOG_WARN("Failed to allocate an LCB");
161 return;
162 }
163 LOG_DEBUG("Allocated l2cap control block for new connection state:%s",
164 link_state_text(p_lcb->link_state).c_str());
165 p_lcb->link_state = LST_CONNECTING;
166 }
167
168 if ((p_lcb->link_state == LST_CONNECTED) &&
169 (status == HCI_ERR_CONNECTION_EXISTS)) {
170 LOG_WARN("Connection already exists handle:0x%04x", handle);
171 return;
172 } else if (p_lcb->link_state != LST_CONNECTING) {
173 LOG_ERROR(
174 "Link received unexpected connection complete state:%s status:%s "
175 "handle:0x%04x",
176 link_state_text(p_lcb->link_state).c_str(),
177 hci_error_code_text(status).c_str(), p_lcb->Handle());
178 if (status != HCI_SUCCESS) {
179 LOG_ERROR("Disconnecting...");
180 l2c_link_hci_disc_comp(p_lcb->Handle(), status);
181 }
182 return;
183 }
184
185 /* Save the handle */
186 l2cu_set_lcb_handle(*p_lcb, handle);
187
188 if (ci.status == HCI_SUCCESS) {
189 /* Connected OK. Change state to connected */
190 p_lcb->link_state = LST_CONNECTED;
191
192 /* Get the peer information if the l2cap flow-control/rtrans is supported */
193 l2cu_send_peer_info_req(p_lcb, L2CAP_EXTENDED_FEATURES_INFO_TYPE);
194
195 if (p_lcb->IsBonding()) {
196 LOG_DEBUG("Link is dedicated bonding handle:0x%04x", p_lcb->Handle());
197 if (l2cu_start_post_bond_timer(handle)) return;
198 }
199
200 /* Update the timeouts in the hold queue */
201 l2c_process_held_packets(false);
202
203 alarm_cancel(p_lcb->l2c_lcb_timer);
204
205 /* For all channels, send the event through their FSMs */
206 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
207 p_ccb = p_ccb->p_next_ccb) {
208 l2c_csm_execute(p_ccb, L2CEVT_LP_CONNECT_CFM, &ci);
209 }
210
211 if (!p_lcb->ccb_queue.p_first_ccb) {
212 uint64_t timeout_ms = L2CAP_LINK_STARTUP_TOUT * 1000;
213 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, timeout_ms,
214 l2c_lcb_timer_timeout, p_lcb);
215 }
216 }
217 /* Max number of acl connections. */
218 /* If there's an lcb disconnecting set this one to holding */
219 else if ((ci.status == HCI_ERR_MAX_NUM_OF_CONNECTIONS) &&
220 l2cu_lcb_disconnecting()) {
221 LOG_WARN("Delaying connection as reached max number of links:%u",
222 HCI_ERR_MAX_NUM_OF_CONNECTIONS);
223 p_lcb->link_state = LST_CONNECT_HOLDING;
224 p_lcb->InvalidateHandle();
225 } else {
226 /* Just in case app decides to try again in the callback context */
227 p_lcb->link_state = LST_DISCONNECTING;
228
229 /* Connection failed. For all channels, send the event through */
230 /* their FSMs. The CCBs should remove themselves from the LCB */
231 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
232 tL2C_CCB* pn = p_ccb->p_next_ccb;
233
234 l2c_csm_execute(p_ccb, L2CEVT_LP_CONNECT_CFM_NEG, &ci);
235
236 p_ccb = pn;
237 }
238
239 LOG_INFO("Disconnecting link handle:0x%04x status:%s", p_lcb->Handle(),
240 hci_error_code_text(status).c_str());
241 p_lcb->SetDisconnectReason(status);
242 /* Release the LCB */
243 if (p_lcb->ccb_queue.p_first_ccb == NULL)
244 l2cu_release_lcb(p_lcb);
245 else /* there are any CCBs remaining */
246 {
247 if (ci.status == HCI_ERR_CONNECTION_EXISTS) {
248 /* we are in collision situation, wait for connecttion request from
249 * controller */
250 p_lcb->link_state = LST_CONNECTING;
251 } else {
252 l2cu_create_conn_br_edr(p_lcb);
253 }
254 }
255 }
256 }
257
258 /*******************************************************************************
259 *
260 * Function l2c_link_sec_comp
261 *
262 * Description This function is called when required security procedures
263 * are completed.
264 *
265 * Returns void
266 *
267 ******************************************************************************/
l2c_link_sec_comp(const RawAddress * p_bda,UNUSED_ATTR tBT_TRANSPORT transport,void * p_ref_data,tBTM_STATUS status)268 void l2c_link_sec_comp(const RawAddress* p_bda,
269 UNUSED_ATTR tBT_TRANSPORT transport, void* p_ref_data,
270 tBTM_STATUS status) {
271 l2c_link_sec_comp2(*p_bda, transport, p_ref_data, status);
272 }
273
l2c_link_sec_comp2(const RawAddress & p_bda,UNUSED_ATTR tBT_TRANSPORT transport,void * p_ref_data,tBTM_STATUS status)274 void l2c_link_sec_comp2(const RawAddress& p_bda,
275 UNUSED_ATTR tBT_TRANSPORT transport, void* p_ref_data,
276 tBTM_STATUS status) {
277 tL2C_CONN_INFO ci;
278 tL2C_LCB* p_lcb;
279 tL2C_CCB* p_ccb;
280 tL2C_CCB* p_next_ccb;
281
282 LOG_DEBUG("btm_status=%s, BD_ADDR=%s, transport=%s",
283 btm_status_text(status).c_str(), PRIVATE_ADDRESS(p_bda),
284 bt_transport_text(transport).c_str());
285
286 if (status == BTM_SUCCESS_NO_SECURITY) {
287 status = BTM_SUCCESS;
288 }
289
290 /* Save the parameters */
291 ci.status = status;
292 ci.bd_addr = p_bda;
293
294 p_lcb = l2cu_find_lcb_by_bd_addr(p_bda, transport);
295
296 /* If we don't have one, this is an error */
297 if (!p_lcb) {
298 LOG_WARN("L2CAP got sec_comp for unknown BD_ADDR");
299 return;
300 }
301
302 /* Match p_ccb with p_ref_data returned by sec manager */
303 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_next_ccb) {
304 p_next_ccb = p_ccb->p_next_ccb;
305
306 if (p_ccb == p_ref_data) {
307 switch (status) {
308 case BTM_SUCCESS:
309 l2c_csm_execute(p_ccb, L2CEVT_SEC_COMP, &ci);
310 break;
311
312 case BTM_DELAY_CHECK:
313 /* start a timer - encryption change not received before L2CAP connect
314 * req */
315 alarm_set_on_mloop(p_ccb->l2c_ccb_timer,
316 L2CAP_DELAY_CHECK_SM4_TIMEOUT_MS,
317 l2c_ccb_timer_timeout, p_ccb);
318 return;
319
320 default:
321 l2c_csm_execute(p_ccb, L2CEVT_SEC_COMP_NEG, &ci);
322 break;
323 }
324 break;
325 }
326 }
327 }
328
329 /*******************************************************************************
330 *
331 * Function l2c_link_hci_disc_comp
332 *
333 * Description This function is called when an HCI Disconnect Complete
334 * event is received.
