• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /******************************************************************************
2  *
3  *  Copyright (C) 1999-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  this file contains the functions relating to link management. A "link"
22  *  is a connection between this device and another device. Only ACL links
23  *  are managed.
24  *
25  ******************************************************************************/
26 
27 #include <stdlib.h>
28 #include <string.h>
29 #include <stdio.h>
30 
31 #include "gki.h"
32 #include "bt_types.h"
33 #include "hcimsgs.h"
34 #include "l2cdefs.h"
35 #include "l2c_int.h"
36 #include "l2c_api.h"
37 #include "btu.h"
38 #include "btm_api.h"
39 #include "btm_int.h"
40 
41 static BOOLEAN l2c_link_send_to_lower (tL2C_LCB *p_lcb, BT_HDR *p_buf);
42 
43 #define L2C_LINK_SEND_ACL_DATA(x)  HCI_ACL_DATA_TO_LOWER((x))
44 
45 #if (BLE_INCLUDED == TRUE)
46 #define L2C_LINK_SEND_BLE_ACL_DATA(x)  HCI_BLE_ACL_DATA_TO_LOWER((x))
47 #endif
48 
49 /*******************************************************************************
50 **
51 ** Function         l2c_link_hci_conn_req
52 **
53 ** Description      This function is called when an HCI Connection Request
54 **                  event is received.
55 **
56 ** Returns          TRUE, if accept conn
57 **
58 *******************************************************************************/
l2c_link_hci_conn_req(BD_ADDR bd_addr)59 BOOLEAN l2c_link_hci_conn_req (BD_ADDR bd_addr)
60 {
61     tL2C_LCB        *p_lcb;
62     tL2C_LCB        *p_lcb_cur;
63     int             xx;
64     BOOLEAN         no_links;
65 
66     /* See if we have a link control block for the remote device */
67     p_lcb = l2cu_find_lcb_by_bd_addr (bd_addr);
68 
69     /* If we don't have one, create one and accept the connection. */
70     if (!p_lcb)
71     {
72         p_lcb = l2cu_allocate_lcb (bd_addr, FALSE);
73         if (!p_lcb)
74         {
75             btsnd_hcic_reject_conn (bd_addr, HCI_ERR_HOST_REJECT_RESOURCES);
76             L2CAP_TRACE_ERROR0 ("L2CAP failed to allocate LCB");
77             return FALSE;
78         }
79 
80         no_links = TRUE;
81 
82         /* If we already have connection, accept as a master */
83         for (xx = 0, p_lcb_cur = &l2cb.lcb_pool[0]; xx < MAX_L2CAP_LINKS; xx++, p_lcb_cur++)
84         {
85             if (p_lcb_cur == p_lcb)
86                 continue;
87 
88             if (p_lcb_cur->in_use)
89             {
90                 no_links = FALSE;
91                 p_lcb->link_role = HCI_ROLE_MASTER;
92                 break;
93             }
94         }
95 
96         if (no_links)
97         {
98             if (!btm_dev_support_switch (bd_addr))
99                 p_lcb->link_role = HCI_ROLE_SLAVE;
100             else
101                 p_lcb->link_role = l2cu_get_conn_role(p_lcb);
102         }
103 
104         /* Tell the other side we accept the connection */
105         btsnd_hcic_accept_conn (bd_addr, p_lcb->link_role);
106 
107         p_lcb->link_state = LST_CONNECTING;
108 
109         /* Start a timer waiting for connect complete */
110         btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, L2CAP_LINK_CONNECT_TOUT);
111         return (TRUE);
112     }
113 
114     /* We already had a link control block to the guy. Check what state it is in */
115     if ((p_lcb->link_state == LST_CONNECTING) || (p_lcb->link_state == LST_CONNECT_HOLDING))
116     {
117         /* Connection collision. Accept the connection anyways. */
118 
119         if (!btm_dev_support_switch (bd_addr))
120             p_lcb->link_role = HCI_ROLE_SLAVE;
121         else
122             p_lcb->link_role = l2cu_get_conn_role(p_lcb);
123 
124         btsnd_hcic_accept_conn (bd_addr, p_lcb->link_role);
125 
126         p_lcb->link_state = LST_CONNECTING;
127         return (TRUE);
128     }
129     else if (p_lcb->link_state == LST_DISCONNECTING)
130     {
131         /* In disconnecting state, reject the connection. */
132         btsnd_hcic_reject_conn (bd_addr, HCI_ERR_HOST_REJECT_DEVICE);
133     }
134     else
135     {
136         L2CAP_TRACE_ERROR0 ("L2CAP got conn_req while connected");
137     }
138     return (FALSE);
139 }
140 
141 /*******************************************************************************
142 **
143 ** Function         l2c_link_hci_conn_comp
144 **
145 ** Description      This function is called when an HCI Connection Complete
146 **                  event is received.
147 **
148 ** Returns          void
149 **
150 *******************************************************************************/
l2c_link_hci_conn_comp(UINT8 status,UINT16 handle,BD_ADDR p_bda)151 BOOLEAN l2c_link_hci_conn_comp (UINT8 status, UINT16 handle, BD_ADDR p_bda)
152 {
153     tL2C_CONN_INFO       ci;
154     tL2C_LCB            *p_lcb;
155     tL2C_CCB            *p_ccb;
156     tBTM_SEC_DEV_REC    *p_dev_info = NULL;
157 
158 #if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE)
159     btm_acl_update_busy_level (BTM_BLI_PAGE_DONE_EVT);
160 #endif
161 
162     /* Save the parameters */
163     ci.status       = status;
164     memcpy (ci.bd_addr, p_bda, BD_ADDR_LEN);
165 
166     /* See if we have a link control block for the remote device */
167     p_lcb = l2cu_find_lcb_by_bd_addr (ci.bd_addr);
168 
169     /* If we don't have one, this is an error */
170     if (!p_lcb)
171     {
172         L2CAP_TRACE_WARNING0 ("L2CAP got conn_comp for unknown BD_ADDR");
173         return (FALSE);
174     }
175 
176     if (p_lcb->link_state != LST_CONNECTING)
177     {
178         L2CAP_TRACE_ERROR2 ("L2CAP got conn_comp in bad state: %d  status: 0x%d", p_lcb->link_state, status);
179 
180         if (status != HCI_SUCCESS)
181             l2c_link_hci_disc_comp (p_lcb->handle, status);
182 
183         return (FALSE);
184     }
185 
186     /* Save the handle */
187     p_lcb->handle = handle;
188 
189     if (ci.status == HCI_SUCCESS)
190     {
191         /* Connected OK. Change state to connected */
192         p_lcb->link_state = LST_CONNECTED;
193 
194         /* Get the peer information if the l2cap flow-control/rtrans is supported */
195         l2cu_send_peer_info_req (p_lcb, L2CAP_EXTENDED_FEATURES_INFO_TYPE);
196 
197         /* Tell BTM Acl management about the link */
198         if ((p_dev_info = btm_find_dev (p_bda)) != NULL)
199             btm_acl_created (ci.bd_addr, p_dev_info->dev_class,
200                              p_dev_info->sec_bd_name, handle,
201                              p_lcb->link_role, FALSE);
202         else
203             btm_acl_created (ci.bd_addr, NULL, NULL, handle, p_lcb->link_role, FALSE);
204 
205         /* If dedicated bonding do not process any further */
206         if (p_lcb->is_bonding)
207         {
208             if (l2cu_start_post_bond_timer(handle))
209                 return (TRUE);
210         }
211 
212         /* Update the timeouts in the hold queue */
213         l2c_process_held_packets(FALSE);
214 
215         btu_stop_timer (&p_lcb->timer_entry);
216 
217         /* For all channels, send the event through their FSMs */
218         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb)
219         {
220             l2c_csm_execute (p_ccb, L2CEVT_LP_CONNECT_CFM, &ci);
221         }
222 
223         if (p_lcb->p_echo_rsp_cb)
224         {
225             l2cu_send_peer_echo_req (p_lcb, NULL, 0);
226             btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, L2CAP_ECHO_RSP_TOUT);
227         }
228         else if (!p_lcb->ccb_queue.p_first_ccb)
229         {
230             btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, L2CAP_LINK_STARTUP_TOUT);
231         }
232     }
233     /* Max number of acl connections.                          */
234     /* If there's an lcb disconnecting set this one to holding */
235     else if ((ci.status == HCI_ERR_MAX_NUM_OF_CONNECTIONS) && l2cu_lcb_disconnecting())
236     {
237         p_lcb->link_state = LST_CONNECT_HOLDING;
238         p_lcb->handle = HCI_INVALID_HANDLE;
239     }
240     else
241     {
242         /* Just in case app decides to try again in the callback context */
243         p_lcb->link_state = LST_DISCONNECTING;
244 
245         /* Connection failed. For all channels, send the event through */
246         /* their FSMs. The CCBs should remove themselves from the LCB  */
247         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; )
248         {
249             tL2C_CCB *pn = p_ccb->p_next_ccb;
250 
251             l2c_csm_execute (p_ccb, L2CEVT_LP_CONNECT_CFM_NEG, &ci);
252 
253             p_ccb = pn;
254         }
255 
256         p_lcb->disc_reason = status;
257         /* Release the LCB */
258         if (p_lcb->ccb_queue.p_first_ccb == NULL)
259             l2cu_release_lcb (p_lcb);
260         else                              /* there are any CCBs remaining */
261         {
262             if (ci.status == HCI_ERR_CONNECTION_EXISTS)
263             {
264                 /* we are in collision situation, wait for connecttion request from controller */
265                 p_lcb->link_state = LST_CONNECTING;
266             }
267             else
268             {
269                 l2cu_create_conn(p_lcb);
270             }
271         }
272     }
273     return (TRUE);
274 }
275 
276 
277 /*******************************************************************************
278 **
279 ** Function         l2c_link_sec_comp
280 **
281 ** Description      This function is called when required security procedures
282 **                  are completed.
