1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * this file contains the functions relating to link management. A "link"
22 * is a connection between this device and another device. Only ACL links
23 * are managed.
24 *
25 ******************************************************************************/
26 #define LOG_TAG "l2c_link"
27
28 #include <cstdint>
29
30 #include "device/include/device_iot_config.h"
31 #include "main/shim/l2c_api.h"
32 #include "main/shim/shim.h"
33 #include "osi/include/allocator.h"
34 #include "osi/include/log.h"
35 #include "osi/include/osi.h"
36 #include "stack/btm/btm_int_types.h"
37 #include "stack/include/acl_api.h"
38 #include "stack/include/bt_hdr.h"
39 #include "stack/include/bt_types.h"
40 #include "stack/include/hci_error_code.h"
41 #include "stack/l2cap/l2c_int.h"
42 #include "types/bt_transport.h"
43 #include "types/raw_address.h"
44
45 extern tBTM_CB btm_cb;
46
47 bool BTM_ReadPowerMode(const RawAddress& remote_bda, tBTM_PM_MODE* p_mode);
48 bool btm_dev_support_role_switch(const RawAddress& bd_addr);
49 tBTM_STATUS btm_sec_disconnect(uint16_t handle, tHCI_STATUS reason,
50 std::string);
51 void btm_acl_created(const RawAddress& bda, uint16_t hci_handle,
52 uint8_t link_role, tBT_TRANSPORT transport);
53 void btm_acl_removed(uint16_t handle);
54 void btm_acl_set_paging(bool value);
55 void btm_ble_decrement_link_topology_mask(uint8_t link_role);
56 void btm_sco_acl_removed(const RawAddress* bda);
57
58 static void l2c_link_send_to_lower(tL2C_LCB* p_lcb, BT_HDR* p_buf);
59 static BT_HDR* l2cu_get_next_buffer_to_send(tL2C_LCB* p_lcb);
60
61 /*******************************************************************************
62 *
63 * Function l2c_link_hci_conn_req
64 *
65 * Description This function is called when an HCI Connection Request
66 * event is received.
67 *
68 ******************************************************************************/
l2c_link_hci_conn_req(const RawAddress & bd_addr)69 void l2c_link_hci_conn_req(const RawAddress& bd_addr) {
70 tL2C_LCB* p_lcb;
71 tL2C_LCB* p_lcb_cur;
72 int xx;
73 bool no_links;
74
75 /* See if we have a link control block for the remote device */
76 p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_BR_EDR);
77
78 /* If we don't have one, create one and accept the connection. */
79 if (!p_lcb) {
80 p_lcb = l2cu_allocate_lcb(bd_addr, false, BT_TRANSPORT_BR_EDR);
81 if (!p_lcb) {
82 btsnd_hcic_reject_conn(bd_addr, HCI_ERR_HOST_REJECT_RESOURCES);
83 LOG_ERROR("L2CAP failed to allocate LCB");
84 return;
85 }
86
87 no_links = true;
88
89 /* If we already have connection, accept as a central */
90 for (xx = 0, p_lcb_cur = &l2cb.lcb_pool[0]; xx < MAX_L2CAP_LINKS;
91 xx++, p_lcb_cur++) {
92 if (p_lcb_cur == p_lcb) continue;
93
94 if (p_lcb_cur->in_use) {
95 no_links = false;
96 p_lcb->SetLinkRoleAsCentral();
97 break;
98 }
99 }
100
101 if (no_links) {
102 if (!btm_dev_support_role_switch(bd_addr))
103 p_lcb->SetLinkRoleAsPeripheral();
104 else
105 p_lcb->SetLinkRoleAsCentral();
106 }
107
108 /* Tell the other side we accept the connection */
109 acl_accept_connection_request(bd_addr, p_lcb->LinkRole());
110
111 p_lcb->link_state = LST_CONNECTING;
112
113 /* Start a timer waiting for connect complete */
114 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, L2CAP_LINK_CONNECT_TIMEOUT_MS,
115 l2c_lcb_timer_timeout, p_lcb);
116 return;
117 }
118
119 /* We already had a link control block. Check what state it is in
120 */
121 if ((p_lcb->link_state == LST_CONNECTING) ||
122 (p_lcb->link_state == LST_CONNECT_HOLDING)) {
123 if (!btm_dev_support_role_switch(bd_addr))
124 p_lcb->SetLinkRoleAsPeripheral();
125 else
126 p_lcb->SetLinkRoleAsCentral();
127
128 acl_accept_connection_request(bd_addr, p_lcb->LinkRole());
129
130 p_lcb->link_state = LST_CONNECTING;
131 } else if (p_lcb->link_state == LST_DISCONNECTING) {
132 acl_reject_connection_request(bd_addr, HCI_ERR_HOST_REJECT_DEVICE);
133 } else {
134 LOG_ERROR("L2CAP got conn_req while connected (state:%d). Reject it",
135 p_lcb->link_state);
136 acl_reject_connection_request(bd_addr, HCI_ERR_CONNECTION_EXISTS);
137 }
138 }
139
l2c_link_hci_conn_comp(tHCI_STATUS status,uint16_t handle,const RawAddress & p_bda)140 void l2c_link_hci_conn_comp(tHCI_STATUS status, uint16_t handle,
141 const RawAddress& p_bda) {
142 if (bluetooth::shim::is_gd_l2cap_enabled()) {
143 return;
144 }
145 tL2C_CONN_INFO ci;
146 tL2C_LCB* p_lcb;
147 tL2C_CCB* p_ccb;
148
149 /* Save the parameters */
150 ci.status = status;
151 ci.bd_addr = p_bda;
152
153 /* See if we have a link control block for the remote device */
154 p_lcb = l2cu_find_lcb_by_bd_addr(ci.bd_addr, BT_TRANSPORT_BR_EDR);
155
156 /* If we don't have one, allocate one */
157 if (p_lcb == nullptr) {
158 p_lcb = l2cu_allocate_lcb(ci.bd_addr, false, BT_TRANSPORT_BR_EDR);
159 if (p_lcb == nullptr) {
160 LOG_WARN("Failed to allocate an LCB");
161 return;
162 }
163 LOG_DEBUG("Allocated l2cap control block for new connection state:%s",
164 link_state_text(p_lcb->link_state).c_str());
165 p_lcb->link_state = LST_CONNECTING;
166 }
167
168 if ((p_lcb->link_state == LST_CONNECTED) &&
169 (status == HCI_ERR_CONNECTION_EXISTS)) {
170 LOG_WARN("Connection already exists handle:0x%04x", handle);
171 return;
172 } else if (p_lcb->link_state != LST_CONNECTING) {
173 LOG_ERROR(
174 "Link received unexpected connection complete state:%s status:%s "
175 "handle:0x%04x",
176 link_state_text(p_lcb->link_state).c_str(),
177 hci_error_code_text(status).c_str(), p_lcb->Handle());
178 if (status != HCI_SUCCESS) {
179 LOG_ERROR("Disconnecting...");
180 l2c_link_hci_disc_comp(p_lcb->Handle(), status);
181 }
182 return;
183 }
184
185 /* Save the handle */
186 l2cu_set_lcb_handle(*p_lcb, handle);
187
188 if (ci.status == HCI_SUCCESS) {
