• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /******************************************************************************
2  *
3  *  Copyright (C) 1999-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  this file contains the functions relating to link management. A "link"
22  *  is a connection between this device and another device. Only ACL links
23  *  are managed.
24  *
25  ******************************************************************************/
26 
27 #include <stdlib.h>
28 #include <string.h>
29 #include <stdio.h>
30 
31 #include "gki.h"
32 #include "bt_types.h"
33 #include "hcimsgs.h"
34 #include "l2cdefs.h"
35 #include "l2c_int.h"
36 #include "l2c_api.h"
37 #include "btu.h"
38 #include "btm_api.h"
39 #include "btm_int.h"
40 
41 static BOOLEAN l2c_link_send_to_lower (tL2C_LCB *p_lcb, BT_HDR *p_buf);
42 
43 #define L2C_LINK_SEND_ACL_DATA(x)  HCI_ACL_DATA_TO_LOWER((x))
44 
45 #if (BLE_INCLUDED == TRUE)
46 #define L2C_LINK_SEND_BLE_ACL_DATA(x)  HCI_BLE_ACL_DATA_TO_LOWER((x))
47 #endif
48 
49 /*******************************************************************************
50 **
51 ** Function         l2c_link_hci_conn_req
52 **
53 ** Description      This function is called when an HCI Connection Request
54 **                  event is received.
55 **
56 ** Returns          TRUE, if accept conn
57 **
58 *******************************************************************************/
l2c_link_hci_conn_req(BD_ADDR bd_addr)59 BOOLEAN l2c_link_hci_conn_req (BD_ADDR bd_addr)
60 {
61     tL2C_LCB        *p_lcb;
62     tL2C_LCB        *p_lcb_cur;
63     int             xx;
64     BOOLEAN         no_links;
65 
66     /* See if we have a link control block for the remote device */
67     p_lcb = l2cu_find_lcb_by_bd_addr (bd_addr);
68 
69     /* If we don't have one, create one and accept the connection. */
70     if (!p_lcb)
71     {
72         p_lcb = l2cu_allocate_lcb (bd_addr, FALSE);
73         if (!p_lcb)
74         {
75             btsnd_hcic_reject_conn (bd_addr, HCI_ERR_HOST_REJECT_RESOURCES);
76             L2CAP_TRACE_ERROR0 ("L2CAP failed to allocate LCB");
77             return FALSE;
78         }
79 
80         no_links = TRUE;
81 
82         /* If we already have connection, accept as a master */
83         for (xx = 0, p_lcb_cur = &l2cb.lcb_pool[0]; xx < MAX_L2CAP_LINKS; xx++, p_lcb_cur++)
84         {
85             if (p_lcb_cur == p_lcb)
86                 continue;
87 
88             if (p_lcb_cur->in_use)
89             {
90                 no_links = FALSE;
91                 p_lcb->link_role = HCI_ROLE_MASTER;
92                 break;
93             }
94         }
95 
96         if (no_links)
97         {
98             if (!btm_dev_support_switch (bd_addr))
99                 p_lcb->link_role = HCI_ROLE_SLAVE;
100             else
101                 p_lcb->link_role = l2cu_get_conn_role(bd_addr);
102         }
103 
104         /* Tell the other side we accept the connection */
105         btsnd_hcic_accept_conn (bd_addr, p_lcb->link_role);
106 
107         p_lcb->link_state = LST_CONNECTING;
108 
109         /* Start a timer waiting for connect complete */
110         btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, L2CAP_LINK_CONNECT_TOUT);
111         return (TRUE);
112     }
113 
114     /* We already had a link control block to the guy. Check what state it is in */
115     if ((p_lcb->link_state == LST_CONNECTING) || (p_lcb->link_state == LST_CONNECT_HOLDING))
116     {
117         /* Connection collision. Accept the connection anyways. */
118 
119         if (!btm_dev_support_switch (bd_addr))
120             p_lcb->link_role = HCI_ROLE_SLAVE;
121         else
122             p_lcb->link_role = l2cu_get_conn_role(bd_addr);
123 
124         btsnd_hcic_accept_conn (bd_addr, p_lcb->link_role);
125 
126         p_lcb->link_state = LST_CONNECTING;
127         return (TRUE);
128     }
129     else if (p_lcb->link_state == LST_DISCONNECTING)
130     {
131         /* In disconnecting state, reject the connection. */
132         btsnd_hcic_reject_conn (bd_addr, HCI_ERR_HOST_REJECT_DEVICE);
133     }
134     else
135     {
136         L2CAP_TRACE_ERROR1("L2CAP got conn_req while connected (state:%d). Reject it",
137                 p_lcb->link_state);
138         /* Reject the connection with ACL Connection Already exist reason */
139         btsnd_hcic_reject_conn (bd_addr, HCI_ERR_CONNECTION_EXISTS);
140     }
141     return (FALSE);
142 }
143 
144 /*******************************************************************************
145 **
146 ** Function         l2c_link_hci_conn_comp
147 **
148 ** Description      This function is called when an HCI Connection Complete
149 **                  event is received.