283 **
284 ** Returns          void
285 **
286 *******************************************************************************/
l2c_link_sec_comp(BD_ADDR p_bda,void * p_ref_data,UINT8 status)287 void l2c_link_sec_comp (BD_ADDR p_bda, void *p_ref_data, UINT8 status)
288 {
289     tL2C_CONN_INFO  ci;
290     tL2C_LCB        *p_lcb;
291     tL2C_CCB        *p_ccb;
292     tL2C_CCB        *p_next_ccb;
293     UINT8           event;
294 
295     L2CAP_TRACE_DEBUG2 ("l2c_link_sec_comp: %d, 0x%x", status, p_ref_data);
296 
297     if (status == BTM_SUCCESS_NO_SECURITY)
298         status = BTM_SUCCESS;
299 
300     /* Save the parameters */
301     ci.status       = status;
302     memcpy (ci.bd_addr, p_bda, BD_ADDR_LEN);
303 
304     p_lcb = l2cu_find_lcb_by_bd_addr (p_bda);
305 
306     /* If we don't have one, this is an error */
307     if (!p_lcb)
308     {
309         L2CAP_TRACE_WARNING0 ("L2CAP got sec_comp for unknown BD_ADDR");
310         return;
311     }
312 
313     /* Match p_ccb with p_ref_data returned by sec manager */
314     for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_next_ccb)
315     {
316         p_next_ccb = p_ccb->p_next_ccb;
317 
318         if (p_ccb == p_ref_data)
319         {
320             switch(status)
321             {
322             case BTM_SUCCESS:
323                 L2CAP_TRACE_DEBUG1 ("ccb timer ticks: %u", p_ccb->timer_entry.ticks);
324                 event = L2CEVT_SEC_COMP;
325                 break;
326 
327             case BTM_DELAY_CHECK:
328                 /* start a timer - encryption change not received before L2CAP connect req */
329                 btu_start_timer (&p_ccb->timer_entry, BTU_TTYPE_L2CAP_CHNL, L2CAP_DELAY_CHECK_SM4);
330                 return;
331 
332             default:
333                 event = L2CEVT_SEC_COMP_NEG;
334             }
335             l2c_csm_execute (p_ccb, event, &ci);
336             break;
337         }
338     }
339 }
340 
341 
342 /*******************************************************************************
343 **
344 ** Function         l2c_link_hci_disc_comp
345 **
346 ** Description      This function is called when an HCI Disconnect Complete
347 **                  event is received.
348 **
349 ** Returns          TRUE if the link is known about, else FALSE
350 **
351 *******************************************************************************/
l2c_link_hci_disc_comp(UINT16 handle,UINT8 reason)352 BOOLEAN l2c_link_hci_disc_comp (UINT16 handle, UINT8 reason)
353 {
354     tL2C_LCB    *p_lcb;
355     tL2C_CCB    *p_ccb;
356     BOOLEAN     status = TRUE;
357     BOOLEAN     lcb_is_free = TRUE;
358 
359     /* See if we have a link control block for the connection */
360     p_lcb = l2cu_find_lcb_by_handle (handle);
361 
362     /* If we don't have one, maybe an SCO link. Send to MM */
363     if (!p_lcb)
364     {
365         status = FALSE;
366     }
367     else
368     {
369         /* There can be a case when we rejected PIN code authentication */
370         /* otherwise save a new reason */
371         if (btm_cb.acl_disc_reason != HCI_ERR_HOST_REJECT_SECURITY)
372             btm_cb.acl_disc_reason = reason;
373 
374         p_lcb->disc_reason = btm_cb.acl_disc_reason;
375 
376         /* Just in case app decides to try again in the callback context */
377         p_lcb->link_state = LST_DISCONNECTING;
378 
379         /* Link is disconnected. For all channels, send the event through */
380         /* their FSMs. The CCBs should remove themselves from the LCB     */
381         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; )
382         {
383             tL2C_CCB *pn = p_ccb->p_next_ccb;
384 
385             /* Keep connect pending control block (if exists)
386              * Possible Race condition when a reconnect occurs
387              * on the channel during a disconnect of link. This
388              * ccb will be automatically retried after link disconnect
389              * arrives
390              */
391             if (p_ccb != p_lcb->p_pending_ccb)
392             {
393                 l2c_csm_execute (p_ccb, L2CEVT_LP_DISCONNECT_IND, &reason);
394             }
395             p_ccb = pn;
396         }
397 
398 #if BTM_SCO_INCLUDED == TRUE
399         /* Tell SCO management to drop any SCOs on this ACL */
400         btm_sco_acl_removed (p_lcb->remote_bd_addr);
401 #endif
402 
403         /* If waiting for disconnect and reconnect is pending start the reconnect now
404            race condition where layer above issued connect request on link that was
405            disconnecting
406          */
407         if (p_lcb->ccb_queue.p_first_ccb != NULL)
408         {
409 #if (L2CAP_NUM_FIXED_CHNLS > 0)
410             /* If we are going to re-use the LCB without dropping it, release all fixed channels here */
411             int         xx;
412 
413             for (xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++)
414             {
415                 if (p_lcb->p_fixed_ccbs[xx])
416                 {
417                     (*l2cb.fixed_reg[xx].pL2CA_FixedConn_Cb)(p_lcb->remote_bd_addr, FALSE, p_lcb->disc_reason);
418                     l2cu_release_ccb (p_lcb->p_fixed_ccbs[xx]);
419 
420                     p_lcb->p_fixed_ccbs[xx] = NULL;
421                 }
422             }
423 #endif
424             L2CAP_TRACE_DEBUG0("l2c_link_hci_disc_comp: Restarting pending ACL request");
425 
426             if (l2cu_create_conn(p_lcb))
427                 lcb_is_free = FALSE; /* still using this lcb */
428         }
429 
430         p_lcb->p_pending_ccb = NULL;
431 
432         /* Release the LCB */
433         if (lcb_is_free)
434             l2cu_release_lcb (p_lcb);
435     }
436 
437     /* Now that we have a free acl connection, see if any lcbs are pending */
438     if (lcb_is_free && ((p_lcb = l2cu_find_lcb_by_state(LST_CONNECT_HOLDING)) != NULL))
439     {
440         /* we found one-- create a connection */
441         l2cu_create_conn(p_lcb);
442     }
443 
444     return status;
445 }
446 
447 
448 /*******************************************************************************
449 **
450 ** Function         l2c_link_hci_qos_violation
451 **
452 ** Description      This function is called when an HCI QOS Violation
453 **                  event is received.