189 /* Connected OK. Change state to connected */
190 p_lcb->link_state = LST_CONNECTED;
191
192 /* Get the peer information if the l2cap flow-control/rtrans is supported */
193 l2cu_send_peer_info_req(p_lcb, L2CAP_EXTENDED_FEATURES_INFO_TYPE);
194
195 if (p_lcb->IsBonding()) {
196 LOG_DEBUG("Link is dedicated bonding handle:0x%04x", p_lcb->Handle());
197 if (l2cu_start_post_bond_timer(handle)) return;
198 }
199
200 alarm_cancel(p_lcb->l2c_lcb_timer);
201
202 /* For all channels, send the event through their FSMs */
203 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
204 p_ccb = p_ccb->p_next_ccb) {
205 l2c_csm_execute(p_ccb, L2CEVT_LP_CONNECT_CFM, &ci);
206 }
207
208 if (!p_lcb->ccb_queue.p_first_ccb) {
209 uint64_t timeout_ms = L2CAP_LINK_STARTUP_TOUT * 1000;
210 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, timeout_ms,
211 l2c_lcb_timer_timeout, p_lcb);
212 }
213 }
214 /* Max number of acl connections. */
215 /* If there's an lcb disconnecting set this one to holding */
216 else if ((ci.status == HCI_ERR_MAX_NUM_OF_CONNECTIONS) &&
217 l2cu_lcb_disconnecting()) {
218 LOG_WARN("Delaying connection as reached max number of links:%u",
219 HCI_ERR_MAX_NUM_OF_CONNECTIONS);
220 p_lcb->link_state = LST_CONNECT_HOLDING;
221 p_lcb->InvalidateHandle();
222 } else {
223 /* Just in case app decides to try again in the callback context */
224 p_lcb->link_state = LST_DISCONNECTING;
225
226 /* Connection failed. For all channels, send the event through */
227 /* their FSMs. The CCBs should remove themselves from the LCB */
228 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
229 tL2C_CCB* pn = p_ccb->p_next_ccb;
230
231 l2c_csm_execute(p_ccb, L2CEVT_LP_CONNECT_CFM_NEG, &ci);
232
233 p_ccb = pn;
234 }
235
236 LOG_INFO("Disconnecting link handle:0x%04x status:%s", p_lcb->Handle(),
237 hci_error_code_text(status).c_str());
238 p_lcb->SetDisconnectReason(status);
239 /* Release the LCB */
240 if (p_lcb->ccb_queue.p_first_ccb == NULL)
241 l2cu_release_lcb(p_lcb);
242 else /* there are any CCBs remaining */
243 {
244 if (ci.status == HCI_ERR_CONNECTION_EXISTS) {
245 /* we are in collision situation, wait for connecttion request from
246 * controller */
247 p_lcb->link_state = LST_CONNECTING;
248 } else {
249 l2cu_create_conn_br_edr(p_lcb);
250 }
251 }
252 }
253 }
254
255 /*******************************************************************************
256 *
257 * Function l2c_link_sec_comp
258 *
259 * Description This function is called when required security procedures
260 * are completed.
261 *
262 * Returns void
263 *
264 ******************************************************************************/
l2c_link_sec_comp(const RawAddress * p_bda,UNUSED_ATTR tBT_TRANSPORT transport,void * p_ref_data,tBTM_STATUS status)265 void l2c_link_sec_comp(const RawAddress* p_bda,
266 UNUSED_ATTR tBT_TRANSPORT transport, void* p_ref_data,
267 tBTM_STATUS status) {
268 l2c_link_sec_comp2(*p_bda, transport, p_ref_data, status);
269 }
270
l2c_link_sec_comp2(const RawAddress & p_bda,UNUSED_ATTR tBT_TRANSPORT transport,void * p_ref_data,tBTM_STATUS status)271 void l2c_link_sec_comp2(const RawAddress& p_bda,
272 UNUSED_ATTR tBT_TRANSPORT transport, void* p_ref_data,
273 tBTM_STATUS status) {
274 tL2C_CONN_INFO ci;
275 tL2C_LCB* p_lcb;
276 tL2C_CCB* p_ccb;
277 tL2C_CCB* p_next_ccb;
278
279 LOG_DEBUG("btm_status=%s, BD_ADDR=%s, transport=%s",
280 btm_status_text(status).c_str(), ADDRESS_TO_LOGGABLE_CSTR(p_bda),
281 bt_transport_text(transport).c_str());
282
283 if (status == BTM_SUCCESS_NO_SECURITY) {
284 status = BTM_SUCCESS;
285 }
286
287 /* Save the parameters */
288 ci.status = status;
289 ci.bd_addr = p_bda;
290
291 p_lcb = l2cu_find_lcb_by_bd_addr(p_bda, transport);
292
293 /* If we don't have one, this is an error */
294 if (!p_lcb) {
295 LOG_WARN("L2CAP got sec_comp for unknown BD_ADDR");
296 return;
297 }
298
299 /* Match p_ccb with p_ref_data returned by sec manager */
300 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_next_ccb) {
301 p_next_ccb = p_ccb->p_next_ccb;
302
303 if (p_ccb == p_ref_data) {
304 switch (status) {
305 case BTM_SUCCESS:
306 l2c_csm_execute(p_ccb, L2CEVT_SEC_COMP, &ci);
307 break;
308
309 case BTM_DELAY_CHECK:
310 /* start a timer - encryption change not received before L2CAP connect
311 * req */
312 alarm_set_on_mloop(p_ccb->l2c_ccb_timer,
313 L2CAP_DELAY_CHECK_SM4_TIMEOUT_MS,
314 l2c_ccb_timer_timeout, p_ccb);
315 return;
316
317 default:
318 l2c_csm_execute(p_ccb, L2CEVT_SEC_COMP_NEG, &ci);
319 break;
320 }
321 break;
322 }
323 }
324 }
325
326 /*******************************************************************************
327 **
328 ** Function l2c_link_iot_store_disc_reason
329 **
330 ** Description iot store disconnection reason to local conf file
331 **
332 ** Returns void
333 **
334 *******************************************************************************/
l2c_link_iot_store_disc_reason(RawAddress & bda,uint8_t reason)335 static void l2c_link_iot_store_disc_reason(RawAddress& bda, uint8_t reason) {
336 const char* disc_keys[] = {
337 IOT_CONF_KEY_GAP_DISC_CONNTIMEOUT_COUNT,
338 };
339 const uint8_t disc_reasons[] = {
340 HCI_ERR_CONNECTION_TOUT,
341 };
342 int i = 0;
343 int num = sizeof(disc_keys) / sizeof(disc_keys[0]);
344
345 if (reason == (uint8_t)-1) return;
346
347 DEVICE_IOT_CONFIG_ADDR_INT_ADD_ONE(bda, IOT_CONF_KEY_GAP_DISC_COUNT);
348 for (i = 0; i < num; i++) {
349 if (disc_reasons[i] == reason) {
350 DEVICE_IOT_CONFIG_ADDR_INT_ADD_ONE(bda, disc_keys[i]);
351 break;
352 }
353 }
354 }
355
356 /*******************************************************************************
357 *
358 * Function l2c_link_hci_disc_comp
359 *
360 * Description This function is called when an HCI Disconnect Complete
361 * event is received.