335 *
336 * Returns true if the link is known about, else false
337 *
338 ******************************************************************************/
l2c_link_hci_disc_comp(uint16_t handle,tHCI_REASON reason)339 bool l2c_link_hci_disc_comp(uint16_t handle, tHCI_REASON reason) {
340 if (bluetooth::shim::is_gd_l2cap_enabled()) {
341 return false;
342 }
343
344 tL2C_LCB* p_lcb = l2cu_find_lcb_by_handle(handle);
345 tL2C_CCB* p_ccb;
346 bool status = true;
347 bool lcb_is_free = true;
348
349 /* If we don't have one, maybe an SCO link. Send to MM */
350 if (!p_lcb) {
351 status = false;
352 } else {
353 p_lcb->SetDisconnectReason(reason);
354
355 /* Just in case app decides to try again in the callback context */
356 p_lcb->link_state = LST_DISCONNECTING;
357
358 /* Check for BLE and handle that differently */
359 if (p_lcb->transport == BT_TRANSPORT_LE)
360 btm_ble_decrement_link_topology_mask(p_lcb->LinkRole());
361 /* Link is disconnected. For all channels, send the event through */
362 /* their FSMs. The CCBs should remove themselves from the LCB */
363 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
364 tL2C_CCB* pn = p_ccb->p_next_ccb;
365
366 /* Keep connect pending control block (if exists)
367 * Possible Race condition when a reconnect occurs
368 * on the channel during a disconnect of link. This
369 * ccb will be automatically retried after link disconnect
370 * arrives
371 */
372 if (p_ccb != p_lcb->p_pending_ccb) {
373 l2c_csm_execute(p_ccb, L2CEVT_LP_DISCONNECT_IND, &reason);
374 }
375 p_ccb = pn;
376 }
377
378 if (p_lcb->transport == BT_TRANSPORT_BR_EDR)
379 /* Tell SCO management to drop any SCOs on this ACL */
380 btm_sco_acl_removed(&p_lcb->remote_bd_addr);
381
382 /* If waiting for disconnect and reconnect is pending start the reconnect
383 now
384 race condition where layer above issued connect request on link that was
385 disconnecting
386 */
387 if (p_lcb->ccb_queue.p_first_ccb != NULL || p_lcb->p_pending_ccb) {
388 LOG_DEBUG("l2c_link_hci_disc_comp: Restarting pending ACL request");
389 /* Release any held buffers */
390 while (!list_is_empty(p_lcb->link_xmit_data_q)) {
391 BT_HDR* p_buf =
392 static_cast<BT_HDR*>(list_front(p_lcb->link_xmit_data_q));
393 list_remove(p_lcb->link_xmit_data_q, p_buf);
394 osi_free(p_buf);
395 }
396 /* for LE link, always drop and re-open to ensure to get LE remote feature
397 */
398 if (p_lcb->transport == BT_TRANSPORT_LE) {
399 btm_acl_removed(handle);
400 } else {
401 /* If we are going to re-use the LCB without dropping it, release all
402 fixed channels
403 here */
404 int xx;
405 for (xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++) {
406 if (p_lcb->p_fixed_ccbs[xx] &&
407 p_lcb->p_fixed_ccbs[xx] != p_lcb->p_pending_ccb) {
408 (*l2cb.fixed_reg[xx].pL2CA_FixedConn_Cb)(
409 xx + L2CAP_FIRST_FIXED_CHNL, p_lcb->remote_bd_addr, false,
410 p_lcb->DisconnectReason(), p_lcb->transport);
411 if (p_lcb->p_fixed_ccbs[xx] == NULL) {
412 LOG_ERROR(
413 "unexpected p_fixed_ccbs[%d] is NULL remote_bd_addr = %s "
414 "p_lcb = %p in_use = %d link_state = %d handle = %d "
415 "link_role = %d is_bonding = %d disc_reason = %d transport = "
416 "%d",
417 xx, p_lcb->remote_bd_addr.ToString().c_str(), p_lcb,
418 p_lcb->in_use, p_lcb->link_state, p_lcb->Handle(),
419 p_lcb->LinkRole(), p_lcb->IsBonding(),
420 p_lcb->DisconnectReason(), p_lcb->transport);
421 }
422 CHECK(p_lcb->p_fixed_ccbs[xx] != NULL);
423 l2cu_release_ccb(p_lcb->p_fixed_ccbs[xx]);
424
425 p_lcb->p_fixed_ccbs[xx] = NULL;
426 }
427 }
428 }
429 if (p_lcb->transport == BT_TRANSPORT_LE) {
430 if (l2cu_create_conn_le(p_lcb))
431 lcb_is_free = false; /* still using this lcb */
432 } else {
433 l2cu_create_conn_br_edr(p_lcb);
434 lcb_is_free = false; /* still using this lcb */
435 }
436 }
437
438 p_lcb->p_pending_ccb = NULL;
439
440 /* Release the LCB */
441 if (lcb_is_free) l2cu_release_lcb(p_lcb);
442 }
443
444 /* Now that we have a free acl connection, see if any lcbs are pending */
445 if (lcb_is_free &&
446 ((p_lcb = l2cu_find_lcb_by_state(LST_CONNECT_HOLDING)) != NULL)) {
447 /* we found one-- create a connection */
448 l2cu_create_conn_br_edr(p_lcb);
449 }
450
451 return status;
452 }
453
454 /*******************************************************************************
455 *
456 * Function l2c_link_timeout
457 *
458 * Description This function is called when a link timer expires
459 *
460 * Returns void
461 *
462 ******************************************************************************/
l2c_link_timeout(tL2C_LCB * p_lcb)463 void l2c_link_timeout(tL2C_LCB* p_lcb) {
464 tL2C_CCB* p_ccb;
465 tBTM_STATUS rc;
466
467 LOG_DEBUG("L2CAP - l2c_link_timeout() link state:%s is_bonding:%s",
468 link_state_text(p_lcb->link_state).c_str(),