454 **
455 ** Returns          TRUE if the link is known about, else FALSE
456 **
457 *******************************************************************************/
l2c_link_hci_qos_violation(UINT16 handle)458 BOOLEAN l2c_link_hci_qos_violation (UINT16 handle)
459 {
460     tL2C_LCB        *p_lcb;
461     tL2C_CCB        *p_ccb;
462 
463     /* See if we have a link control block for the connection */
464     p_lcb = l2cu_find_lcb_by_handle (handle);
465 
466     /* If we don't have one, maybe an SCO link. */
467     if (!p_lcb)
468         return (FALSE);
469 
470     /* For all channels, tell the upper layer about it */
471     for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb)
472     {
473         if (p_ccb->p_rcb->api.pL2CA_QoSViolationInd_Cb)
474             l2c_csm_execute (p_ccb, L2CEVT_LP_QOS_VIOLATION_IND, NULL);
475     }
476 
477     return (TRUE);
478 }
479 
480 
481 
482 /*******************************************************************************
483 **
484 ** Function         l2c_link_timeout
485 **
486 ** Description      This function is called when a link timer expires
487 **
488 ** Returns          void
489 **
490 *******************************************************************************/
l2c_link_timeout(tL2C_LCB * p_lcb)491 void l2c_link_timeout (tL2C_LCB *p_lcb)
492 {
493     tL2C_CCB   *p_ccb;
494     UINT16      timeout;
495     tBTM_STATUS rc;
496 
497      L2CAP_TRACE_EVENT3 ("L2CAP - l2c_link_timeout() link state %d first CCB %p is_bonding:%d",
498          p_lcb->link_state, p_lcb->ccb_queue.p_first_ccb, p_lcb->is_bonding);
499 
500     /* If link was connecting or disconnecting, clear all channels and drop the LCB */
501     if ((p_lcb->link_state == LST_CONNECTING_WAIT_SWITCH) ||
502         (p_lcb->link_state == LST_CONNECTING) ||
503         (p_lcb->link_state == LST_CONNECT_HOLDING) ||
504         (p_lcb->link_state == LST_DISCONNECTING))
505     {
506         p_lcb->p_pending_ccb = NULL;
507 
508         /* For all channels, send a disconnect indication event through */
509         /* their FSMs. The CCBs should remove themselves from the LCB   */
510         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; )
511         {
512             tL2C_CCB *pn = p_ccb->p_next_ccb;
513 
514             l2c_csm_execute (p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL);
515 
516             p_ccb = pn;
517         }
518 #if (BLE_INCLUDED == TRUE)
519         if (p_lcb->link_state == LST_CONNECTING &&
520             l2cb.is_ble_connecting == TRUE)
521         {
522             L2CA_CancelBleConnectReq(l2cb.ble_connecting_bda);
523         }
524 #endif
525         /* Release the LCB */
526         l2cu_release_lcb (p_lcb);
527     }
528 
529     /* If link is connected, check for inactivity timeout */
530     if (p_lcb->link_state == LST_CONNECTED)
531     {
532         /* Check for ping outstanding */
533         if (p_lcb->p_echo_rsp_cb)
534         {
535             tL2CA_ECHO_RSP_CB *p_cb = p_lcb->p_echo_rsp_cb;
536 
537             /* Zero out the callback in case app immediately calls us again */
538             p_lcb->p_echo_rsp_cb = NULL;
539 
540             (*p_cb) (L2CAP_PING_RESULT_NO_RESP);
541 
542              L2CAP_TRACE_WARNING0 ("L2CAP - ping timeout");
543 
544             /* For all channels, send a disconnect indication event through */
545             /* their FSMs. The CCBs should remove themselves from the LCB   */
546             for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; )
547             {
548                 tL2C_CCB *pn = p_ccb->p_next_ccb;
549 
550                 l2c_csm_execute (p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL);
551 
552                 p_ccb = pn;
553             }
554         }
555 
556         /* If no channels in use, drop the link. */
557         if (!p_lcb->ccb_queue.p_first_ccb)
558         {
559             rc = btm_sec_disconnect (p_lcb->handle, HCI_ERR_PEER_USER);
560 
561             if (rc == BTM_CMD_STORED)
562             {
563                 /* Security Manager will take care of disconnecting, state will be updated at that time */
564                 timeout = 0xFFFF;
565             }
566             else if (rc == BTM_CMD_STARTED)
567             {
568                 p_lcb->link_state = LST_DISCONNECTING;
569                 timeout = L2CAP_LINK_DISCONNECT_TOUT;
570             }
571             else if (rc == BTM_SUCCESS)
572             {
573                 /* BTM SEC will make sure that link is release (probably after pairing is done) */
574                 p_lcb->link_state = LST_DISCONNECTING;
575                 timeout = 0xFFFF;
576             }
577             else if (rc == BTM_BUSY)
578             {
579                 /* BTM is still executing security process. Let lcb stay as connected */
580                 timeout = 0xFFFF;
581             }
582             else if ((p_lcb->is_bonding)
583                   && (btsnd_hcic_disconnect (p_lcb->handle, HCI_ERR_PEER_USER)))
584             {
585                 p_lcb->link_state = LST_DISCONNECTING;
586                 timeout = L2CAP_LINK_DISCONNECT_TOUT;
587             }
588             else
589             {
590                 /* probably no buffer to send disconnect */
591                 timeout = BT_1SEC_TIMEOUT;
592             }
593 
594             if (timeout != 0xFFFF)
595             {
596                 btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, timeout);
597             }
598         }
599         else
600         {
601             /* Check in case we were flow controlled */
602             l2c_link_check_send_pkts (p_lcb, NULL, NULL);
603         }
604     }
605 }
606 
607 /*******************************************************************************
608 **
609 ** Function         l2c_info_timeout
610 **
611 ** Description      This function is called when an info request times out
612 **
613 ** Returns          void
614 **
615 *******************************************************************************/
l2c_info_timeout(tL2C_LCB * p_lcb)616 void l2c_info_timeout (tL2C_LCB *p_lcb)
617 {
618     tL2C_CCB   *p_ccb;
619     tL2C_CONN_INFO  ci;
620 
621     /* If we timed out waiting for info response, just continue using basic if allowed */
622     if (p_lcb->w4_info_rsp)
623     {
624         /* If waiting for security complete, restart the info response timer */
625         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb)
626         {
627             if ( (p_ccb->chnl_state == CST_ORIG_W4_SEC_COMP) || (p_ccb->chnl_state == CST_TERM_W4_SEC_COMP) )
628             {
629                 btu_start_timer (&p_lcb->info_timer_entry, BTU_TTYPE_L2CAP_INFO, L2CAP_WAIT_INFO_RSP_TOUT);
630                 return;
631             }
632         }
633 
634         p_lcb->w4_info_rsp = FALSE;
635 
636         /* If link is in process of being brought up */
637         if ((p_lcb->link_state != LST_DISCONNECTED) &&
638             (p_lcb->link_state != LST_DISCONNECTING))
639         {
640             /* Notify active channels that peer info is finished */
641             if (p_lcb->ccb_queue.p_first_ccb)
642             {
643                 ci.status = HCI_SUCCESS;
644                 memcpy (ci.bd_addr, p_lcb->remote_bd_addr, sizeof(BD_ADDR));
645 
646                 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb)
647                 {
648                     l2c_csm_execute (p_ccb, L2CEVT_L2CAP_INFO_RSP, &ci);
649                 }
650             }
651         }
652     }
653 }
654 
655 /*******************************************************************************
656 **
657 ** Function         l2c_link_adjust_allocation
658 **
659 ** Description      This function is called when a link is created or removed
660 **                  to calculate the amount of packets each link may send to
661 **                  the HCI without an ack coming back.
662 **
663 **                  Currently, this is a simple allocation, dividing the
664 **                  number of Controller Packets by the number of links. In
665 **                  the future, QOS configuration should be examined.