362 *
363 * Returns true if the link is known about, else false
364 *
365 ******************************************************************************/
l2c_link_hci_disc_comp(uint16_t handle,tHCI_REASON reason)366 bool l2c_link_hci_disc_comp(uint16_t handle, tHCI_REASON reason) {
367 if (bluetooth::shim::is_gd_l2cap_enabled()) {
368 return false;
369 }
370
371 tL2C_LCB* p_lcb = l2cu_find_lcb_by_handle(handle);
372 tL2C_CCB* p_ccb;
373 bool status = true;
374 bool lcb_is_free = true;
375
376 /* If we don't have one, maybe an SCO link. Send to MM */
377 if (!p_lcb) {
378 status = false;
379 } else {
380 l2c_link_iot_store_disc_reason(p_lcb->remote_bd_addr, reason);
381
382 p_lcb->SetDisconnectReason(reason);
383
384 /* Just in case app decides to try again in the callback context */
385 p_lcb->link_state = LST_DISCONNECTING;
386
387 /* Check for BLE and handle that differently */
388 if (p_lcb->transport == BT_TRANSPORT_LE)
389 btm_ble_decrement_link_topology_mask(p_lcb->LinkRole());
390 /* Link is disconnected. For all channels, send the event through */
391 /* their FSMs. The CCBs should remove themselves from the LCB */
392 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
393 tL2C_CCB* pn = p_ccb->p_next_ccb;
394
395 /* Keep connect pending control block (if exists)
396 * Possible Race condition when a reconnect occurs
397 * on the channel during a disconnect of link. This
398 * ccb will be automatically retried after link disconnect
399 * arrives
400 */
401 if (p_ccb != p_lcb->p_pending_ccb) {
402 l2c_csm_execute(p_ccb, L2CEVT_LP_DISCONNECT_IND, &reason);
403 }
404 p_ccb = pn;
405 }
406
407 if (p_lcb->transport == BT_TRANSPORT_BR_EDR)
408 /* Tell SCO management to drop any SCOs on this ACL */
409 btm_sco_acl_removed(&p_lcb->remote_bd_addr);
410
411 /* If waiting for disconnect and reconnect is pending start the reconnect
412 now
413 race condition where layer above issued connect request on link that was
414 disconnecting
415 */
416 if (p_lcb->ccb_queue.p_first_ccb != NULL || p_lcb->p_pending_ccb) {
417 LOG_DEBUG("l2c_link_hci_disc_comp: Restarting pending ACL request");
418 /* Release any held buffers */
419 while (!list_is_empty(p_lcb->link_xmit_data_q)) {
420 BT_HDR* p_buf =
421 static_cast<BT_HDR*>(list_front(p_lcb->link_xmit_data_q));
422 list_remove(p_lcb->link_xmit_data_q, p_buf);
423 osi_free(p_buf);
424 }
425 /* for LE link, always drop and re-open to ensure to get LE remote feature
426 */
427 if (p_lcb->transport == BT_TRANSPORT_LE) {
428 btm_acl_removed(handle);
429 } else {
430 /* If we are going to re-use the LCB without dropping it, release all
431 fixed channels
432 here */
433 int xx;
434 for (xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++) {
435 if (p_lcb->p_fixed_ccbs[xx] &&
436 p_lcb->p_fixed_ccbs[xx] != p_lcb->p_pending_ccb) {
437 l2cu_release_ccb(p_lcb->p_fixed_ccbs[xx]);
438
439 p_lcb->p_fixed_ccbs[xx] = NULL;
440 (*l2cb.fixed_reg[xx].pL2CA_FixedConn_Cb)(
441 xx + L2CAP_FIRST_FIXED_CHNL, p_lcb->remote_bd_addr, false,
442 p_lcb->DisconnectReason(), p_lcb->transport);
443 }
444 }
445 /* Cleanup connection state to avoid race conditions because
446 * l2cu_release_lcb won't be invoked to cleanup */
447 btm_acl_removed(p_lcb->Handle());
448 p_lcb->InvalidateHandle();
449 }
450 if (p_lcb->transport == BT_TRANSPORT_LE) {
451 if (l2cu_create_conn_le(p_lcb))
452 lcb_is_free = false; /* still using this lcb */
453 } else {
454 l2cu_create_conn_br_edr(p_lcb);
455 lcb_is_free = false; /* still using this lcb */
456 }
457 }
458
459 p_lcb->p_pending_ccb = NULL;
460
461 /* Release the LCB */
462 if (lcb_is_free) l2cu_release_lcb(p_lcb);
463 }
464
465 /* Now that we have a free acl connection, see if any lcbs are pending */
466 if (lcb_is_free &&
467 ((p_lcb = l2cu_find_lcb_by_state(LST_CONNECT_HOLDING)) != NULL)) {
468 /* we found one-- create a connection */
469 l2cu_create_conn_br_edr(p_lcb);
470 }
471
472 return status;
473 }
474
475 /*******************************************************************************
476 *
477 * Function l2c_link_timeout
478 *
479 * Description This function is called when a link timer expires
480 *
481 * Returns void
482 *
483 ******************************************************************************/
l2c_link_timeout(tL2C_LCB * p_lcb)484 void l2c_link_timeout(tL2C_LCB* p_lcb) {
485 tL2C_CCB* p_ccb;
486 tBTM_STATUS rc;
487
488 LOG_DEBUG("L2CAP - l2c_link_timeout() link state:%s is_bonding:%s",
489 link_state_text(p_lcb->link_state).c_str(),
490 logbool(p_lcb->IsBonding()).c_str());
491
492 /* If link was connecting or disconnecting, clear all channels and drop the
493 * LCB */
494 if ((p_lcb->link_state == LST_CONNECTING_WAIT_SWITCH) ||
495 (p_lcb->link_state == LST_CONNECTING) ||
496 (p_lcb->link_state == LST_CONNECT_HOLDING) ||
497 (p_lcb->link_state == LST_DISCONNECTING)) {
498 p_lcb->p_pending_ccb = NULL;
499
500 /* For all channels, send a disconnect indication event through */
501 /* their FSMs. The CCBs should remove themselves from the LCB */
502 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
503 tL2C_CCB* pn = p_ccb->p_next_ccb;
504
505 l2c_csm_execute(p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL);
506
507 p_ccb = pn;
508 }
509
510 /* Release the LCB */
511 l2cu_release_lcb(p_lcb);
512 }
513
514 /* If link is connected, check for inactivity timeout */
515 if (p_lcb->link_state == LST_CONNECTED) {
516 /* If no channels in use, drop the link. */
517 if (!p_lcb->ccb_queue.p_first_ccb) {
518 uint64_t timeout_ms;
519 bool start_timeout = true;
520
521 LOG_WARN("TODO: Remove this callback into bcm_sec_disconnect");
522 rc = btm_sec_disconnect(
523 p_lcb->Handle(), HCI_ERR_PEER_USER,
524 "stack::l2cap::l2c_link::l2c_link_timeout All channels closed");
525
526 if (rc == BTM_CMD_STORED) {
527 /* Security Manager will take care of disconnecting, state will be
528 * updated at that time */
529 start_timeout = false;
530 } else if (rc == BTM_CMD_STARTED) {
531 p_lcb->link_state = LST_DISCONNECTING;
532 timeout_ms = L2CAP_LINK_DISCONNECT_TIMEOUT_MS;
533 } else if (rc == BTM_SUCCESS) {
534 l2cu_process_fixed_disc_cback(p_lcb);
535 /* BTM SEC will make sure that link is release (probably after pairing
536 * is done) */
537 p_lcb->link_state = LST_DISCONNECTING;
538 start_timeout = false;
539 } else if (rc == BTM_BUSY) {
540 /* BTM is still executing security process. Let lcb stay as connected */
541 start_timeout = false;
542 } else if (p_lcb->IsBonding()) {
543 acl_disconnect_from_handle(p_lcb->Handle(), HCI_ERR_PEER_USER,
544 "stack::l2cap::l2c_link::l2c_link_timeout "
545 "Timer expired while bonding");
546 l2cu_process_fixed_disc_cback(p_lcb);
547 p_lcb->link_state = LST_DISCONNECTING;
548 timeout_ms = L2CAP_LINK_DISCONNECT_TIMEOUT_MS;
549 } else {
550 /* probably no buffer to send disconnect */
551 timeout_ms = BT_1SEC_TIMEOUT_MS;
552 }
553
554 if (start_timeout) {
555 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, timeout_ms,
556 l2c_lcb_timer_timeout, p_lcb);
557 }
558 } else {
559 /* Check in case we were flow controlled */
560 l2c_link_check_send_pkts(p_lcb, 0, NULL);
561 }
562 }
563 }
564
565 /*******************************************************************************
566 *
567 * Function l2c_info_resp_timer_timeout
568 *
569 * Description This function is called when an info request times out
570 *
571 * Returns void
572 *
573 ******************************************************************************/
l2c_info_resp_timer_timeout(void * data)574 void l2c_info_resp_timer_timeout(void* data) {
575 tL2C_LCB* p_lcb = (tL2C_LCB*)data;
576 tL2C_CCB* p_ccb;
577 tL2C_CONN_INFO ci;
578
579 /* If we timed out waiting for info response, just continue using basic if
580 * allowed */
581 if (p_lcb->w4_info_rsp) {
582 /* If waiting for security complete, restart the info response timer */
583 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
584 p_ccb = p_ccb->p_next_ccb) {
585 if ((p_ccb->chnl_state == CST_ORIG_W4_SEC_COMP) ||
586 (p_ccb->chnl_state == CST_TERM_W4_SEC_COMP)) {
587 alarm_set_on_mloop(p_lcb->info_resp_timer,
588 L2CAP_WAIT_INFO_RSP_TIMEOUT_MS,
589 l2c_info_resp_timer_timeout, p_lcb);
590 return;
591 }
592 }
593
594 p_lcb->w4_info_rsp = false;
595
596 /* If link is in process of being brought up */
597 if ((p_lcb->link_state != LST_DISCONNECTED) &&
598 (p_lcb->link_state != LST_DISCONNECTING)) {
599 /* Notify active channels that peer info is finished */
600 if (p_lcb->ccb_queue.p_first_ccb) {
601 ci.status = HCI_SUCCESS;
602 ci.bd_addr = p_lcb->remote_bd_addr;
603
604 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
605 p_ccb = p_ccb->p_next_ccb) {
606 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_INFO_RSP, &ci);
607 }
608 }
609 }
610 }
611 }
612
613 /*******************************************************************************
614 *
615 * Function l2c_link_adjust_allocation
616 *
617 * Description This function is called when a link is created or removed
618 * to calculate the amount of packets each link may send to
619 * the HCI without an ack coming back.