469 logbool(p_lcb->IsBonding()).c_str());
470
471 /* If link was connecting or disconnecting, clear all channels and drop the
472 * LCB */
473 if ((p_lcb->link_state == LST_CONNECTING_WAIT_SWITCH) ||
474 (p_lcb->link_state == LST_CONNECTING) ||
475 (p_lcb->link_state == LST_CONNECT_HOLDING) ||
476 (p_lcb->link_state == LST_DISCONNECTING)) {
477 p_lcb->p_pending_ccb = NULL;
478
479 /* For all channels, send a disconnect indication event through */
480 /* their FSMs. The CCBs should remove themselves from the LCB */
481 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
482 tL2C_CCB* pn = p_ccb->p_next_ccb;
483
484 l2c_csm_execute(p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL);
485
486 p_ccb = pn;
487 }
488
489 /* Release the LCB */
490 l2cu_release_lcb(p_lcb);
491 }
492
493 /* If link is connected, check for inactivity timeout */
494 if (p_lcb->link_state == LST_CONNECTED) {
495 /* If no channels in use, drop the link. */
496 if (!p_lcb->ccb_queue.p_first_ccb) {
497 uint64_t timeout_ms;
498 bool start_timeout = true;
499
500 LOG_WARN("TODO: Remove this callback into bcm_sec_disconnect");
501 rc = btm_sec_disconnect(
502 p_lcb->Handle(), HCI_ERR_PEER_USER,
503 "stack::l2cap::l2c_link::l2c_link_timeout All channels closed");
504
505 if (rc == BTM_CMD_STORED) {
506 /* Security Manager will take care of disconnecting, state will be
507 * updated at that time */
508 start_timeout = false;
509 } else if (rc == BTM_CMD_STARTED) {
510 p_lcb->link_state = LST_DISCONNECTING;
511 timeout_ms = L2CAP_LINK_DISCONNECT_TIMEOUT_MS;
512 } else if (rc == BTM_SUCCESS) {
513 l2cu_process_fixed_disc_cback(p_lcb);
514 /* BTM SEC will make sure that link is release (probably after pairing
515 * is done) */
516 p_lcb->link_state = LST_DISCONNECTING;
517 start_timeout = false;
518 } else if (rc == BTM_BUSY) {
519 /* BTM is still executing security process. Let lcb stay as connected */
520 start_timeout = false;
521 } else if (p_lcb->IsBonding()) {
522 acl_disconnect_from_handle(p_lcb->Handle(), HCI_ERR_PEER_USER,
523 "stack::l2cap::l2c_link::l2c_link_timeout "
524 "Timer expired while bonding");
525 l2cu_process_fixed_disc_cback(p_lcb);
526 p_lcb->link_state = LST_DISCONNECTING;
527 timeout_ms = L2CAP_LINK_DISCONNECT_TIMEOUT_MS;
528 } else {
529 /* probably no buffer to send disconnect */
530 timeout_ms = BT_1SEC_TIMEOUT_MS;
531 }
532
533 if (start_timeout) {
534 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, timeout_ms,
535 l2c_lcb_timer_timeout, p_lcb);
536 }
537 } else {
538 /* Check in case we were flow controlled */
539 l2c_link_check_send_pkts(p_lcb, 0, NULL);
540 }
541 }
542 }
543
544 /*******************************************************************************
545 *
546 * Function l2c_info_resp_timer_timeout
547 *
548 * Description This function is called when an info request times out
549 *
550 * Returns void
551 *
552 ******************************************************************************/
l2c_info_resp_timer_timeout(void * data)553 void l2c_info_resp_timer_timeout(void* data) {
554 tL2C_LCB* p_lcb = (tL2C_LCB*)data;
555 tL2C_CCB* p_ccb;
556 tL2C_CONN_INFO ci;
557
558 /* If we timed out waiting for info response, just continue using basic if
559 * allowed */
560 if (p_lcb->w4_info_rsp) {
561 /* If waiting for security complete, restart the info response timer */
562 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
563 p_ccb = p_ccb->p_next_ccb) {
564 if ((p_ccb->chnl_state == CST_ORIG_W4_SEC_COMP) ||
565 (p_ccb->chnl_state == CST_TERM_W4_SEC_COMP)) {
566 alarm_set_on_mloop(p_lcb->info_resp_timer,
567 L2CAP_WAIT_INFO_RSP_TIMEOUT_MS,
568 l2c_info_resp_timer_timeout, p_lcb);
569 return;
570 }
571 }
572
573 p_lcb->w4_info_rsp = false;
574
575 /* If link is in process of being brought up */
576 if ((p_lcb->link_state != LST_DISCONNECTED) &&
577 (p_lcb->link_state != LST_DISCONNECTING)) {
578 /* Notify active channels that peer info is finished */
579 if (p_lcb->ccb_queue.p_first_ccb) {
580 ci.status = HCI_SUCCESS;
581 ci.bd_addr = p_lcb->remote_bd_addr;
582
583 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
584 p_ccb = p_ccb->p_next_ccb) {
585 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_INFO_RSP, &ci);
586 }
587 }
588 }
589 }
590 }
591
592 /*******************************************************************************
593 *
594 * Function l2c_link_adjust_allocation
595 *
596 * Description This function is called when a link is created or removed
597 * to calculate the amount of packets each link may send to
598 * the HCI without an ack coming back.
599 *
600 * Currently, this is a simple allocation, dividing the
601 * number of Controller Packets by the number of links. In
602 * the future, QOS configuration should be examined.