666 **
667 ** Returns          void
668 **
669 *******************************************************************************/
l2c_link_adjust_allocation(void)670 void l2c_link_adjust_allocation (void)
671 {
672     UINT16      qq, yy, qq_remainder;
673     tL2C_LCB    *p_lcb;
674     UINT16      hi_quota, low_quota;
675     UINT16      num_lowpri_links = 0;
676     UINT16      num_hipri_links  = 0;
677     UINT16      controller_xmit_quota = l2cb.num_lm_acl_bufs;
678     UINT16      high_pri_link_quota = L2CAP_HIGH_PRI_MIN_XMIT_QUOTA_A;
679 
680     /* If no links active, nothing to do. */
681     if (l2cb.num_links_active == 0)
682     {
683         l2cb.controller_xmit_window = l2cb.num_lm_acl_bufs;
684         l2cb.round_robin_quota = l2cb.round_robin_unacked = 0;
685         return;
686     }
687 
688     /* First, count the links */
689     for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++)
690     {
691         if (p_lcb->in_use)
692         {
693             if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
694                 num_hipri_links++;
695             else
696                 num_lowpri_links++;
697         }
698     }
699 
700     /* now adjust high priority link quota */
701     low_quota = num_lowpri_links ? 1 : 0;
702     while ( (num_hipri_links * high_pri_link_quota + low_quota) > controller_xmit_quota )
703         high_pri_link_quota--;
704 
705     /* Work out the xmit quota and buffer quota high and low priorities */
706     hi_quota  = num_hipri_links * high_pri_link_quota;
707     low_quota = (hi_quota < controller_xmit_quota) ? controller_xmit_quota - hi_quota : 1;
708 
709     /* Work out and save the HCI xmit quota for each low priority link */
710 
711     /* If each low priority link cannot have at least one buffer */
712     if (num_lowpri_links > low_quota)
713     {
714         l2cb.round_robin_quota = low_quota;
715         qq = qq_remainder = 0;
716     }
717     /* If each low priority link can have at least one buffer */
718     else if (num_lowpri_links > 0)
719     {
720         l2cb.round_robin_quota = 0;
721         l2cb.round_robin_unacked = 0;
722         qq = low_quota / num_lowpri_links;
723         qq_remainder = low_quota % num_lowpri_links;
724     }
725     /* If no low priority link */
726     else
727     {
728         l2cb.round_robin_quota = 0;
729         l2cb.round_robin_unacked = 0;
730         qq = qq_remainder = 0;
731     }
732 
733     L2CAP_TRACE_EVENT5 ("l2c_link_adjust_allocation  num_hipri: %u  num_lowpri: %u  low_quota: %u  round_robin_quota: %u  qq: %u",
734                         num_hipri_links, num_lowpri_links, low_quota,
735                         l2cb.round_robin_quota, qq);
736 
737     /* Now, assign the quotas to each link */
738     for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++)
739     {
740         if (p_lcb->in_use)
741         {
742             if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
743             {
744                 p_lcb->link_xmit_quota   = high_pri_link_quota;
745             }
746             else
747             {
748                 /* Safety check in case we switched to round-robin with something outstanding */
749                 /* if sent_not_acked is added into round_robin_unacked then don't add it again */
750                 /* l2cap keeps updating sent_not_acked for exiting from round robin */
751                 if (( p_lcb->link_xmit_quota > 0 )&&( qq == 0 ))
752                     l2cb.round_robin_unacked += p_lcb->sent_not_acked;
753 
754                 p_lcb->link_xmit_quota   = qq;
755                 if (qq_remainder > 0)
756                 {
757                     p_lcb->link_xmit_quota++;
758                     qq_remainder--;
759                 }
760             }
761 
762 #if L2CAP_HOST_FLOW_CTRL
763             p_lcb->link_ack_thresh = L2CAP_HOST_FC_ACL_BUFS / l2cb.num_links_active;
764 #endif
765             L2CAP_TRACE_EVENT3 ("l2c_link_adjust_allocation LCB %d   Priority: %d  XmitQuota: %d",
766                                 yy, p_lcb->acl_priority, p_lcb->link_xmit_quota);
767 
768             L2CAP_TRACE_EVENT2 ("        SentNotAcked: %d  RRUnacked: %d",
769                                 p_lcb->sent_not_acked, l2cb.round_robin_unacked);
770 
771             /* There is a special case where we have readjusted the link quotas and  */
772             /* this link may have sent anything but some other link sent packets so  */
773             /* so we may need a timer to kick off this link's transmissions.         */
774             if ( (p_lcb->link_state == LST_CONNECTED)
775               && (p_lcb->link_xmit_data_q.count)
776               && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota) )
777                 btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, L2CAP_LINK_FLOW_CONTROL_TOUT);
778         }
779     }
780 
781 }
782 
783 /*******************************************************************************
784 **
785 ** Function         l2c_link_adjust_chnl_allocation
786 **
787 ** Description      This function is called to calculate the amount of packets each
788 **                  non-F&EC channel may have outstanding.
789 **
790 **                  Currently, this is a simple allocation, dividing the number
791 **                  of packets allocated to the link by the number of channels. In
792 **                  the future, QOS configuration should be examined.
793 **
794 ** Returns          void
795 **
796 *******************************************************************************/
l2c_link_adjust_chnl_allocation(void)797 void l2c_link_adjust_chnl_allocation (void)
798 {
799     tL2C_CCB    *p_ccb;
800     UINT8       xx;
801 
802     UINT16      weighted_chnls[GKI_NUM_TOTAL_BUF_POOLS];
803     UINT16      quota_per_weighted_chnls[GKI_NUM_TOTAL_BUF_POOLS];
804     UINT16      reserved_buff[GKI_NUM_TOTAL_BUF_POOLS];
805 
806     L2CAP_TRACE_DEBUG0 ("l2c_link_adjust_chnl_allocation");
807 
808     /* initialize variables */
809     for (xx = 0; xx < GKI_NUM_TOTAL_BUF_POOLS; xx++ )
810     {
811         weighted_chnls[xx] = 0;
812         reserved_buff[xx] = 0;
813     }
814 
815     /* add up all of tx and rx data rate requirement */
816     /* channel required higher data rate will get more buffer quota */
817     for (xx = 0; xx < MAX_L2CAP_CHANNELS; xx++)
818     {
819         p_ccb = l2cb.ccb_pool + xx;
820 
821         if (!p_ccb->in_use)
822             continue;
823 
824         if (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_BASIC_MODE)
825         {
826             weighted_chnls[p_ccb->ertm_info.user_tx_pool_id] += p_ccb->tx_data_rate;
827             weighted_chnls[p_ccb->ertm_info.user_rx_pool_id] += p_ccb->rx_data_rate;
828 
829             if (p_ccb->ertm_info.fcr_tx_pool_id == HCI_ACL_POOL_ID)
830             {
831                 /* reserve buffers only for wait_for_ack_q to maximize throughput */
832                 /* retrans_q will work based on buffer status */
833                 reserved_buff[HCI_ACL_POOL_ID] += p_ccb->peer_cfg.fcr.tx_win_sz;
834             }
835 
836             if (p_ccb->ertm_info.fcr_rx_pool_id == HCI_ACL_POOL_ID)
837             {
838                 /* reserve buffers for srej_rcv_hold_q */
839                 reserved_buff[HCI_ACL_POOL_ID] += p_ccb->peer_cfg.fcr.tx_win_sz;
840             }
841         }
842         else
843         {
844             /* low data rate is 1, medium is 2, high is 3 and no traffic is 0 */
845             weighted_chnls[HCI_ACL_POOL_ID] += p_ccb->tx_data_rate + p_ccb->rx_data_rate;
846         }
847     }
848 
849 
850     /* get unit quota per pool */
851     for (xx = 0; xx < GKI_NUM_TOTAL_BUF_POOLS; xx++ )
852     {
853         if ( weighted_chnls[xx] > 0 )
854         {
855             if (GKI_poolcount(xx) > reserved_buff[xx])
856                 quota_per_weighted_chnls[xx] = ((GKI_poolcount(xx) - reserved_buff[xx])/weighted_chnls[xx]) + 1;
857             else
858                 quota_per_weighted_chnls[xx] = 1;
859 
860             L2CAP_TRACE_DEBUG5 ("POOL ID:%d, GKI_poolcount = %d, reserved_buff = %d, weighted_chnls = %d, quota_per_weighted_chnls = %d",
861                                  xx, GKI_poolcount(xx), reserved_buff[xx], weighted_chnls[xx], quota_per_weighted_chnls[xx] );
862         }
863         else
864             quota_per_weighted_chnls[xx] = 0;
865     }
866 
867 
868     /* assign buffer quota to each channel based on its data rate requirement */
869     for (xx = 0; xx < MAX_L2CAP_CHANNELS; xx++)
870     {
871         p_ccb = l2cb.ccb_pool + xx;
872 
873         if (!p_ccb->in_use)
874             continue;
875 
876         if (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_BASIC_MODE)
877         {
878             p_ccb->buff_quota = quota_per_weighted_chnls[p_ccb->ertm_info.user_tx_pool_id] * p_ccb->tx_data_rate;
879 
880             L2CAP_TRACE_EVENT6 ("CID:0x%04x FCR Mode:%u UserTxPool:%u Priority:%u TxDataRate:%u Quota:%u",
881                                 p_ccb->local_cid, p_ccb->peer_cfg.fcr.mode, p_ccb->ertm_info.user_tx_pool_id,
882                                 p_ccb->ccb_priority, p_ccb->tx_data_rate, p_ccb->buff_quota);
883 
884         }
885         else
886         {
887             p_ccb->buff_quota = quota_per_weighted_chnls[HCI_ACL_POOL_ID] * p_ccb->tx_data_rate;
888 
889             L2CAP_TRACE_EVENT4 ("CID:0x%04x Priority:%u TxDataRate:%u Quota:%u",
890                                 p_ccb->local_cid,
891                                 p_ccb->ccb_priority, p_ccb->tx_data_rate, p_ccb->buff_quota);
892         }
893 
894         /* quota may be change so check congestion */
895         l2cu_check_channel_congestion (p_ccb);
896     }
897 }
898 
899 /*******************************************************************************
900 **
901 ** Function         l2c_link_processs_num_bufs
902 **
903 ** Description      This function is called when a "controller buffer size"
904 **                  event is first received from the controller. It updates
905 **                  the L2CAP values.