620 *
621 * Currently, this is a simple allocation, dividing the
622 * number of Controller Packets by the number of links. In
623 * the future, QOS configuration should be examined.
624 *
625 * Returns void
626 *
627 ******************************************************************************/
l2c_link_adjust_allocation(void)628 void l2c_link_adjust_allocation(void) {
629 uint16_t qq, yy, qq_remainder;
630 tL2C_LCB* p_lcb;
631 uint16_t hi_quota, low_quota;
632 uint16_t num_lowpri_links = 0;
633 uint16_t num_hipri_links = 0;
634 uint16_t controller_xmit_quota = l2cb.num_lm_acl_bufs;
635 uint16_t high_pri_link_quota = L2CAP_HIGH_PRI_MIN_XMIT_QUOTA_A;
636 bool is_share_buffer =
637 (l2cb.num_lm_ble_bufs == L2C_DEF_NUM_BLE_BUF_SHARED) ? true : false;
638
639 /* If no links active, reset buffer quotas and controller buffers */
640 if (l2cb.num_used_lcbs == 0) {
641 l2cb.controller_xmit_window = l2cb.num_lm_acl_bufs;
642 l2cb.round_robin_quota = l2cb.round_robin_unacked = 0;
643 return;
644 }
645
646 /* First, count the links */
647 for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++) {
648 if (p_lcb->in_use &&
649 (is_share_buffer || p_lcb->transport != BT_TRANSPORT_LE)) {
650 if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
651 num_hipri_links++;
652 else
653 num_lowpri_links++;
654 }
655 }
656
657 /* now adjust high priority link quota */
658 low_quota = num_lowpri_links ? 1 : 0;
659 while ((num_hipri_links * high_pri_link_quota + low_quota) >
660 controller_xmit_quota)
661 high_pri_link_quota--;
662
663 /* Work out the xmit quota and buffer quota high and low priorities */
664 hi_quota = num_hipri_links * high_pri_link_quota;
665 low_quota =
666 (hi_quota < controller_xmit_quota) ? controller_xmit_quota - hi_quota : 1;
667
668 /* Work out and save the HCI xmit quota for each low priority link */
669
670 /* If each low priority link cannot have at least one buffer */
671 if (num_lowpri_links > low_quota) {
672 l2cb.round_robin_quota = low_quota;
673 qq = qq_remainder = 1;
674 }
675 /* If each low priority link can have at least one buffer */
676 else if (num_lowpri_links > 0) {
677 l2cb.round_robin_quota = 0;
678 l2cb.round_robin_unacked = 0;
679 qq = low_quota / num_lowpri_links;
680 qq_remainder = low_quota % num_lowpri_links;
681 }
682 /* If no low priority link */
683 else {
684 l2cb.round_robin_quota = 0;
685 l2cb.round_robin_unacked = 0;
686 qq = qq_remainder = 1;
687 }
688
689 LOG_DEBUG(
690 "l2c_link_adjust_allocation num_hipri: %u num_lowpri: %u low_quota: "
691 "%u round_robin_quota: %u qq: %u",
692 num_hipri_links, num_lowpri_links, low_quota, l2cb.round_robin_quota, qq);
693
694 /* Now, assign the quotas to each link */
695 for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++) {
696 if (p_lcb->in_use &&
697 (is_share_buffer || p_lcb->transport != BT_TRANSPORT_LE)) {
698 if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH) {
699 p_lcb->link_xmit_quota = high_pri_link_quota;
700 } else {
701 /* Safety check in case we switched to round-robin with something
702 * outstanding */
703 /* if sent_not_acked is added into round_robin_unacked then don't add it
704 * again */
705 /* l2cap keeps updating sent_not_acked for exiting from round robin */
706 if ((p_lcb->link_xmit_quota > 0) && (qq == 0))
707 l2cb.round_robin_unacked += p_lcb->sent_not_acked;
708
709 p_lcb->link_xmit_quota = qq;
710 if (qq_remainder > 0) {
711 p_lcb->link_xmit_quota++;
712 qq_remainder--;
713 }
714 }
715
716 LOG_DEBUG(
717 "l2c_link_adjust_allocation LCB %d Priority: %d XmitQuota: %d", yy,
718 p_lcb->acl_priority, p_lcb->link_xmit_quota);
719
720 LOG_DEBUG(" SentNotAcked: %d RRUnacked: %d",
721 p_lcb->sent_not_acked, l2cb.round_robin_unacked);
722
723 /* There is a special case where we have readjusted the link quotas and */
724 /* this link may have sent anything but some other link sent packets so */
725 /* so we may need a timer to kick off this link's transmissions. */
726 if ((p_lcb->link_state == LST_CONNECTED) &&
727 (!list_is_empty(p_lcb->link_xmit_data_q)) &&
728 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
729 alarm_set_on_mloop(p_lcb->l2c_lcb_timer,
730 L2CAP_LINK_FLOW_CONTROL_TIMEOUT_MS,
731 l2c_lcb_timer_timeout, p_lcb);
732 }
733 }
734 }
735 }
736
737 /*******************************************************************************
738 *
739 * Function l2c_link_adjust_chnl_allocation
740 *
741 * Description This function is called to calculate the amount of packets
742 * each non-F&EC channel may have outstanding.
743 *
744 * Currently, this is a simple allocation, dividing the number
745 * of packets allocated to the link by the number of channels.
746 * In the future, QOS configuration should be examined.