603 *
604 * Returns void
605 *
606 ******************************************************************************/
l2c_link_adjust_allocation(void)607 void l2c_link_adjust_allocation(void) {
608 uint16_t qq, yy, qq_remainder;
609 tL2C_LCB* p_lcb;
610 uint16_t hi_quota, low_quota;
611 uint16_t num_lowpri_links = 0;
612 uint16_t num_hipri_links = 0;
613 uint16_t controller_xmit_quota = l2cb.num_lm_acl_bufs;
614 uint16_t high_pri_link_quota = L2CAP_HIGH_PRI_MIN_XMIT_QUOTA_A;
615 bool is_share_buffer =
616 (l2cb.num_lm_ble_bufs == L2C_DEF_NUM_BLE_BUF_SHARED) ? true : false;
617
618 /* If no links active, reset buffer quotas and controller buffers */
619 if (l2cb.num_used_lcbs == 0) {
620 l2cb.controller_xmit_window = l2cb.num_lm_acl_bufs;
621 l2cb.round_robin_quota = l2cb.round_robin_unacked = 0;
622 return;
623 }
624
625 /* First, count the links */
626 for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++) {
627 if (p_lcb->in_use &&
628 (is_share_buffer || p_lcb->transport != BT_TRANSPORT_LE)) {
629 if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
630 num_hipri_links++;
631 else
632 num_lowpri_links++;
633 }
634 }
635
636 /* now adjust high priority link quota */
637 low_quota = num_lowpri_links ? 1 : 0;
638 while ((num_hipri_links * high_pri_link_quota + low_quota) >
639 controller_xmit_quota)
640 high_pri_link_quota--;
641
642 /* Work out the xmit quota and buffer quota high and low priorities */
643 hi_quota = num_hipri_links * high_pri_link_quota;
644 low_quota =
645 (hi_quota < controller_xmit_quota) ? controller_xmit_quota - hi_quota : 1;
646
647 /* Work out and save the HCI xmit quota for each low priority link */
648
649 /* If each low priority link cannot have at least one buffer */
650 if (num_lowpri_links > low_quota) {
651 l2cb.round_robin_quota = low_quota;
652 qq = qq_remainder = 1;
653 }
654 /* If each low priority link can have at least one buffer */
655 else if (num_lowpri_links > 0) {
656 l2cb.round_robin_quota = 0;
657 l2cb.round_robin_unacked = 0;
658 qq = low_quota / num_lowpri_links;
659 qq_remainder = low_quota % num_lowpri_links;
660 }
661 /* If no low priority link */
662 else {
663 l2cb.round_robin_quota = 0;
664 l2cb.round_robin_unacked = 0;
665 qq = qq_remainder = 1;
666 }
667
668 LOG_DEBUG(
669 "l2c_link_adjust_allocation num_hipri: %u num_lowpri: %u low_quota: "
670 "%u round_robin_quota: %u qq: %u",
671 num_hipri_links, num_lowpri_links, low_quota, l2cb.round_robin_quota, qq);
672
673 /* Now, assign the quotas to each link */
674 for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++) {
675 if (p_lcb->in_use &&
676 (is_share_buffer || p_lcb->transport != BT_TRANSPORT_LE)) {
677 if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH) {
678 p_lcb->link_xmit_quota = high_pri_link_quota;
679 } else {
680 /* Safety check in case we switched to round-robin with something
681 * outstanding */
682 /* if sent_not_acked is added into round_robin_unacked then don't add it
683 * again */
684 /* l2cap keeps updating sent_not_acked for exiting from round robin */
685 if ((p_lcb->link_xmit_quota > 0) && (qq == 0))
686 l2cb.round_robin_unacked += p_lcb->sent_not_acked;
687
688 p_lcb->link_xmit_quota = qq;
689 if (qq_remainder > 0) {
690 p_lcb->link_xmit_quota++;
691 qq_remainder--;
692 }
693 }
694
695 LOG_DEBUG(
696 "l2c_link_adjust_allocation LCB %d Priority: %d XmitQuota: %d", yy,
697 p_lcb->acl_priority, p_lcb->link_xmit_quota);
698
699 LOG_DEBUG(" SentNotAcked: %d RRUnacked: %d",
700 p_lcb->sent_not_acked, l2cb.round_robin_unacked);
701
702 /* There is a special case where we have readjusted the link quotas and */
703 /* this link may have sent anything but some other link sent packets so */
704 /* so we may need a timer to kick off this link's transmissions. */
705 if ((p_lcb->link_state == LST_CONNECTED) &&
706 (!list_is_empty(p_lcb->link_xmit_data_q)) &&
707 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
708 alarm_set_on_mloop(p_lcb->l2c_lcb_timer,
709 L2CAP_LINK_FLOW_CONTROL_TIMEOUT_MS,
710 l2c_lcb_timer_timeout, p_lcb);
711 }
712 }
713 }
714 }
715
716 /*******************************************************************************
717 *
718 * Function l2c_link_adjust_chnl_allocation
719 *
720 * Description This function is called to calculate the amount of packets
721 * each non-F&EC channel may have outstanding.
722 *
723 * Currently, this is a simple allocation, dividing the number
724 * of packets allocated to the link by the number of channels.
725 * In the future, QOS configuration should be examined.
726 *
727 * Returns void
728 *
729 ******************************************************************************/
l2c_link_adjust_chnl_allocation(void)730 void l2c_link_adjust_chnl_allocation(void) {
731 /* assign buffer quota to each channel based on its data rate requirement */
732 for (uint8_t xx = 0; xx < MAX_L2CAP_CHANNELS; xx++) {
733 tL2C_CCB* p_ccb = l2cb.ccb_pool + xx;
734
735 if (!p_ccb->in_use) continue;
736
737 tL2CAP_CHNL_DATA_RATE data_rate = p_ccb->tx_data_rate + p_ccb->rx_data_rate;
738 p_ccb->buff_quota = L2CAP_CBB_DEFAULT_DATA_RATE_BUFF_QUOTA * data_rate;
739 LOG_DEBUG(
740 "CID:0x%04x FCR Mode:%u Priority:%u TxDataRate:%u RxDataRate:%u "
741 "Quota:%u",
742 p_ccb->local_cid, p_ccb->peer_cfg.fcr.mode, p_ccb->ccb_priority,
743 p_ccb->tx_data_rate, p_ccb->rx_data_rate, p_ccb->buff_quota);
744
745 /* quota may be change so check congestion */
746 l2cu_check_channel_congestion(p_ccb);
747 }
748 }
749
l2c_link_init()750 void l2c_link_init() {
751 if (bluetooth::shim::is_gd_l2cap_enabled()) {
752 // GD L2cap gets this info through GD ACL
753 return;
754 }
755
756 const controller_t* controller = controller_get_interface();
757
758 l2cb.num_lm_acl_bufs = controller->get_acl_buffer_count_classic();
759 l2cb.controller_xmit_window = controller->get_acl_buffer_count_classic();
760 }
761
762 /*******************************************************************************
763 *
764 * Function l2c_link_role_changed
765 *
766 * Description This function is called whan a link's central/peripheral
767 *role change event is received. It simply updates the link control block.
768 *
769 * Returns void
770 *
771 ******************************************************************************/
l2c_link_role_changed(const RawAddress * bd_addr,uint8_t new_role,uint8_t hci_status)772 void l2c_link_role_changed(const RawAddress* bd_addr, uint8_t new_role,
773 uint8_t hci_status) {
774 /* Make sure not called from HCI Command Status (bd_addr and new_role are
775 * invalid) */
776 if (bd_addr != nullptr) {
777 /* If here came form hci role change event */
778 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(*bd_addr, BT_TRANSPORT_BR_EDR);
779 if (p_lcb) {
780 if (new_role == HCI_ROLE_CENTRAL) {
781 p_lcb->SetLinkRoleAsCentral();
782 } else {
783 p_lcb->SetLinkRoleAsPeripheral();
784 }
785
786 /* Reset high priority link if needed */
787 if (hci_status == HCI_SUCCESS)
788 l2cu_set_acl_priority(*bd_addr, p_lcb->acl_priority, true);
789 }
790 }
791
792 /* Check if any LCB was waiting for switch to be completed */
793 tL2C_LCB* p_lcb = &l2cb.lcb_pool[0];
794 for (uint8_t xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) {
795 if ((p_lcb->in_use) && (p_lcb->link_state == LST_CONNECTING_WAIT_SWITCH)) {
796 l2cu_create_conn_after_switch(p_lcb);
797 }
798 }
799 }
800
801 /*******************************************************************************
802 *
803 * Function l2c_pin_code_request
804 *
805 * Description This function is called whan a pin-code request is received
806 * on a connection. If there are no channels active yet on the
807 * link, it extends the link first connection timer. Make sure
808 * that inactivity timer is not extended if PIN code happens
809 * to be after last ccb released.