906 **
907 ** Returns          void
908 **
909 *******************************************************************************/
l2c_link_processs_num_bufs(UINT16 num_lm_acl_bufs)910 void l2c_link_processs_num_bufs (UINT16 num_lm_acl_bufs)
911 {
912     l2cb.num_lm_acl_bufs = l2cb.controller_xmit_window = num_lm_acl_bufs;
913 
914 }
915 
916 /*******************************************************************************
917 **
918 ** Function         l2c_link_pkts_rcvd
919 **
920 ** Description      This function is called from the HCI transport when it is time
921 **                  tto send a "Host ready for packets" command. This is only when
922 **                  host to controller flow control is used. If fills in the arrays
923 **                  of numbers of packets and handles.
924 **
925 ** Returns          count of number of entries filled in
926 **
927 *******************************************************************************/
l2c_link_pkts_rcvd(UINT16 * num_pkts,UINT16 * handles)928 UINT8 l2c_link_pkts_rcvd (UINT16 *num_pkts, UINT16 *handles)
929 {
930     UINT8       num_found = 0;
931 
932 #if (L2CAP_HOST_FLOW_CTRL == TRUE)
933 
934     int         xx;
935     tL2C_LCB    *p_lcb = &l2cb.lcb_pool[0];
936 
937     for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++)
938     {
939         if ((p_lcb->in_use) && (p_lcb->link_pkts_unacked))
940         {
941             num_pkts[num_found] = p_lcb->link_pkts_unacked;
942             handles[num_found]  = p_lcb->handle;
943             p_lcb->link_pkts_unacked = 0;
944             num_found++;
945         }
946     }
947 
948 #endif
949 
950     return (num_found);
951 }
952 
953 /*******************************************************************************
954 **
955 ** Function         l2c_link_role_changed
956 **
957 ** Description      This function is called whan a link's master/slave role change
958 **                  event is received. It simply updates the link control block.
959 **
960 ** Returns          void
961 **
962 *******************************************************************************/
l2c_link_role_changed(BD_ADDR bd_addr,UINT8 new_role,UINT8 hci_status)963 void l2c_link_role_changed (BD_ADDR bd_addr, UINT8 new_role, UINT8 hci_status)
964 {
965     tL2C_LCB *p_lcb;
966     int      xx;
967 
968     /* Make sure not called from HCI Command Status (bd_addr and new_role are invalid) */
969     if (bd_addr)
970     {
971         /* If here came form hci role change event */
972         p_lcb = l2cu_find_lcb_by_bd_addr (bd_addr);
973         if (p_lcb)
974         {
975             p_lcb->link_role = new_role;
976 
977             /* Reset high priority link if needed */
978             if (hci_status == HCI_SUCCESS)
979                 l2cu_set_acl_priority(bd_addr, p_lcb->acl_priority, TRUE);
980         }
981     }
982 
983     /* Check if any LCB was waiting for switch to be completed */
984     for (xx = 0, p_lcb = &l2cb.lcb_pool[0]; xx < MAX_L2CAP_LINKS; xx++, p_lcb++)
985     {
986         if ((p_lcb->in_use) && (p_lcb->link_state == LST_CONNECTING_WAIT_SWITCH))
987         {
988             l2cu_create_conn_after_switch (p_lcb);
989         }
990     }
991 }
992 
993 /*******************************************************************************
994 **
995 ** Function         l2c_pin_code_request
996 **
997 ** Description      This function is called whan a pin-code request is received
998 **                  on a connection. If there are no channels active yet on the
999 **                  link, it extends the link first connection timer.  Make sure
1000 **                  that inactivity timer is not extended if PIN code happens
1001 **                  to be after last ccb released.
1002 **
1003 ** Returns          void
1004 **
1005 *******************************************************************************/
l2c_pin_code_request(BD_ADDR bd_addr)1006 void l2c_pin_code_request (BD_ADDR bd_addr)
1007 {
1008     tL2C_LCB *p_lcb = l2cu_find_lcb_by_bd_addr (bd_addr);
1009 
1010     if ( (p_lcb) && (!p_lcb->ccb_queue.p_first_ccb) )
1011     {
1012         btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, L2CAP_LINK_CONNECT_TOUT_EXT);
1013     }
1014 }
1015 
1016 #if ((BTM_PWR_MGR_INCLUDED == TRUE) && L2CAP_WAKE_PARKED_LINK == TRUE)
1017 /*******************************************************************************
1018 **
1019 ** Function         l2c_link_check_power_mode
1020 **
1021 ** Description      This function is called to check power mode.
1022 **
1023 ** Returns          TRUE if link is going to be active from park
1024 **                  FALSE if nothing to send or not in park mode
1025 **
1026 *******************************************************************************/
l2c_link_check_power_mode(tL2C_LCB * p_lcb)1027 BOOLEAN l2c_link_check_power_mode (tL2C_LCB *p_lcb)
1028 {
1029     tBTM_PM_MODE     mode;
1030     tBTM_PM_PWR_MD   pm;
1031     tL2C_CCB    *p_ccb;
1032     BOOLEAN need_to_active = FALSE;
1033 
1034     /*
1035      * We only switch park to active only if we have unsent packets
1036      */
1037     if ( p_lcb->link_xmit_data_q.count == 0 )
1038     {
1039         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb)
1040         {
1041             if (p_ccb->xmit_hold_q.count != 0)
1042             {
1043                 need_to_active = TRUE;
1044                 break;
1045             }
1046         }
1047     }
1048     else
1049         need_to_active = TRUE;
1050 
1051     /* if we have packets to send */
1052     if ( need_to_active )
1053     {
1054         /* check power mode */
1055         if (BTM_ReadPowerMode(p_lcb->remote_bd_addr, &mode) == BTM_SUCCESS)
1056         {
1057             /*
1058             if ( mode == BTM_PM_MD_PARK )
1059             {
1060                 L2CAP_TRACE_DEBUG1 ("LCB(0x%x) is in park mode", p_lcb->handle);
1061 // Coverity:
1062 // FALSE-POSITIVE error from Coverity test tool. Please do NOT remove following comment.
1063 // coverity[uninit_use_in_call] False-positive: setting the mode to BTM_PM_MD_ACTIVE only uses settings.mode
1064                                 the other data members of tBTM_PM_PWR_MD are ignored
1065 
1066                 memset((void*)&pm, 0, sizeof(pm));
1067                 pm.mode = BTM_PM_MD_ACTIVE;
1068                 BTM_SetPowerMode(BTM_PM_SET_ONLY_ID, p_lcb->remote_bd_addr, &pm);
1069                 btu_start_timer (&p_lcb->timer_entry,
1070                                  BTU_TTYPE_L2CAP_LINK, L2CAP_WAIT_UNPARK_TOUT);
1071                 return TRUE;
1072             }
1073             */
1074             if ( mode == BTM_PM_STS_PENDING )
1075             {
1076                 L2CAP_TRACE_DEBUG1 ("LCB(0x%x) is in PM pending state", p_lcb->handle);
1077 
1078                 btu_start_timer (&p_lcb->timer_entry,
1079                                  BTU_TTYPE_L2CAP_LINK, L2CAP_WAIT_UNPARK_TOUT);
1080                 return TRUE;
1081             }
1082         }
1083     }
1084     return FALSE;
1085 }
1086 #endif /* ((BTM_PWR_MGR_INCLUDED == TRUE) && L2CAP_WAKE_PARKED_LINK == TRUE) */
1087 
1088 /*******************************************************************************
1089 **
1090 ** Function         l2c_link_check_send_pkts
1091 **
1092 ** Description      This function is called to check if it can send packets
1093 **                  to the Host Controller. It may be passed the address of
1094 **                  a packet to send.
1095 **
1096 ** Returns          void
1097 **
1098 *******************************************************************************/
l2c_link_check_send_pkts(tL2C_LCB * p_lcb,tL2C_CCB * p_ccb,BT_HDR * p_buf)1099 void l2c_link_check_send_pkts (tL2C_LCB *p_lcb, tL2C_CCB *p_ccb, BT_HDR *p_buf)
1100 {
1101     int         xx;
1102     BOOLEAN     single_write = FALSE;
1103 
1104     /* Save the channel ID for faster counting */
1105     if (p_buf)
1106     {
1107         if (p_ccb != NULL)
1108         {
1109             p_buf->event = p_ccb->local_cid;
1110             single_write = TRUE;
1111         }
1112         else
1113             p_buf->event = 0;
1114 
1115         p_buf->layer_specific = 0;
1116         GKI_enqueue (&p_lcb->link_xmit_data_q, p_buf);
1117 
1118         if (p_lcb->link_xmit_quota == 0)
1119             l2cb.check_round_robin = TRUE;
1120     }
1121 
1122     /* If this is called from uncongested callback context break recursive calling.