747 *
748 * Returns void
749 *
750 ******************************************************************************/
l2c_link_adjust_chnl_allocation(void)751 void l2c_link_adjust_chnl_allocation(void) {
752 /* assign buffer quota to each channel based on its data rate requirement */
753 for (uint8_t xx = 0; xx < MAX_L2CAP_CHANNELS; xx++) {
754 tL2C_CCB* p_ccb = l2cb.ccb_pool + xx;
755
756 if (!p_ccb->in_use) continue;
757
758 tL2CAP_CHNL_DATA_RATE data_rate = p_ccb->tx_data_rate + p_ccb->rx_data_rate;
759 p_ccb->buff_quota = L2CAP_CBB_DEFAULT_DATA_RATE_BUFF_QUOTA * data_rate;
760 LOG_DEBUG(
761 "CID:0x%04x FCR Mode:%u Priority:%u TxDataRate:%u RxDataRate:%u "
762 "Quota:%u",
763 p_ccb->local_cid, p_ccb->peer_cfg.fcr.mode, p_ccb->ccb_priority,
764 p_ccb->tx_data_rate, p_ccb->rx_data_rate, p_ccb->buff_quota);
765
766 /* quota may be change so check congestion */
767 l2cu_check_channel_congestion(p_ccb);
768 }
769 }
770
l2c_link_init(const uint16_t acl_buffer_count_classic)771 void l2c_link_init(const uint16_t acl_buffer_count_classic) {
772 if (bluetooth::shim::is_gd_l2cap_enabled()) {
773 // GD L2cap gets this info through GD ACL
774 return;
775 }
776
777 l2cb.num_lm_acl_bufs = acl_buffer_count_classic;
778 l2cb.controller_xmit_window = acl_buffer_count_classic;
779 }
780
781 /*******************************************************************************
782 *
783 * Function l2c_link_role_changed
784 *
785 * Description This function is called whan a link's central/peripheral
786 *role change event is received. It simply updates the link control block.
787 *
788 * Returns void
789 *
790 ******************************************************************************/
l2c_link_role_changed(const RawAddress * bd_addr,uint8_t new_role,uint8_t hci_status)791 void l2c_link_role_changed(const RawAddress* bd_addr, uint8_t new_role,
792 uint8_t hci_status) {
793 /* Make sure not called from HCI Command Status (bd_addr and new_role are
794 * invalid) */
795 if (bd_addr != nullptr) {
796 /* If here came form hci role change event */
797 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(*bd_addr, BT_TRANSPORT_BR_EDR);
798 if (p_lcb) {
799 if (new_role == HCI_ROLE_CENTRAL) {
800 p_lcb->SetLinkRoleAsCentral();
801 } else {
802 p_lcb->SetLinkRoleAsPeripheral();
803 }
804
805 /* Reset high priority link if needed */
806 if (hci_status == HCI_SUCCESS)
807 l2cu_set_acl_priority(*bd_addr, p_lcb->acl_priority, true);
808 }
809 }
810
811 /* Check if any LCB was waiting for switch to be completed */
812 tL2C_LCB* p_lcb = &l2cb.lcb_pool[0];
813 for (uint8_t xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) {
814 if ((p_lcb->in_use) && (p_lcb->link_state == LST_CONNECTING_WAIT_SWITCH)) {
815 l2cu_create_conn_after_switch(p_lcb);
816 }
817 }
818 }
819
820 /*******************************************************************************
821 *
822 * Function l2c_pin_code_request
823 *
824 * Description This function is called whan a pin-code request is received
825 * on a connection. If there are no channels active yet on the
826 * link, it extends the link first connection timer. Make sure
827 * that inactivity timer is not extended if PIN code happens
828 * to be after last ccb released.
829 *
830 * Returns void
831 *
832 ******************************************************************************/
l2c_pin_code_request(const RawAddress & bd_addr)833 void l2c_pin_code_request(const RawAddress& bd_addr) {
834 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_BR_EDR);
835
836 if ((p_lcb) && (!p_lcb->ccb_queue.p_first_ccb)) {
837 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, L2CAP_LINK_CONNECT_EXT_TIMEOUT_MS,
838 l2c_lcb_timer_timeout, p_lcb);
839 }
840 }
841
842 /*******************************************************************************
843 *
844 * Function l2c_link_check_power_mode
845 *
846 * Description This function is called to check power mode.
847 *
848 * Returns true if link is going to be active from park
849 * false if nothing to send or not in park mode
850 *
851 ******************************************************************************/
l2c_link_check_power_mode(tL2C_LCB * p_lcb)852 static bool l2c_link_check_power_mode(tL2C_LCB* p_lcb) {
853 bool need_to_active = false;
854
855 // Return false as LM modes are applicable for BREDR transport
856 if (p_lcb->is_transport_ble()) return false;
857 /*
858 * We only switch park to active only if we have unsent packets
859 */
860 if (list_is_empty(p_lcb->link_xmit_data_q)) {
861 for (tL2C_CCB* p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
862 p_ccb = p_ccb->p_next_ccb) {
863 if (!fixed_queue_is_empty(p_ccb->xmit_hold_q)) {
864 need_to_active = true;
865 break;
866 }
867 }
868 } else {
869 need_to_active = true;
870 }
871
872 /* if we have packets to send */
873 if (need_to_active) {
874 /* check power mode */
875 tBTM_PM_MODE mode;
876 if (BTM_ReadPowerMode(p_lcb->remote_bd_addr, &mode)) {
877 if (mode == BTM_PM_STS_PENDING) {
878 LOG_DEBUG("LCB(0x%x) is in PM pending state", p_lcb->Handle());
879 return true;
880 }
881 }
882 }
883 return false;
884 }
885
886 /*******************************************************************************
887 *
888 * Function l2c_link_check_send_pkts
889 *
890 * Description This function is called to check if it can send packets
891 * to the Host Controller. It may be passed the address of
892 * a packet to send.
893 *
894 * Returns void
895 *
896 ******************************************************************************/
l2c_link_check_send_pkts(tL2C_LCB * p_lcb,uint16_t local_cid,BT_HDR * p_buf)897 void l2c_link_check_send_pkts(tL2C_LCB* p_lcb, uint16_t local_cid,
898 BT_HDR* p_buf) {
899 bool single_write = false;
900
901 /* Save the channel ID for faster counting */
902 if (p_buf) {
903 p_buf->event = local_cid;
904 if (local_cid != 0) {
905 single_write = true;
906 }
907
908 p_buf->layer_specific = 0;
909 list_append(p_lcb->link_xmit_data_q, p_buf);
910
911 if (p_lcb->link_xmit_quota == 0) {
912 if (p_lcb->transport == BT_TRANSPORT_LE)
913 l2cb.ble_check_round_robin = true;
914 else
915 l2cb.check_round_robin = true;
916 }
917 }
918
919 /* If this is called from uncongested callback context break recursive
920 *calling.
921 ** This LCB will be served when receiving number of completed packet event.