810 *
811 * Returns void
812 *
813 ******************************************************************************/
l2c_pin_code_request(const RawAddress & bd_addr)814 void l2c_pin_code_request(const RawAddress& bd_addr) {
815 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_BR_EDR);
816
817 if ((p_lcb) && (!p_lcb->ccb_queue.p_first_ccb)) {
818 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, L2CAP_LINK_CONNECT_EXT_TIMEOUT_MS,
819 l2c_lcb_timer_timeout, p_lcb);
820 }
821 }
822
823 /*******************************************************************************
824 *
825 * Function l2c_link_check_power_mode
826 *
827 * Description This function is called to check power mode.
828 *
829 * Returns true if link is going to be active from park
830 * false if nothing to send or not in park mode
831 *
832 ******************************************************************************/
l2c_link_check_power_mode(tL2C_LCB * p_lcb)833 static bool l2c_link_check_power_mode(tL2C_LCB* p_lcb) {
834 bool need_to_active = false;
835
836 // Return false as LM modes are applicable for BREDR transport
837 if (p_lcb->is_transport_ble()) return false;
838 /*
839 * We only switch park to active only if we have unsent packets
840 */
841 if (list_is_empty(p_lcb->link_xmit_data_q)) {
842 for (tL2C_CCB* p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
843 p_ccb = p_ccb->p_next_ccb) {
844 if (!fixed_queue_is_empty(p_ccb->xmit_hold_q)) {
845 need_to_active = true;
846 break;
847 }
848 }
849 } else {
850 need_to_active = true;
851 }
852
853 /* if we have packets to send */
854 if (need_to_active) {
855 /* check power mode */
856 tBTM_PM_MODE mode;
857 if (BTM_ReadPowerMode(p_lcb->remote_bd_addr, &mode)) {
858 if (mode == BTM_PM_STS_PENDING) {
859 LOG_DEBUG("LCB(0x%x) is in PM pending state", p_lcb->Handle());
860 return true;
861 }
862 }
863 }
864 return false;
865 }
866
867 /*******************************************************************************
868 *
869 * Function l2c_link_check_send_pkts
870 *
871 * Description This function is called to check if it can send packets
872 * to the Host Controller. It may be passed the address of
873 * a packet to send.
874 *
875 * Returns void
876 *
877 ******************************************************************************/
l2c_link_check_send_pkts(tL2C_LCB * p_lcb,uint16_t local_cid,BT_HDR * p_buf)878 void l2c_link_check_send_pkts(tL2C_LCB* p_lcb, uint16_t local_cid,
879 BT_HDR* p_buf) {
880 bool single_write = false;
881
882 /* Save the channel ID for faster counting */
883 if (p_buf) {
884 p_buf->event = local_cid;
885 if (local_cid != 0) {
886 single_write = true;
887 }
888
889 p_buf->layer_specific = 0;
890 list_append(p_lcb->link_xmit_data_q, p_buf);
891
892 if (p_lcb->link_xmit_quota == 0) {
893 if (p_lcb->transport == BT_TRANSPORT_LE)
894 l2cb.ble_check_round_robin = true;
895 else
896 l2cb.check_round_robin = true;
897 }
898 }
899
900 /* If this is called from uncongested callback context break recursive
901 *calling.
902 ** This LCB will be served when receiving number of completed packet event.
903 */
904 if (l2cb.is_cong_cback_context) {
905 LOG_INFO("skipping, is_cong_cback_context=true");
906 return;
907 }
908
909 /* If we are in a scenario where there are not enough buffers for each link to
910 ** have at least 1, then do a round-robin for all the LCBs
911 */
912 if ((p_lcb == NULL) || (p_lcb->link_xmit_quota == 0)) {
913 LOG_DEBUG("Round robin");
914 if (p_lcb == NULL) {
915 p_lcb = l2cb.lcb_pool;
916 } else if (!single_write) {
917 p_lcb++;
918 }
919
920 /* Loop through, starting at the next */
921 for (int xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) {
922 /* Check for wraparound */
923 if (p_lcb == &l2cb.lcb_pool[MAX_L2CAP_LINKS]) p_lcb = &l2cb.lcb_pool[0];
924
925 /* If controller window is full, nothing to do */
926 if (((l2cb.controller_xmit_window == 0 ||
927 (l2cb.round_robin_unacked >= l2cb.round_robin_quota)) &&
928 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
929 (p_lcb->transport == BT_TRANSPORT_LE &&
930 (l2cb.ble_round_robin_unacked >= l2cb.ble_round_robin_quota ||
931 l2cb.controller_le_xmit_window == 0))) {
932 LOG_DEBUG("Skipping lcb %d due to controller window full", xx);
933 continue;
934 }
935
936 if ((!p_lcb->in_use) || (p_lcb->partial_segment_being_sent) ||
937 (p_lcb->link_state != LST_CONNECTED) ||
938 (p_lcb->link_xmit_quota != 0) || (l2c_link_check_power_mode(p_lcb))) {
939 LOG_DEBUG("Skipping lcb %d due to quota", xx);
940 continue;
941 }
942
943 /* See if we can send anything from the Link Queue */
944 if (!list_is_empty(p_lcb->link_xmit_data_q)) {
945 LOG_DEBUG("Sending to lower layer");
946 p_buf = (BT_HDR*)list_front(p_lcb->link_xmit_data_q);
947 list_remove(p_lcb->link_xmit_data_q, p_buf);
948 l2c_link_send_to_lower(p_lcb, p_buf);
949 } else if (single_write) {
950 /* If only doing one write, break out */
951 LOG_DEBUG("single_write is true, skipping");
952 break;
953 }
954 /* If nothing on the link queue, check the channel queue */
955 else {
956 LOG_DEBUG("Check next buffer");
957 p_buf = l2cu_get_next_buffer_to_send(p_lcb);
958 if (p_buf != NULL) {
959 LOG_DEBUG("Sending next buffer");
960 l2c_link_send_to_lower(p_lcb, p_buf);
961 }
962 }
963 }
964
965 /* If we finished without using up our quota, no need for a safety check */
966 if ((l2cb.controller_xmit_window > 0) &&
967 (l2cb.round_robin_unacked < l2cb.round_robin_quota) &&
968 (p_lcb->transport == BT_TRANSPORT_BR_EDR))
969 l2cb.check_round_robin = false;
970
971 if ((l2cb.controller_le_xmit_window > 0) &&
972 (l2cb.ble_round_robin_unacked < l2cb.ble_round_robin_quota) &&
973 (p_lcb->transport == BT_TRANSPORT_LE))
974 l2cb.ble_check_round_robin = false;
975 } else /* if this is not round-robin service */
976 {
977 /* If a partial segment is being sent, can't send anything else */
978 if ((p_lcb->partial_segment_being_sent) ||
979 (p_lcb->link_state != LST_CONNECTED) ||
980 (l2c_link_check_power_mode(p_lcb))) {
981 LOG_INFO("A partial segment is being sent, cannot send anything else");
982 return;
983 }
984 LOG_DEBUG(
985 "Direct send, transport=%d, xmit_window=%d, le_xmit_window=%d, "