1123     ** This LCB will be served when receiving number of completed packet event.
1124     */
1125     if (l2cb.is_cong_cback_context)
1126         return;
1127 
1128     /* If we are in a scenario where there are not enough buffers for each link to
1129     ** have at least 1, then do a round-robin for all the LCBs
1130     */
1131     if ( (p_lcb == NULL) || (p_lcb->link_xmit_quota == 0) )
1132     {
1133         if (p_lcb == NULL)
1134             p_lcb = l2cb.lcb_pool;
1135         else if (!single_write)
1136             p_lcb++;
1137 
1138         /* Loop through, starting at the next */
1139         for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++)
1140         {
1141             /* If controller window is full, nothing to do */
1142             if ( (l2cb.controller_xmit_window == 0
1143 #if (BLE_INCLUDED == TRUE)
1144                   && !p_lcb->is_ble_link
1145 #endif
1146                 )
1147 #if (BLE_INCLUDED == TRUE)
1148                 || (p_lcb->is_ble_link && l2cb.controller_le_xmit_window == 0 )
1149 #endif
1150               || (l2cb.round_robin_unacked >= l2cb.round_robin_quota) )
1151                 break;
1152 
1153             /* Check for wraparound */
1154             if (p_lcb == &l2cb.lcb_pool[MAX_L2CAP_LINKS])
1155                 p_lcb = &l2cb.lcb_pool[0];
1156 
1157             if ( (!p_lcb->in_use)
1158                || (p_lcb->partial_segment_being_sent)
1159                || (p_lcb->link_state != LST_CONNECTED)
1160                || (p_lcb->link_xmit_quota != 0)
1161                || (L2C_LINK_CHECK_POWER_MODE (p_lcb)) )
1162                 continue;
1163 
1164             /* See if we can send anything from the Link Queue */
1165             if ((p_buf = (BT_HDR *)GKI_dequeue (&p_lcb->link_xmit_data_q)) != NULL)
1166             {
1167                 l2c_link_send_to_lower (p_lcb, p_buf);
1168             }
1169             else if (single_write)
1170             {
1171                 /* If only doing one write, break out */
1172                 break;
1173             }
1174             /* If nothing on the link queue, check the channel queue */
1175             else if ((p_buf = l2cu_get_next_buffer_to_send (p_lcb)) != NULL)
1176             {
1177                 l2c_link_send_to_lower (p_lcb, p_buf);
1178             }
1179         }
1180 
1181         /* If we finished without using up our quota, no need for a safety check */
1182 #if (BLE_INCLUDED == TRUE)
1183         if ( ((l2cb.controller_xmit_window > 0 && !p_lcb->is_ble_link) ||
1184              (l2cb.controller_le_xmit_window > 0 && p_lcb->is_ble_link))
1185           && (l2cb.round_robin_unacked < l2cb.round_robin_quota) )
1186 #else
1187         if ( (l2cb.controller_xmit_window > 0)
1188           && (l2cb.round_robin_unacked < l2cb.round_robin_quota) )
1189 
1190 #endif
1191             l2cb.check_round_robin = FALSE;
1192     }
1193     else /* if this is not round-robin service */
1194     {
1195         /* If a partial segment is being sent, can't send anything else */
1196         if ( (p_lcb->partial_segment_being_sent)
1197           || (p_lcb->link_state != LST_CONNECTED)
1198           || (L2C_LINK_CHECK_POWER_MODE (p_lcb)) )
1199             return;
1200 
1201         /* See if we can send anything from the link queue */
1202 #if (BLE_INCLUDED == TRUE)
1203         while ( ((l2cb.controller_xmit_window != 0 && !p_lcb->is_ble_link) ||
1204                  (l2cb.controller_le_xmit_window != 0 && p_lcb->is_ble_link))
1205              && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota))
1206 #else
1207         while ( (l2cb.controller_xmit_window != 0)
1208              && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota))
1209 #endif
1210         {
1211             if ((p_buf = (BT_HDR *)GKI_dequeue (&p_lcb->link_xmit_data_q)) == NULL)
1212                 break;
1213 
1214             if (!l2c_link_send_to_lower (p_lcb, p_buf))
1215                 break;
1216         }
1217 
1218         if (!single_write)
1219         {
1220             /* See if we can send anything for any channel */
1221 #if (BLE_INCLUDED == TRUE)
1222             while ( ((l2cb.controller_xmit_window != 0 && !p_lcb->is_ble_link) ||
1223                     (l2cb.controller_le_xmit_window != 0 && p_lcb->is_ble_link))
1224                     && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota))
1225 #else
1226             while ((l2cb.controller_xmit_window != 0) && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota))
1227 #endif
1228             {
1229                 if ((p_buf = l2cu_get_next_buffer_to_send (p_lcb)) == NULL)
1230                     break;
1231 
1232                 if (!l2c_link_send_to_lower (p_lcb, p_buf))
1233                     break;
1234             }
1235         }
1236 
1237         /* There is a special case where we have readjusted the link quotas and  */
1238         /* this link may have sent anything but some other link sent packets so  */
1239         /* so we may need a timer to kick off this link's transmissions.         */
1240         if ( (p_lcb->link_xmit_data_q.count) && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota) )
1241             btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, L2CAP_LINK_FLOW_CONTROL_TOUT);
1242     }
1243 
1244 }
1245 
1246 /*******************************************************************************
1247 **
1248 ** Function         l2c_link_send_to_lower
1249 **
1250 ** Description      This function queues the buffer for HCI transmission
1251 **
1252 ** Returns          TRUE for success, FALSE for fail
1253 **
1254 *******************************************************************************/
l2c_link_send_to_lower(tL2C_LCB * p_lcb,BT_HDR * p_buf)1255 static BOOLEAN l2c_link_send_to_lower (tL2C_LCB *p_lcb, BT_HDR *p_buf)
1256 {
1257     UINT16      num_segs;
1258     UINT16      xmit_window, acl_data_size;
1259 
1260 #if (BLE_INCLUDED == TRUE)
1261     if ((!p_lcb->is_ble_link && (p_buf->len <= btu_cb.hcit_acl_pkt_size)) ||
1262         (p_lcb->is_ble_link && (p_buf->len <= btu_cb.hcit_ble_acl_pkt_size)))
1263 #else
1264     if (p_buf->len <= btu_cb.hcit_acl_pkt_size)
1265 #endif
1266     {
1267         if (p_lcb->link_xmit_quota == 0)
1268             l2cb.round_robin_unacked++;
1269 
1270         p_lcb->sent_not_acked++;
1271         p_buf->layer_specific = 0;
1272 
1273 #if (BLE_INCLUDED == TRUE)
1274         if (p_lcb->is_ble_link)
1275         {
1276             l2cb.controller_le_xmit_window--;
1277             L2C_LINK_SEND_BLE_ACL_DATA (p_buf);
1278         }
1279         else
1280 #endif
1281         {
1282             l2cb.controller_xmit_window--;
1283             L2C_LINK_SEND_ACL_DATA (p_buf);
1284         }
1285     }
1286     else
1287     {
1288 #if BLE_INCLUDED == TRUE
1289         if (p_lcb->is_ble_link)
1290         {
1291             acl_data_size = btu_cb.hcit_ble_acl_data_size;
1292             xmit_window = l2cb.controller_le_xmit_window;
1293 
1294         }
1295         else
1296 #endif
1297         {
1298             acl_data_size = btu_cb.hcit_acl_data_size;
1299             xmit_window = l2cb.controller_xmit_window;
1300         }
1301         num_segs = (p_buf->len - HCI_DATA_PREAMBLE_SIZE + acl_data_size - 1) / acl_data_size;
1302 
1303 
1304         /* If doing round-robin, then only 1 segment each time */
1305         if (p_lcb->link_xmit_quota == 0)
1306         {
1307             num_segs = 1;
1308             p_lcb->partial_segment_being_sent = TRUE;
1309         }
1310         else
1311         {
1312             /* Multi-segment packet. Make sure it can fit */
1313             if (num_segs > xmit_window)
1314             {
1315                 num_segs = xmit_window;
1316                 p_lcb->partial_segment_being_sent = TRUE;
1317             }
1318 
1319             if (num_segs > (p_lcb->link_xmit_quota - p_lcb->sent_not_acked))
1320             {
1321                 num_segs = (p_lcb->link_xmit_quota - p_lcb->sent_not_acked);
1322                 p_lcb->partial_segment_being_sent = TRUE;
1323             }
1324         }
1325 
1326         p_buf->layer_specific        = num_segs;
1327 #if BLE_INCLUDED == TRUE
1328         if (p_lcb->is_ble_link)
1329         {
1330             l2cb.controller_le_xmit_window -= num_segs;
1331 
1332         }
1333         else
1334 #endif
1335         l2cb.controller_xmit_window -= num_segs;
1336 
1337         if (p_lcb->link_xmit_quota == 0)
1338             l2cb.round_robin_unacked += num_segs;
1339 
1340         p_lcb->sent_not_acked += num_segs;
1341 #if BLE_INCLUDED == TRUE
1342         if (p_lcb->is_ble_link)
1343         {
1344             L2C_LINK_SEND_BLE_ACL_DATA(p_buf);
1345         }
1346         else
1347 #endif
1348         {
1349             L2C_LINK_SEND_ACL_DATA (p_buf);
1350         }
1351     }
1352 
1353 #if (L2CAP_HCI_FLOW_CONTROL_DEBUG == TRUE)
1354 #if (BLE_INCLUDED == TRUE)
1355     if (p_lcb->is_ble_link)
1356     {
1357         L2CAP_TRACE_DEBUG6 ("TotalWin=%d,Hndl=0x%x,Quota=%d,Unack=%d,RRQuota=%d,RRUnack=%d",
1358                 l2cb.controller_le_xmit_window,
1359                 p_lcb->handle,
1360                 p_lcb->link_xmit_quota, p_lcb->sent_not_acked,
1361                 l2cb.round_robin_quota, l2cb.round_robin_unacked);
1362     }
1363     else
1364 #endif
1365     {
1366         L2CAP_TRACE_DEBUG6 ("TotalWin=%d,Hndl=0x%x,Quota=%d,Unack=%d,RRQuota=%d,RRUnack=%d",
1367                 l2cb.controller_xmit_window,
1368                 p_lcb->handle,
1369                 p_lcb->link_xmit_quota, p_lcb->sent_not_acked,
1370                 l2cb.round_robin_quota, l2cb.round_robin_unacked);
1371     }
1372 #endif
1373 
1374     return TRUE;
1375 }
1376 
1377 /*******************************************************************************
1378 **
1379 ** Function         l2c_link_process_num_completed_pkts
1380 **
1381 ** Description      This function is called when a "number-of-completed-packets"
1382 **                  event is received from the controller. It updates all the
1383 **                  LCB transmit counts.