922 */
923 if (l2cb.is_cong_cback_context) {
924 LOG_INFO("skipping, is_cong_cback_context=true");
925 return;
926 }
927
928 /* If we are in a scenario where there are not enough buffers for each link to
929 ** have at least 1, then do a round-robin for all the LCBs
930 */
931 if ((p_lcb == NULL) || (p_lcb->link_xmit_quota == 0)) {
932 LOG_DEBUG("Round robin");
933 if (p_lcb == NULL) {
934 p_lcb = l2cb.lcb_pool;
935 } else if (!single_write) {
936 p_lcb++;
937 }
938
939 /* Loop through, starting at the next */
940 for (int xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) {
941 /* Check for wraparound */
942 if (p_lcb == &l2cb.lcb_pool[MAX_L2CAP_LINKS]) p_lcb = &l2cb.lcb_pool[0];
943
944 /* If controller window is full, nothing to do */
945 if (((l2cb.controller_xmit_window == 0 ||
946 (l2cb.round_robin_unacked >= l2cb.round_robin_quota)) &&
947 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
948 (p_lcb->transport == BT_TRANSPORT_LE &&
949 (l2cb.ble_round_robin_unacked >= l2cb.ble_round_robin_quota ||
950 l2cb.controller_le_xmit_window == 0))) {
951 LOG_DEBUG("Skipping lcb %d due to controller window full", xx);
952 continue;
953 }
954
955 if ((!p_lcb->in_use) || (p_lcb->link_state != LST_CONNECTED) ||
956 (p_lcb->link_xmit_quota != 0) || (l2c_link_check_power_mode(p_lcb))) {
957 LOG_DEBUG("Skipping lcb %d due to quota", xx);
958 continue;
959 }
960
961 /* See if we can send anything from the Link Queue */
962 if (!list_is_empty(p_lcb->link_xmit_data_q)) {
963 LOG_VERBOSE("Sending to lower layer");
964 p_buf = (BT_HDR*)list_front(p_lcb->link_xmit_data_q);
965 list_remove(p_lcb->link_xmit_data_q, p_buf);
966 l2c_link_send_to_lower(p_lcb, p_buf);
967 } else if (single_write) {
968 /* If only doing one write, break out */
969 LOG_DEBUG("single_write is true, skipping");
970 break;
971 }
972 /* If nothing on the link queue, check the channel queue */
973 else {
974 LOG_DEBUG("Check next buffer");
975 p_buf = l2cu_get_next_buffer_to_send(p_lcb);
976 if (p_buf != NULL) {
977 LOG_DEBUG("Sending next buffer");
978 l2c_link_send_to_lower(p_lcb, p_buf);
979 }
980 }
981 }
982
983 /* If we finished without using up our quota, no need for a safety check */
984 if ((l2cb.controller_xmit_window > 0) &&
985 (l2cb.round_robin_unacked < l2cb.round_robin_quota) &&
986 (p_lcb->transport == BT_TRANSPORT_BR_EDR))
987 l2cb.check_round_robin = false;
988
989 if ((l2cb.controller_le_xmit_window > 0) &&
990 (l2cb.ble_round_robin_unacked < l2cb.ble_round_robin_quota) &&
991 (p_lcb->transport == BT_TRANSPORT_LE))
992 l2cb.ble_check_round_robin = false;
993 } else /* if this is not round-robin service */
994 {
995 /* If a partial segment is being sent, can't send anything else */
996 if ((p_lcb->link_state != LST_CONNECTED) ||
997 (l2c_link_check_power_mode(p_lcb))) {
998 LOG_INFO("A partial segment is being sent, cannot send anything else");
999 return;
1000 }
1001 LOG_VERBOSE(
1002 "Direct send, transport=%d, xmit_window=%d, le_xmit_window=%d, "
1003 "sent_not_acked=%d, link_xmit_quota=%d",
1004 p_lcb->transport, l2cb.controller_xmit_window,
1005 l2cb.controller_le_xmit_window, p_lcb->sent_not_acked,
1006 p_lcb->link_xmit_quota);
1007
1008 /* See if we can send anything from the link queue */
1009 while (((l2cb.controller_xmit_window != 0 &&
1010 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1011 (l2cb.controller_le_xmit_window != 0 &&
1012 (p_lcb->transport == BT_TRANSPORT_LE))) &&
1013 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
1014 if (list_is_empty(p_lcb->link_xmit_data_q)) {
1015 LOG_VERBOSE("No transmit data, skipping");
1016 break;
1017 }
1018 LOG_VERBOSE("Sending to lower layer");
1019 p_buf = (BT_HDR*)list_front(p_lcb->link_xmit_data_q);
1020 list_remove(p_lcb->link_xmit_data_q, p_buf);
1021 l2c_link_send_to_lower(p_lcb, p_buf);
1022 }
1023
1024 if (!single_write) {
1025 /* See if we can send anything for any channel */
1026 LOG_VERBOSE("Trying to send other data when single_write is false");
1027 while (((l2cb.controller_xmit_window != 0 &&
1028 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1029 (l2cb.controller_le_xmit_window != 0 &&
1030 (p_lcb->transport == BT_TRANSPORT_LE))) &&
1031 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
1032 p_buf = l2cu_get_next_buffer_to_send(p_lcb);
1033 if (p_buf == NULL) {
1034 LOG_VERBOSE("No next buffer, skipping");
1035 break;
1036 }
1037 LOG_VERBOSE("Sending to lower layer");
1038 l2c_link_send_to_lower(p_lcb, p_buf);
1039 }
1040 }
1041
1042 /* There is a special case where we have readjusted the link quotas and */
1043 /* this link may have sent anything but some other link sent packets so */
1044 /* so we may need a timer to kick off this link's transmissions. */
1045 if ((!list_is_empty(p_lcb->link_xmit_data_q)) &&
1046 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
1047 alarm_set_on_mloop(p_lcb->l2c_lcb_timer,
1048 L2CAP_LINK_FLOW_CONTROL_TIMEOUT_MS,
1049 l2c_lcb_timer_timeout, p_lcb);
1050 }
1051 }
1052 }
1053
l2c_OnHciModeChangeSendPendingPackets(RawAddress remote)1054 void l2c_OnHciModeChangeSendPendingPackets(RawAddress remote) {
1055 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(remote, BT_TRANSPORT_BR_EDR);
1056 if (p_lcb != NULL) {
1057 /* There might be any pending packets due to SNIFF or PENDING state */
1058 /* Trigger L2C to start transmission of the pending packets. */
1059 BTM_TRACE_DEBUG(
1060 "btm mode change to active; check l2c_link for outgoing packets");
1061 l2c_link_check_send_pkts(p_lcb, 0, NULL);
1062 }
1063 }
1064
1065 /*******************************************************************************
1066 *
1067 * Function l2c_link_send_to_lower
1068 *
1069 * Description This function queues the buffer for HCI transmission
1070 *
1071 ******************************************************************************/