986 "sent_not_acked=%d, link_xmit_quota=%d",
987 p_lcb->transport, l2cb.controller_xmit_window,
988 l2cb.controller_le_xmit_window, p_lcb->sent_not_acked,
989 p_lcb->link_xmit_quota);
990
991 /* See if we can send anything from the link queue */
992 while (((l2cb.controller_xmit_window != 0 &&
993 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
994 (l2cb.controller_le_xmit_window != 0 &&
995 (p_lcb->transport == BT_TRANSPORT_LE))) &&
996 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
997 if (list_is_empty(p_lcb->link_xmit_data_q)) {
998 LOG_DEBUG("No transmit data, skipping");
999 break;
1000 }
1001 LOG_DEBUG("Sending to lower layer");
1002 p_buf = (BT_HDR*)list_front(p_lcb->link_xmit_data_q);
1003 list_remove(p_lcb->link_xmit_data_q, p_buf);
1004 l2c_link_send_to_lower(p_lcb, p_buf);
1005 }
1006
1007 if (!single_write) {
1008 /* See if we can send anything for any channel */
1009 LOG_DEBUG("Trying to send other data when single_write is false");
1010 while (((l2cb.controller_xmit_window != 0 &&
1011 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1012 (l2cb.controller_le_xmit_window != 0 &&
1013 (p_lcb->transport == BT_TRANSPORT_LE))) &&
1014 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
1015 p_buf = l2cu_get_next_buffer_to_send(p_lcb);
1016 if (p_buf == NULL) {
1017 LOG_DEBUG("No next buffer, skipping");
1018 break;
1019 }
1020 LOG_DEBUG("Sending to lower layer");
1021 l2c_link_send_to_lower(p_lcb, p_buf);
1022 }
1023 }
1024
1025 /* There is a special case where we have readjusted the link quotas and */
1026 /* this link may have sent anything but some other link sent packets so */
1027 /* so we may need a timer to kick off this link's transmissions. */
1028 if ((!list_is_empty(p_lcb->link_xmit_data_q)) &&
1029 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
1030 alarm_set_on_mloop(p_lcb->l2c_lcb_timer,
1031 L2CAP_LINK_FLOW_CONTROL_TIMEOUT_MS,
1032 l2c_lcb_timer_timeout, p_lcb);
1033 }
1034 }
1035 }
1036
l2c_OnHciModeChangeSendPendingPackets(RawAddress remote)1037 void l2c_OnHciModeChangeSendPendingPackets(RawAddress remote) {
1038 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(remote, BT_TRANSPORT_BR_EDR);
1039 if (p_lcb != NULL) {
1040 /* There might be any pending packets due to SNIFF or PENDING state */
1041 /* Trigger L2C to start transmission of the pending packets. */
1042 BTM_TRACE_DEBUG(
1043 "btm mode change to active; check l2c_link for outgoing packets");
1044 l2c_link_check_send_pkts(p_lcb, 0, NULL);
1045 }
1046 }
1047
1048 /*******************************************************************************
1049 *
1050 * Function l2c_link_send_to_lower
1051 *
1052 * Description This function queues the buffer for HCI transmission
1053 *
1054 ******************************************************************************/
l2c_link_send_to_lower_br_edr(tL2C_LCB * p_lcb,BT_HDR * p_buf)1055 static void l2c_link_send_to_lower_br_edr(tL2C_LCB* p_lcb, BT_HDR* p_buf) {
1056 const uint16_t link_xmit_quota = p_lcb->link_xmit_quota;
1057
1058 if (link_xmit_quota == 0) {
1059 l2cb.round_robin_unacked++;
1060 }
1061 p_lcb->sent_not_acked++;
1062 p_buf->layer_specific = 0;
1063 l2cb.controller_xmit_window--;
1064
1065 acl_send_data_packet_br_edr(p_lcb->remote_bd_addr, p_buf);
1066 LOG_DEBUG("TotalWin=%d,Hndl=0x%x,Quota=%d,Unack=%d,RRQuota=%d,RRUnack=%d",
1067 l2cb.controller_xmit_window, p_lcb->Handle(),
1068 p_lcb->link_xmit_quota, p_lcb->sent_not_acked,
1069 l2cb.round_robin_quota, l2cb.round_robin_unacked);
1070 }
1071
l2c_link_send_to_lower_ble(tL2C_LCB * p_lcb,BT_HDR * p_buf)1072 static void l2c_link_send_to_lower_ble(tL2C_LCB* p_lcb, BT_HDR* p_buf) {
1073 const uint16_t link_xmit_quota = p_lcb->link_xmit_quota;
1074
1075 if (link_xmit_quota == 0) {
1076 l2cb.ble_round_robin_unacked++;
1077 }
1078 p_lcb->sent_not_acked++;
1079 p_buf->layer_specific = 0;
1080 l2cb.controller_le_xmit_window--;
1081
1082 acl_send_data_packet_ble(p_lcb->remote_bd_addr, p_buf);
1083 LOG_DEBUG("TotalWin=%d,Hndl=0x%x,Quota=%d,Unack=%d,RRQuota=%d,RRUnack=%d",
1084 l2cb.controller_le_xmit_window, p_lcb->Handle(),
1085 p_lcb->link_xmit_quota, p_lcb->sent_not_acked,
1086 l2cb.ble_round_robin_quota, l2cb.ble_round_robin_unacked);
1087 }
1088
l2c_link_send_to_lower(tL2C_LCB * p_lcb,BT_HDR * p_buf)1089 static void l2c_link_send_to_lower(tL2C_LCB* p_lcb, BT_HDR* p_buf) {
1090 if (p_lcb->transport == BT_TRANSPORT_BR_EDR) {
1091 l2c_link_send_to_lower_br_edr(p_lcb, p_buf);
1092 } else {
1093 l2c_link_send_to_lower_ble(p_lcb, p_buf);
1094 }
1095 }
1096
l2c_packets_completed(uint16_t handle,uint16_t num_sent)1097 void l2c_packets_completed(uint16_t handle, uint16_t num_sent) {
1098 tL2C_LCB* p_lcb = l2cu_find_lcb_by_handle(handle);
1099 if (p_lcb == nullptr) {
1100 return;
1101 }
1102 p_lcb->update_outstanding_packets(num_sent);
1103
1104 switch (p_lcb->transport) {
1105 case BT_TRANSPORT_BR_EDR:
1106 l2cb.controller_xmit_window += num_sent;
1107 if (p_lcb->is_round_robin_scheduling())
1108 l2cb.update_outstanding_classic_packets(num_sent);
1109 break;
1110 case BT_TRANSPORT_LE:
1111 l2cb.controller_le_xmit_window += num_sent;
1112 if (p_lcb->is_round_robin_scheduling())
1113 l2cb.update_outstanding_le_packets(num_sent);
1114 break;
1115 default:
1116 LOG_ERROR("Unknown transport received:%u", p_lcb->transport);
1117 return;
1118 }
1119
1120 l2c_link_check_send_pkts(p_lcb, 0, NULL);
1121
1122 if (p_lcb->is_high_priority()) {
1123 switch (p_lcb->transport) {
1124 case BT_TRANSPORT_LE:
1125 if (l2cb.ble_check_round_robin &&
1126 l2cb.is_ble_round_robin_quota_available())
1127 l2c_link_check_send_pkts(NULL, 0, NULL);
1128 break;
1129 case BT_TRANSPORT_BR_EDR:
1130 if (l2cb.check_round_robin &&
1131 l2cb.is_classic_round_robin_quota_available()) {
1132 l2c_link_check_send_pkts(NULL, 0, NULL);
1133 }
1134 break;
1135 default:
1136 break;
1137 }
1138 }
1139 }
1140
1141 /*******************************************************************************
1142 *
1143 * Function l2c_link_segments_xmitted
1144 *
1145 * Description This function is called from the HCI Interface when an ACL
1146 * data packet segment is transmitted.