1384 **
1385 ** Returns          void
1386 **
1387 *******************************************************************************/
l2c_link_process_num_completed_pkts(UINT8 * p)1388 void l2c_link_process_num_completed_pkts (UINT8 *p)
1389 {
1390     UINT8       num_handles, xx;
1391     UINT16      handle;
1392     UINT16      num_sent;
1393     tL2C_LCB    *p_lcb;
1394 
1395     STREAM_TO_UINT8 (num_handles, p);
1396 
1397     for (xx = 0; xx < num_handles; xx++)
1398     {
1399         STREAM_TO_UINT16 (handle, p);
1400         STREAM_TO_UINT16 (num_sent, p);
1401 
1402         p_lcb = l2cu_find_lcb_by_handle (handle);
1403 
1404         /* Callback for number of completed packet event    */
1405         /* Originally designed for [3DSG]                   */
1406         if((p_lcb != NULL) && (p_lcb->p_nocp_cb))
1407         {
1408             L2CAP_TRACE_DEBUG0 ("L2CAP - calling NoCP callback");
1409             (*p_lcb->p_nocp_cb)(p_lcb->remote_bd_addr);
1410         }
1411 
1412 #if (BLE_INCLUDED == TRUE)
1413         if (p_lcb && p_lcb->is_ble_link)
1414             l2cb.controller_le_xmit_window += num_sent;
1415         else
1416 #endif
1417         {
1418 
1419             /* Maintain the total window to the controller */
1420             l2cb.controller_xmit_window += num_sent;
1421         }
1422 
1423         if (p_lcb)
1424         {
1425             /* If doing round-robin, adjust communal counts */
1426             if (p_lcb->link_xmit_quota == 0)
1427             {
1428                 /* Don't go negative */
1429                 if (l2cb.round_robin_unacked > num_sent)
1430                     l2cb.round_robin_unacked -= num_sent;
1431                 else
1432                     l2cb.round_robin_unacked = 0;
1433             }
1434 
1435             /* Don't go negative */
1436             if (p_lcb->sent_not_acked > num_sent)
1437                 p_lcb->sent_not_acked -= num_sent;
1438             else
1439                 p_lcb->sent_not_acked = 0;
1440 
1441             l2c_link_check_send_pkts (p_lcb, NULL, NULL);
1442 
1443             /* If we were doing round-robin for low priority links, check 'em */
1444             if ( (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
1445               && (l2cb.check_round_robin)
1446               && (l2cb.round_robin_unacked < l2cb.round_robin_quota) )
1447             {
1448               l2c_link_check_send_pkts (NULL, NULL, NULL);
1449             }
1450         }
1451 
1452 #if (L2CAP_HCI_FLOW_CONTROL_DEBUG == TRUE)
1453         if (p_lcb)
1454         {
1455 #if (BLE_INCLUDED == TRUE)
1456             if (p_lcb->is_ble_link)
1457             {
1458                 L2CAP_TRACE_DEBUG5 ("TotalWin=%d,LinkUnack(0x%x)=%d,RRCheck=%d,RRUnack=%d",
1459                     l2cb.controller_le_xmit_window,
1460                     p_lcb->handle, p_lcb->sent_not_acked,
1461                     l2cb.check_round_robin, l2cb.round_robin_unacked);
1462             }
1463             else
1464 #endif
1465             {
1466                 L2CAP_TRACE_DEBUG5 ("TotalWin=%d,LinkUnack(0x%x)=%d,RRCheck=%d,RRUnack=%d",
1467                     l2cb.controller_xmit_window,
1468                     p_lcb->handle, p_lcb->sent_not_acked,
1469                     l2cb.check_round_robin, l2cb.round_robin_unacked);
1470 
1471             }
1472         }
1473         else
1474         {
1475 #if (BLE_INCLUDED == TRUE)
1476             L2CAP_TRACE_DEBUG5 ("TotalWin=%d  LE_Win: %d, Handle=0x%x, RRCheck=%d, RRUnack=%d",
1477                 l2cb.controller_xmit_window,
1478                 l2cb.controller_le_xmit_window,
1479                 handle,
1480                 l2cb.check_round_robin, l2cb.round_robin_unacked);
1481 #else
1482             L2CAP_TRACE_DEBUG4 ("TotalWin=%d  Handle=0x%x  RRCheck=%d  RRUnack=%d",
1483                 l2cb.controller_xmit_window,
1484                 handle,
1485                 l2cb.check_round_robin, l2cb.round_robin_unacked);
1486 #endif
1487         }
1488 #endif
1489     }
1490 
1491 #if (defined(HCILP_INCLUDED) && HCILP_INCLUDED == TRUE)
1492     /* only full stack can enable sleep mode */
1493     btu_check_bt_sleep ();
1494 #endif
1495 }
1496 
1497 /*******************************************************************************
1498 **
1499 ** Function         l2cap_link_chk_pkt_start
1500 **
1501 ** Description      This function is called from the HCI transport when the first
1502 **                  4 bytes of an HCI ACL packet have been received. It checks if the
1503 **                  packet is the next segment of a fragmented L2CAP message. If it
1504 **                  is, and the length is OK, it returns the address of the
1505 **                  starting L2CAP message segment buffer.
1506 **
1507 ** Returns          the address of the receive buffer HCIT should use
1508 **                  (CR419: Modified to return NULL in case of error.)
1509 **
1510 ** NOTE             This assumes that the L2CAP MTU size is less than the size
1511 **                  of an HCI ACL buffer, so the maximum L2CAP message will fit
1512 **                  into one buffer.