l2c_link_send_to_lower_br_edr(tL2C_LCB * p_lcb,BT_HDR * p_buf)1072 static void l2c_link_send_to_lower_br_edr(tL2C_LCB* p_lcb, BT_HDR* p_buf) {
1073 const uint16_t link_xmit_quota = p_lcb->link_xmit_quota;
1074
1075 if (link_xmit_quota == 0) {
1076 l2cb.round_robin_unacked++;
1077 }
1078 p_lcb->sent_not_acked++;
1079 p_buf->layer_specific = 0;
1080 l2cb.controller_xmit_window--;
1081
1082 acl_send_data_packet_br_edr(p_lcb->remote_bd_addr, p_buf);
1083 LOG_VERBOSE("TotalWin=%d,Hndl=0x%x,Quota=%d,Unack=%d,RRQuota=%d,RRUnack=%d",
1084 l2cb.controller_xmit_window, p_lcb->Handle(),
1085 p_lcb->link_xmit_quota, p_lcb->sent_not_acked,
1086 l2cb.round_robin_quota, l2cb.round_robin_unacked);
1087 }
1088
l2c_link_send_to_lower_ble(tL2C_LCB * p_lcb,BT_HDR * p_buf)1089 static void l2c_link_send_to_lower_ble(tL2C_LCB* p_lcb, BT_HDR* p_buf) {
1090 const uint16_t link_xmit_quota = p_lcb->link_xmit_quota;
1091
1092 if (link_xmit_quota == 0) {
1093 l2cb.ble_round_robin_unacked++;
1094 }
1095 p_lcb->sent_not_acked++;
1096 p_buf->layer_specific = 0;
1097 l2cb.controller_le_xmit_window--;
1098
1099 acl_send_data_packet_ble(p_lcb->remote_bd_addr, p_buf);
1100 LOG_DEBUG("TotalWin=%d,Hndl=0x%x,Quota=%d,Unack=%d,RRQuota=%d,RRUnack=%d",
1101 l2cb.controller_le_xmit_window, p_lcb->Handle(),
1102 p_lcb->link_xmit_quota, p_lcb->sent_not_acked,
1103 l2cb.ble_round_robin_quota, l2cb.ble_round_robin_unacked);
1104 }
1105
l2c_link_send_to_lower(tL2C_LCB * p_lcb,BT_HDR * p_buf)1106 static void l2c_link_send_to_lower(tL2C_LCB* p_lcb, BT_HDR* p_buf) {
1107 if (p_lcb->transport == BT_TRANSPORT_BR_EDR) {
1108 l2c_link_send_to_lower_br_edr(p_lcb, p_buf);
1109 } else {
1110 l2c_link_send_to_lower_ble(p_lcb, p_buf);
1111 }
1112 }
1113
l2c_packets_completed(uint16_t handle,uint16_t num_sent)1114 void l2c_packets_completed(uint16_t handle, uint16_t num_sent) {
1115 tL2C_LCB* p_lcb = l2cu_find_lcb_by_handle(handle);
1116 if (p_lcb == nullptr) {
1117 return;
1118 }
1119 p_lcb->update_outstanding_packets(num_sent);
1120
1121 switch (p_lcb->transport) {
1122 case BT_TRANSPORT_BR_EDR:
1123 l2cb.controller_xmit_window += num_sent;
1124 if (p_lcb->is_round_robin_scheduling())
1125 l2cb.update_outstanding_classic_packets(num_sent);
1126 break;
1127 case BT_TRANSPORT_LE:
1128 l2cb.controller_le_xmit_window += num_sent;
1129 if (p_lcb->is_round_robin_scheduling())
1130 l2cb.update_outstanding_le_packets(num_sent);
1131 break;
1132 default:
1133 LOG_ERROR("Unknown transport received:%u", p_lcb->transport);
1134 return;
1135 }
1136
1137 l2c_link_check_send_pkts(p_lcb, 0, NULL);
1138
1139 if (p_lcb->is_high_priority()) {
1140 switch (p_lcb->transport) {
1141 case BT_TRANSPORT_LE:
1142 if (l2cb.ble_check_round_robin &&
1143 l2cb.is_ble_round_robin_quota_available())
1144 l2c_link_check_send_pkts(NULL, 0, NULL);
1145 break;
1146 case BT_TRANSPORT_BR_EDR:
1147 if (l2cb.check_round_robin &&
1148 l2cb.is_classic_round_robin_quota_available()) {
1149 l2c_link_check_send_pkts(NULL, 0, NULL);
1150 }
1151 break;
1152 default:
1153 break;
1154 }
1155 }
1156 }
1157
1158 /*******************************************************************************
1159 *
1160 * Function l2c_link_segments_xmitted
1161 *
1162 * Description This function is called from the HCI Interface when an ACL
1163 * data packet segment is transmitted.
1164 *
1165 * Returns void
1166 *
1167 ******************************************************************************/
l2c_link_segments_xmitted(BT_HDR * p_msg)1168 void l2c_link_segments_xmitted(BT_HDR* p_msg) {
1169 uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset;
1170
1171 /* Extract the handle */
1172 uint16_t handle{HCI_INVALID_HANDLE};
1173 STREAM_TO_UINT16(handle, p);
1174 handle = HCID_GET_HANDLE(handle);
1175
1176 /* Find the LCB based on the handle */
1177 tL2C_LCB* p_lcb = l2cu_find_lcb_by_handle(handle);
1178 if (p_lcb == nullptr) {
1179 LOG_WARN("Received segment complete for unknown connection handle:%d",
1180 handle);
1181 osi_free(p_msg);
1182 return;
1183 }
1184
1185 if (p_lcb->link_state != LST_CONNECTED) {
1186 LOG_INFO("Received segment complete for unconnected connection handle:%d:",
1187 handle);
1188 osi_free(p_msg);
1189 return;
1190 }
1191
1192 /* Enqueue the buffer to the head of the transmit queue, and see */
1193 /* if we can transmit anything more. */
1194 list_prepend(p_lcb->link_xmit_data_q, p_msg);
1195
1196 l2c_link_check_send_pkts(p_lcb, 0, NULL);
1197 }
1198
l2cu_ConnectAclForSecurity(const RawAddress & bd_addr)1199 tBTM_STATUS l2cu_ConnectAclForSecurity(const RawAddress& bd_addr) {
1200 if (bluetooth::shim::is_gd_l2cap_enabled()) {
1201 bluetooth::shim::L2CA_ConnectForSecurity(bd_addr);
1202 return BTM_SUCCESS;
1203 }
1204
1205 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_BR_EDR);
1206 if (p_lcb && (p_lcb->link_state == LST_CONNECTED ||
1207 p_lcb->link_state == LST_CONNECTING)) {
1208 LOG_WARN("Connection already exists");
1209 return BTM_CMD_STARTED;
1210 }
1211
1212 /* Make sure an L2cap link control block is available */
1213 if (!p_lcb &&
1214 (p_lcb = l2cu_allocate_lcb(bd_addr, true, BT_TRANSPORT_BR_EDR)) == NULL) {
1215 LOG_WARN("failed allocate LCB for %s", ADDRESS_TO_LOGGABLE_CSTR(bd_addr));
1216 return BTM_NO_RESOURCES;
1217 }
1218
1219 l2cu_create_conn_br_edr(p_lcb);
1220 btm_acl_set_paging(true);
1221 return BTM_SUCCESS;
1222 }
1223
l2cble_update_sec_act(const RawAddress & bd_addr,uint16_t sec_act)1224 void l2cble_update_sec_act(const RawAddress& bd_addr, uint16_t sec_act) {
1225 tL2C_LCB* lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_LE);
1226 lcb->sec_act = sec_act;
1227 }
1228
1229 /******************************************************************************
1230 *
1231 * Function l2cu_get_next_channel_in_rr
1232 *
1233 * Description get the next channel to send on a link. It also adjusts the
1234 * CCB queue to do a basic priority and round-robin scheduling.