1147 *
1148 * Returns void
1149 *
1150 ******************************************************************************/
l2c_link_segments_xmitted(BT_HDR * p_msg)1151 void l2c_link_segments_xmitted(BT_HDR* p_msg) {
1152 uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset;
1153
1154 /* Extract the handle */
1155 uint16_t handle{HCI_INVALID_HANDLE};
1156 STREAM_TO_UINT16(handle, p);
1157 handle = HCID_GET_HANDLE(handle);
1158
1159 /* Find the LCB based on the handle */
1160 tL2C_LCB* p_lcb = l2cu_find_lcb_by_handle(handle);
1161 if (p_lcb == nullptr) {
1162 LOG_WARN("Received segment complete for unknown connection handle:%d",
1163 handle);
1164 osi_free(p_msg);
1165 return;
1166 }
1167
1168 if (p_lcb->link_state != LST_CONNECTED) {
1169 LOG_INFO("Received segment complete for unconnected connection handle:%d:",
1170 handle);
1171 osi_free(p_msg);
1172 return;
1173 }
1174
1175 /* Enqueue the buffer to the head of the transmit queue, and see */
1176 /* if we can transmit anything more. */
1177 list_prepend(p_lcb->link_xmit_data_q, p_msg);
1178
1179 p_lcb->partial_segment_being_sent = false;
1180
1181 l2c_link_check_send_pkts(p_lcb, 0, NULL);
1182 }
1183
l2cu_ConnectAclForSecurity(const RawAddress & bd_addr)1184 tBTM_STATUS l2cu_ConnectAclForSecurity(const RawAddress& bd_addr) {
1185 if (bluetooth::shim::is_gd_l2cap_enabled()) {
1186 bluetooth::shim::L2CA_ConnectForSecurity(bd_addr);
1187 return BTM_SUCCESS;
1188 }
1189
1190 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_BR_EDR);
1191 if (p_lcb && (p_lcb->link_state == LST_CONNECTED ||
1192 p_lcb->link_state == LST_CONNECTING)) {
1193 LOG_WARN("Connection already exists");
1194 return BTM_CMD_STARTED;
1195 }
1196
1197 /* Make sure an L2cap link control block is available */
1198 if (!p_lcb &&
1199 (p_lcb = l2cu_allocate_lcb(bd_addr, true, BT_TRANSPORT_BR_EDR)) == NULL) {
1200 LOG_WARN("failed allocate LCB for %s", bd_addr.ToString().c_str());
1201 return BTM_NO_RESOURCES;
1202 }
1203
1204 l2cu_create_conn_br_edr(p_lcb);
1205 btm_acl_set_paging(true);
1206 return BTM_SUCCESS;
1207 }
1208
l2cble_update_sec_act(const RawAddress & bd_addr,uint16_t sec_act)1209 void l2cble_update_sec_act(const RawAddress& bd_addr, uint16_t sec_act) {
1210 tL2C_LCB* lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_LE);
1211 lcb->sec_act = sec_act;
1212 }
1213
1214 /******************************************************************************
1215 *
1216 * Function l2cu_get_next_channel_in_rr
1217 *
1218 * Description get the next channel to send on a link. It also adjusts the
1219 * CCB queue to do a basic priority and round-robin scheduling.
1220 *
1221 * Returns pointer to CCB or NULL
1222 *
1223 ******************************************************************************/
l2cu_get_next_channel_in_rr(tL2C_LCB * p_lcb)1224 tL2C_CCB* l2cu_get_next_channel_in_rr(tL2C_LCB* p_lcb) {
1225 tL2C_CCB* p_serve_ccb = NULL;
1226 tL2C_CCB* p_ccb;
1227
1228 int i, j;
1229
1230 /* scan all of priority until finding a channel to serve */
1231 for (i = 0; (i < L2CAP_NUM_CHNL_PRIORITY) && (!p_serve_ccb); i++) {
1232 /* scan all channel within serving priority group until finding a channel to
1233 * serve */
1234 for (j = 0; (j < p_lcb->rr_serv[p_lcb->rr_pri].num_ccb) && (!p_serve_ccb);
1235 j++) {
1236 /* scaning from next serving channel */
1237 p_ccb = p_lcb->rr_serv[p_lcb->rr_pri].p_serve_ccb;
1238
1239 if (!p_ccb) {
1240 LOG_ERROR("p_serve_ccb is NULL, rr_pri=%d", p_lcb->rr_pri);
1241 return NULL;
1242 }
1243
1244 LOG_DEBUG("RR scan pri=%d, lcid=0x%04x, q_cout=%zu", p_ccb->ccb_priority,
1245 p_ccb->local_cid, fixed_queue_length(p_ccb->xmit_hold_q));
1246
1247 /* store the next serving channel */
1248 /* this channel is the last channel of its priority group */
1249 if ((p_ccb->p_next_ccb == NULL) ||
1250 (p_ccb->p_next_ccb->ccb_priority != p_ccb->ccb_priority)) {
1251 /* next serving channel is set to the first channel in the group */
1252 p_lcb->rr_serv[p_lcb->rr_pri].p_serve_ccb =
1253 p_lcb->rr_serv[p_lcb->rr_pri].p_first_ccb;
1254 } else {
1255 /* next serving channel is set to the next channel in the group */
1256 p_lcb->rr_serv[p_lcb->rr_pri].p_serve_ccb = p_ccb->p_next_ccb;
1257 }
1258
1259 if (p_ccb->chnl_state != CST_OPEN) continue;
1260
1261 if (p_ccb->p_lcb->transport == BT_TRANSPORT_LE) {
1262 LOG_DEBUG("Connection oriented channel");
1263 if (fixed_queue_is_empty(p_ccb->xmit_hold_q)) continue;
1264
1265 } else {
1266 /* eL2CAP option in use */
1267 if (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_BASIC_MODE) {
1268 if (p_ccb->fcrb.wait_ack || p_ccb->fcrb.remote_busy) continue;