1513 **
1514 *******************************************************************************/
l2cap_link_chk_pkt_start(BT_HDR * p_cur_buf)1515 BT_HDR *l2cap_link_chk_pkt_start (BT_HDR *p_cur_buf)
1516 {
1517     UINT8       *p;
1518     UINT16      handle;
1519     UINT16      hci_len;
1520     UINT16      pkt_type;
1521     tL2C_LCB    *p_lcb;
1522     BT_HDR *	p_return_buf;       /* CR419: To avoid returning from too many places */
1523 
1524 
1525     if (p_cur_buf)
1526     {
1527         p = (UINT8 *)(p_cur_buf + 1) + p_cur_buf->offset;
1528     }
1529     else
1530     {
1531         return (NULL);
1532     }
1533 
1534     /* L2CAP expects all rcvd packets to have a layer-specific value of 0 */
1535     p_cur_buf->layer_specific = 0;
1536 
1537     STREAM_TO_UINT16 (handle, p);
1538     STREAM_TO_UINT16 (hci_len, p);
1539 
1540     pkt_type = HCID_GET_EVENT (handle);
1541     handle   = HCID_GET_HANDLE (handle);
1542 
1543     l2cb.p_cur_hcit_lcb = NULL;
1544 
1545     /* Find the link that is associated with this handle */
1546     p_lcb = l2cu_find_lcb_by_handle (handle);
1547 
1548     /* If no link for this handle, nothing to do. */
1549     if (!p_lcb)
1550         return (p_cur_buf) ;
1551 
1552     if (pkt_type == L2CAP_PKT_START)            /*** START PACKET ***/
1553     {
1554         /* Start of packet. If we were in the middle of receiving */
1555         /* a packet, it is incomplete. Drop it.                   */
1556         if (p_lcb->p_hcit_rcv_acl)
1557         {
1558             L2CAP_TRACE_WARNING0 ("L2CAP - dropping incomplete pkt");
1559             GKI_freebuf (p_lcb->p_hcit_rcv_acl);
1560             p_lcb->p_hcit_rcv_acl = NULL;
1561         }
1562 
1563         /* Save the active buffer address in the LCB  */
1564         if ((p_return_buf = p_cur_buf) != NULL)
1565         {
1566             p_lcb->p_hcit_rcv_acl = p_return_buf;
1567             l2cb.p_cur_hcit_lcb   = p_lcb;
1568         }
1569     }
1570     else                                        /*** CONTINUATION PACKET ***/
1571     {
1572         /* Packet continuation. Check if we were expecting it */
1573         if (p_lcb->p_hcit_rcv_acl)
1574         {
1575             UINT16  total_len;
1576             BT_HDR  *p_base_buf = p_lcb->p_hcit_rcv_acl;
1577             UINT8   *p_f        = (UINT8 *)(p_base_buf + 1) + p_base_buf->offset + 2;
1578 
1579             STREAM_TO_UINT16 (total_len, p_f);
1580 
1581             /* We were expecting the CONTINUATION packet. If length fits, it can go in the  */
1582             /* current buffer.                                                              */
1583             if ((total_len + hci_len) <= (L2CAP_MTU_SIZE + HCI_DATA_PREAMBLE_SIZE))
1584             {
1585                 /* GKI_freebuf (p_cur_buf); CR419:Do not free it yet */
1586                 p_return_buf        = p_lcb->p_hcit_rcv_acl;	/* CR419: return base buffer */
1587                 l2cb.p_cur_hcit_lcb = p_lcb;
1588 
1589                 if ((p_cur_buf->len > HCI_DATA_PREAMBLE_SIZE))
1590                 {
1591                     UINT8 *	p		= (UINT8 *)(p_cur_buf + 1)
1592                                                 + p_cur_buf->offset
1593                                                 + HCI_DATA_PREAMBLE_SIZE;
1594                     UINT8 *	p1		= (UINT8 *)(p_return_buf + 1)
1595                                                 + p_return_buf->offset
1596                                                 + p_return_buf->len;
1597 
1598                     /* Copy data from new buffer into base buffer then update the data  */
1599                     /* count in the base buffer accordingly.                            */
1600                     memcpy (p1, p, p_cur_buf->len - HCI_DATA_PREAMBLE_SIZE);
1601                     p_return_buf->len   += (p_cur_buf->len - HCI_DATA_PREAMBLE_SIZE);
1602                 }
1603 
1604                 GKI_freebuf (p_cur_buf);
1605                 p_cur_buf = NULL;
1606 
1607                 /* Update HCI header of first segment (base buffer) with new length */
1608                 total_len += hci_len;
1609                 p_f        = (UINT8 *)(p_base_buf + 1) + p_base_buf->offset + 2;
1610                 UINT16_TO_STREAM (p_f, total_len);
1611             }
1612             else
1613             {
1614                 /* Packet too long. Drop the base packet */
1615                 L2CAP_TRACE_WARNING3 ("L2CAP - dropping too long pkt BufLen: %d  total_len: %d  hci_len: %d",
1616                                       p_lcb->p_hcit_rcv_acl->len, total_len, hci_len);
1617 
1618                 GKI_freebuf (p_lcb->p_hcit_rcv_acl);
1619                 p_lcb->p_hcit_rcv_acl = NULL;
1620                 p_return_buf          = NULL ; /* Can't hold onto it any more */
1621             }
1622         }
1623         else                                    /*** NEITHER START OR CONTINUATION PACKET ***/
1624         {
1625             p_return_buf = NULL ;
1626         }
1627     }
1628 
1629     if (p_return_buf == NULL)                   /* if error is indicated..  */
1630     {
1631         if (p_cur_buf != NULL)                  /* ..drop input buffer      */
1632             GKI_freebuf(p_cur_buf);             /*     (if present)         */
1633     }
1634 
1635     return (p_return_buf);
1636 }
1637 
1638 /*******************************************************************************
1639 **
1640 ** Function         l2cap_link_chk_pkt_end
1641 **
1642 ** Description      This function is called from the HCI transport when the last
1643 **                  byte of an HCI ACL packet has been received. It checks if the
1644 **                  L2CAP message is complete, i.e. no more continuation packets
1645 **                  are expected.
1646 **
1647 ** Returns          TRUE if message complete, FALSE if continuation expected
1648 **
1649 *******************************************************************************/
l2cap_link_chk_pkt_end(void)1650 BOOLEAN l2cap_link_chk_pkt_end (void)
1651 {
1652     UINT8       *p;
1653     BT_HDR      *p_buf;
1654     UINT16      l2cap_len;
1655     tL2C_LCB    *p_lcb;
1656 
1657     /* If link or buffer pointer not set up, let main line handle it */
1658     if (((p_lcb = l2cb.p_cur_hcit_lcb) == NULL) || ((p_buf = p_lcb->p_hcit_rcv_acl) == NULL))
1659         return (TRUE);
1660 
1661     /* Point to the L2CAP length */
1662     p = (UINT8 *)(p_buf + 1) + p_buf->offset + HCI_DATA_PREAMBLE_SIZE;
1663 
1664     STREAM_TO_UINT16 (l2cap_len, p);
1665 
1666     /* If the L2CAP length has not been reached, tell HCIT not to send this buffer to BTU */
1667     if (l2cap_len > (p_buf->len - (HCI_DATA_PREAMBLE_SIZE + L2CAP_PKT_OVERHEAD)))
1668     {
1669         return (FALSE);
1670     }
1671     else
1672     {
1673         p_lcb->p_hcit_rcv_acl = NULL;
1674         return (TRUE);
1675     }
1676 }
1677 
1678 
1679 /*******************************************************************************
1680 **
1681 ** Function         l2c_link_segments_xmitted
1682 **
1683 ** Description      This function is called from the HCI Interface when an ACL
1684 **                  data packet segment is transmitted.
1685 **
1686 ** Returns          void
1687 **
1688 *******************************************************************************/
l2c_link_segments_xmitted(BT_HDR * p_msg)1689 void l2c_link_segments_xmitted (BT_HDR *p_msg)
1690 {
1691     UINT8       *p = (UINT8 *)(p_msg + 1) + p_msg->offset;
1692     UINT16      handle;
1693     tL2C_LCB    *p_lcb;
1694 
1695     /* Extract the handle */
1696     STREAM_TO_UINT16 (handle, p);
1697     handle   = HCID_GET_HANDLE (handle);
1698 
1699     /* Find the LCB based on the handle */
1700     if ((p_lcb = l2cu_find_lcb_by_handle (handle)) == NULL)
1701     {
1702         L2CAP_TRACE_WARNING1 ("L2CAP - rcvd segment complete, unknown handle: %d", handle);
1703         GKI_freebuf (p_msg);
1704         return;
1705     }
1706 
1707     if (p_lcb->link_state == LST_CONNECTED)
1708     {
1709         /* Enqueue the buffer to the head of the transmit queue, and see */
1710         /* if we can transmit anything more.                             */
1711         GKI_enqueue_head (&p_lcb->link_xmit_data_q, p_msg);
1712 
1713         p_lcb->partial_segment_being_sent = FALSE;
1714 
1715         l2c_link_check_send_pkts (p_lcb, NULL, NULL);
1716     }
1717     else
1718         GKI_freebuf (p_msg);
1719 }
1720