1235 *
1236 * Returns pointer to CCB or NULL
1237 *
1238 ******************************************************************************/
l2cu_get_next_channel_in_rr(tL2C_LCB * p_lcb)1239 tL2C_CCB* l2cu_get_next_channel_in_rr(tL2C_LCB* p_lcb) {
1240 tL2C_CCB* p_serve_ccb = NULL;
1241 tL2C_CCB* p_ccb;
1242
1243 int i, j;
1244
1245 /* scan all of priority until finding a channel to serve */
1246 for (i = 0; (i < L2CAP_NUM_CHNL_PRIORITY) && (!p_serve_ccb); i++) {
1247 /* scan all channel within serving priority group until finding a channel to
1248 * serve */
1249 for (j = 0; (j < p_lcb->rr_serv[p_lcb->rr_pri].num_ccb) && (!p_serve_ccb);
1250 j++) {
1251 /* scaning from next serving channel */
1252 p_ccb = p_lcb->rr_serv[p_lcb->rr_pri].p_serve_ccb;
1253
1254 if (!p_ccb) {
1255 LOG_ERROR("p_serve_ccb is NULL, rr_pri=%d", p_lcb->rr_pri);
1256 return NULL;
1257 }
1258
1259 LOG_VERBOSE("RR scan pri=%d, lcid=0x%04x, q_cout=%zu",
1260 p_ccb->ccb_priority, p_ccb->local_cid,
1261 fixed_queue_length(p_ccb->xmit_hold_q));
1262
1263 /* store the next serving channel */
1264 /* this channel is the last channel of its priority group */
1265 if ((p_ccb->p_next_ccb == NULL) ||
1266 (p_ccb->p_next_ccb->ccb_priority != p_ccb->ccb_priority)) {
1267 /* next serving channel is set to the first channel in the group */
1268 p_lcb->rr_serv[p_lcb->rr_pri].p_serve_ccb =
1269 p_lcb->rr_serv[p_lcb->rr_pri].p_first_ccb;
1270 } else {
1271 /* next serving channel is set to the next channel in the group */
1272 p_lcb->rr_serv[p_lcb->rr_pri].p_serve_ccb = p_ccb->p_next_ccb;
1273 }
1274
1275 if (p_ccb->chnl_state != CST_OPEN) continue;
1276
1277 if (p_ccb->p_lcb->transport == BT_TRANSPORT_LE) {
1278 LOG_DEBUG("Connection oriented channel");
1279 if (fixed_queue_is_empty(p_ccb->xmit_hold_q)) continue;
1280
1281 } else {
1282 /* eL2CAP option in use */
1283 if (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_BASIC_MODE) {
1284 if (p_ccb->fcrb.wait_ack || p_ccb->fcrb.remote_busy) continue;
1285
1286 if (fixed_queue_is_empty(p_ccb->fcrb.retrans_q)) {
1287 if (fixed_queue_is_empty(p_ccb->xmit_hold_q)) continue;
1288
1289 /* If in eRTM mode, check for window closure */
1290 if ((p_ccb->peer_cfg.fcr.mode == L2CAP_FCR_ERTM_MODE) &&
1291 (l2c_fcr_is_flow_controlled(p_ccb)))
1292 continue;
1293 }
1294 } else {
1295 if (fixed_queue_is_empty(p_ccb->xmit_hold_q)) continue;
1296 }
1297 }
1298
1299 /* found a channel to serve */
1300 p_serve_ccb = p_ccb;
1301 /* decrease quota of its priority group */
1302 p_lcb->rr_serv[p_lcb->rr_pri].quota--;
1303 }
1304
1305 /* if there is no more quota of the priority group or no channel to have
1306 * data to send */
1307 if ((p_lcb->rr_serv[p_lcb->rr_pri].quota == 0) || (!p_serve_ccb)) {
1308 /* serve next priority group */
1309 p_lcb->rr_pri = (p_lcb->rr_pri + 1) % L2CAP_NUM_CHNL_PRIORITY;
1310 /* initialize its quota */
1311 p_lcb->rr_serv[p_lcb->rr_pri].quota =
1312 L2CAP_GET_PRIORITY_QUOTA(p_lcb->rr_pri);
1313 }
1314 }
1315
1316 if (p_serve_ccb) {
1317 LOG_VERBOSE("RR service pri=%d, quota=%d, lcid=0x%04x",
1318 p_serve_ccb->ccb_priority,
1319 p_lcb->rr_serv[p_serve_ccb->ccb_priority].quota,
1320 p_serve_ccb->local_cid);
1321 }
1322
1323 return p_serve_ccb;
1324 }
1325
1326 /******************************************************************************
1327 *
1328 * Function l2cu_get_next_buffer_to_send
1329 *
1330 * Description get the next buffer to send on a link. It also adjusts the
1331 * CCB queue to do a basic priority and round-robin scheduling.
1332 *
1333 * Returns pointer to buffer or NULL
1334 *
1335 ******************************************************************************/
l2cu_get_next_buffer_to_send(tL2C_LCB * p_lcb)1336 BT_HDR* l2cu_get_next_buffer_to_send(tL2C_LCB* p_lcb) {
1337 tL2C_CCB* p_ccb;
1338 BT_HDR* p_buf;
1339
1340 /* Highest priority are fixed channels */
1341 int xx;
1342
1343 for (xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++) {
1344 p_ccb = p_lcb->p_fixed_ccbs[xx];
1345 if (p_ccb == NULL) continue;
1346
1347 /* eL2CAP option in use */
1348 if (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_BASIC_MODE) {
1349 if (p_ccb->fcrb.wait_ack || p_ccb->fcrb.remote_busy) continue;
1350
1351 /* No more checks needed if sending from the reatransmit queue */
1352 if (fixed_queue_is_empty(p_ccb->fcrb.retrans_q)) {
1353 if (fixed_queue_is_empty(p_ccb->xmit_hold_q)) continue;
1354
1355 /* If in eRTM mode, check for window closure */
1356 if ((p_ccb->peer_cfg.fcr.mode == L2CAP_FCR_ERTM_MODE) &&
1357 (l2c_fcr_is_flow_controlled(p_ccb)))
1358 continue;
1359 }
1360
1361 p_buf = l2c_fcr_get_next_xmit_sdu_seg(p_ccb, 0);
1362 if (p_buf != NULL) {
1363 l2cu_check_channel_congestion(p_ccb);
1364 l2cu_set_acl_hci_header(p_buf, p_ccb);
1365 return (p_buf);
1366 }
1367 } else {
1368 if (!fixed_queue_is_empty(p_ccb->xmit_hold_q)) {
1369 p_buf = (BT_HDR*)fixed_queue_try_dequeue(p_ccb->xmit_hold_q);
1370 if (NULL == p_buf) {
1371 LOG_ERROR("No data to be sent");
1372 return (NULL);
1373 }
1374
1375 l2cu_check_channel_congestion(p_ccb);
1376 l2cu_set_acl_hci_header(p_buf, p_ccb);
1377 return (p_buf);
1378 }
1379 }
1380 }
1381
1382 /* get next serving channel in round-robin */
1383 p_ccb = l2cu_get_next_channel_in_rr(p_lcb);
1384
1385 /* Return if no buffer */
1386 if (p_ccb == NULL) return (NULL);
1387
1388 if (p_ccb->p_lcb->transport == BT_TRANSPORT_LE) {
1389 /* Check credits */
1390 if (p_ccb->peer_conn_cfg.credits == 0) {
1391 LOG_DEBUG("No credits to send packets");
1392 return NULL;
1393 }
1394
1395 bool last_piece_of_sdu = false;
1396 p_buf = l2c_lcc_get_next_xmit_sdu_seg(p_ccb, &last_piece_of_sdu);
1397 p_ccb->peer_conn_cfg.credits--;
1398
1399 if (last_piece_of_sdu) {
1400 // TODO: send callback up the stack. Investigate setting p_cbi->cb to
1401 // notify after controller ack send.
1402 }
1403
1404 } else {
1405 if (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_BASIC_MODE) {
1406 p_buf = l2c_fcr_get_next_xmit_sdu_seg(p_ccb, 0);
1407 if (p_buf == NULL) return (NULL);
1408 } else {
1409 p_buf = (BT_HDR*)fixed_queue_try_dequeue(p_ccb->xmit_hold_q);
1410 if (NULL == p_buf) {
1411 LOG_ERROR("#2: No data to be sent");
1412 return (NULL);
1413 }
1414 }
1415 }
1416
1417 if (p_ccb->p_rcb && p_ccb->p_rcb->api.pL2CA_TxComplete_Cb &&
1418 (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_ERTM_MODE))
1419 (*p_ccb->p_rcb->api.pL2CA_TxComplete_Cb)(p_ccb->local_cid, 1);
1420
1421 l2cu_check_channel_congestion(p_ccb);
1422
1423 l2cu_set_acl_hci_header(p_buf, p_ccb);
1424
1425 return (p_buf);
1426 }
1427