1269
1270 if (fixed_queue_is_empty(p_ccb->fcrb.retrans_q)) {
1271 if (fixed_queue_is_empty(p_ccb->xmit_hold_q)) continue;
1272
1273 /* If in eRTM mode, check for window closure */
1274 if ((p_ccb->peer_cfg.fcr.mode == L2CAP_FCR_ERTM_MODE) &&
1275 (l2c_fcr_is_flow_controlled(p_ccb)))
1276 continue;
1277 }
1278 } else {
1279 if (fixed_queue_is_empty(p_ccb->xmit_hold_q)) continue;
1280 }
1281 }
1282
1283 /* found a channel to serve */
1284 p_serve_ccb = p_ccb;
1285 /* decrease quota of its priority group */
1286 p_lcb->rr_serv[p_lcb->rr_pri].quota--;
1287 }
1288
1289 /* if there is no more quota of the priority group or no channel to have
1290 * data to send */
1291 if ((p_lcb->rr_serv[p_lcb->rr_pri].quota == 0) || (!p_serve_ccb)) {
1292 /* serve next priority group */
1293 p_lcb->rr_pri = (p_lcb->rr_pri + 1) % L2CAP_NUM_CHNL_PRIORITY;
1294 /* initialize its quota */
1295 p_lcb->rr_serv[p_lcb->rr_pri].quota =
1296 L2CAP_GET_PRIORITY_QUOTA(p_lcb->rr_pri);
1297 }
1298 }
1299
1300 if (p_serve_ccb) {
1301 LOG_DEBUG("RR service pri=%d, quota=%d, lcid=0x%04x",
1302 p_serve_ccb->ccb_priority,
1303 p_lcb->rr_serv[p_serve_ccb->ccb_priority].quota,
1304 p_serve_ccb->local_cid);
1305 }
1306
1307 return p_serve_ccb;
1308 }
1309
1310 /******************************************************************************
1311 *
1312 * Function l2cu_get_next_buffer_to_send
1313 *
1314 * Description get the next buffer to send on a link. It also adjusts the
1315 * CCB queue to do a basic priority and round-robin scheduling.
1316 *
1317 * Returns pointer to buffer or NULL
1318 *
1319 ******************************************************************************/
l2cu_get_next_buffer_to_send(tL2C_LCB * p_lcb)1320 BT_HDR* l2cu_get_next_buffer_to_send(tL2C_LCB* p_lcb) {
1321 tL2C_CCB* p_ccb;
1322 BT_HDR* p_buf;
1323
1324 /* Highest priority are fixed channels */
1325 int xx;
1326
1327 for (xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++) {
1328 p_ccb = p_lcb->p_fixed_ccbs[xx];
1329 if (p_ccb == NULL) continue;
1330
1331 /* eL2CAP option in use */
1332 if (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_BASIC_MODE) {
1333 if (p_ccb->fcrb.wait_ack || p_ccb->fcrb.remote_busy) continue;
1334
1335 /* No more checks needed if sending from the reatransmit queue */
1336 if (fixed_queue_is_empty(p_ccb->fcrb.retrans_q)) {
1337 if (fixed_queue_is_empty(p_ccb->xmit_hold_q)) continue;
1338
1339 /* If in eRTM mode, check for window closure */
1340 if ((p_ccb->peer_cfg.fcr.mode == L2CAP_FCR_ERTM_MODE) &&
1341 (l2c_fcr_is_flow_controlled(p_ccb)))
1342 continue;
1343 }
1344
1345 p_buf = l2c_fcr_get_next_xmit_sdu_seg(p_ccb, 0);
1346 if (p_buf != NULL) {
1347 l2cu_check_channel_congestion(p_ccb);
1348 l2cu_set_acl_hci_header(p_buf, p_ccb);
1349 return (p_buf);
1350 }
1351 } else {
1352 if (!fixed_queue_is_empty(p_ccb->xmit_hold_q)) {
1353 p_buf = (BT_HDR*)fixed_queue_try_dequeue(p_ccb->xmit_hold_q);
1354 if (NULL == p_buf) {
1355 LOG_ERROR("No data to be sent");
1356 return (NULL);
1357 }
1358
1359 l2cu_check_channel_congestion(p_ccb);
1360 l2cu_set_acl_hci_header(p_buf, p_ccb);
1361 return (p_buf);
1362 }
1363 }
1364 }
1365
1366 /* get next serving channel in round-robin */
1367 p_ccb = l2cu_get_next_channel_in_rr(p_lcb);
1368
1369 /* Return if no buffer */
1370 if (p_ccb == NULL) return (NULL);
1371
1372 if (p_ccb->p_lcb->transport == BT_TRANSPORT_LE) {
1373 /* Check credits */
1374 if (p_ccb->peer_conn_cfg.credits == 0) {
1375 LOG_DEBUG("No credits to send packets");
1376 return NULL;
1377 }
1378
1379 bool last_piece_of_sdu = false;
1380 p_buf = l2c_lcc_get_next_xmit_sdu_seg(p_ccb, &last_piece_of_sdu);
1381 p_ccb->peer_conn_cfg.credits--;
1382
1383 if (last_piece_of_sdu) {
1384 // TODO: send callback up the stack. Investigate setting p_cbi->cb to
1385 // notify after controller ack send.
1386 }
1387
1388 } else {
1389 if (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_BASIC_MODE) {
1390 p_buf = l2c_fcr_get_next_xmit_sdu_seg(p_ccb, 0);
1391 if (p_buf == NULL) return (NULL);
1392 } else {
1393 p_buf = (BT_HDR*)fixed_queue_try_dequeue(p_ccb->xmit_hold_q);
1394 if (NULL == p_buf) {
1395 LOG_ERROR("#2: No data to be sent");
1396 return (NULL);
1397 }
1398 }
1399 }
1400
1401 if (p_ccb->p_rcb && p_ccb->p_rcb->api.pL2CA_TxComplete_Cb &&
1402 (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_ERTM_MODE))
1403 (*p_ccb->p_rcb->api.pL2CA_TxComplete_Cb)(p_ccb->local_cid, 1);
1404
1405 l2cu_check_channel_congestion(p_ccb);
1406
1407 l2cu_set_acl_hci_header(p_buf, p_ccb);
1408
1409 return (p_buf);
1410 }
1411