150 **
151 ** Returns          void
152 **
153 *******************************************************************************/
l2c_link_hci_conn_comp(UINT8 status,UINT16 handle,BD_ADDR p_bda)154 BOOLEAN l2c_link_hci_conn_comp (UINT8 status, UINT16 handle, BD_ADDR p_bda)
155 {
156     tL2C_CONN_INFO       ci;
157     tL2C_LCB            *p_lcb;
158     tL2C_CCB            *p_ccb;
159     tBTM_SEC_DEV_REC    *p_dev_info = NULL;
160 
161 #if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE)
162     btm_acl_update_busy_level (BTM_BLI_PAGE_DONE_EVT);
163 #endif
164 
165     /* Save the parameters */
166     ci.status       = status;
167     memcpy (ci.bd_addr, p_bda, BD_ADDR_LEN);
168 
169     /* See if we have a link control block for the remote device */
170     p_lcb = l2cu_find_lcb_by_bd_addr (ci.bd_addr);
171 
172     /* If we don't have one, this is an error */
173     if (!p_lcb)
174     {
175         L2CAP_TRACE_WARNING0 ("L2CAP got conn_comp for unknown BD_ADDR");
176         return (FALSE);
177     }
178 
179     if (p_lcb->link_state != LST_CONNECTING)
180     {
181         L2CAP_TRACE_ERROR2 ("L2CAP got conn_comp in bad state: %d  status: 0x%d", p_lcb->link_state, status);
182 
183         if (status != HCI_SUCCESS)
184             l2c_link_hci_disc_comp (p_lcb->handle, status);
185 
186         return (FALSE);
187     }
188 
189     /* Save the handle */
190     p_lcb->handle = handle;
191 
192     if (ci.status == HCI_SUCCESS)
193     {
194         /* Connected OK. Change state to connected */
195         p_lcb->link_state = LST_CONNECTED;
196 
197         /* Get the peer information if the l2cap flow-control/rtrans is supported */
198         l2cu_send_peer_info_req (p_lcb, L2CAP_EXTENDED_FEATURES_INFO_TYPE);
199 
200         /* Tell BTM Acl management about the link */
201         if ((p_dev_info = btm_find_dev (p_bda)) != NULL)
202             btm_acl_created (ci.bd_addr, p_dev_info->dev_class,
203                              p_dev_info->sec_bd_name, handle,
204                              p_lcb->link_role, FALSE);
205         else
206             btm_acl_created (ci.bd_addr, NULL, NULL, handle, p_lcb->link_role, FALSE);
207 
208         BTM_SetLinkSuperTout (ci.bd_addr, btm_cb.btm_def_link_super_tout);
209 
210         /* If dedicated bonding do not process any further */
211         if (p_lcb->is_bonding)
212         {
213             if (l2cu_start_post_bond_timer(handle))
214                 return (TRUE);
215         }
216 
217         /* Update the timeouts in the hold queue */
218         l2c_process_held_packets(FALSE);
219 
220         btu_stop_timer (&p_lcb->timer_entry);
221 
222         /* For all channels, send the event through their FSMs */
223         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb)
224         {
225             l2c_csm_execute (p_ccb, L2CEVT_LP_CONNECT_CFM, &ci);
226         }
227 
228         if (p_lcb->p_echo_rsp_cb)
229         {
230             l2cu_send_peer_echo_req (p_lcb, NULL, 0);
231             btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, L2CAP_ECHO_RSP_TOUT);
232         }
233         else if (!p_lcb->ccb_queue.p_first_ccb)
234         {
235             btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, L2CAP_LINK_STARTUP_TOUT);
236         }
237     }
238     /* Max number of acl connections.                          */
239     /* If there's an lcb disconnecting set this one to holding */
240     else if ((ci.status == HCI_ERR_MAX_NUM_OF_CONNECTIONS) && l2cu_lcb_disconnecting())
241     {
242         p_lcb->link_state = LST_CONNECT_HOLDING;
243         p_lcb->handle = HCI_INVALID_HANDLE;
244     }
245     else
246     {
247         /* Just in case app decides to try again in the callback context */
248         p_lcb->link_state = LST_DISCONNECTING;
249 
250         /* Connection failed. For all channels, send the event through */
251         /* their FSMs. The CCBs should remove themselves from the LCB  */
252         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; )
253         {
254             tL2C_CCB *pn = p_ccb->p_next_ccb;
255 
256             l2c_csm_execute (p_ccb, L2CEVT_LP_CONNECT_CFM_NEG, &ci);
257 
258             p_ccb = pn;
259         }
260 
261         p_lcb->disc_reason = status;
262         /* Release the LCB */
263         if (p_lcb->ccb_queue.p_first_ccb == NULL)
264             l2cu_release_lcb (p_lcb);
265         else                              /* there are any CCBs remaining */
266         {
267             if (ci.status == HCI_ERR_CONNECTION_EXISTS)
268             {
269                 /* we are in collision situation, wait for connecttion request from controller */
270                 p_lcb->link_state = LST_CONNECTING;
271             }
272             else
273             {
274                 l2cu_create_conn(p_lcb);
275             }
276         }
277     }
278     return (TRUE);
279 }
280 
281 
282 /*******************************************************************************
283 **
284 ** Function         l2c_link_sec_comp
285 **
286 ** Description      This function is called when required security procedures
287 **                  are completed.
288 **
289 ** Returns          void
290 **
291 *******************************************************************************/
l2c_link_sec_comp(BD_ADDR p_bda,void * p_ref_data,UINT8 status)292 void l2c_link_sec_comp (BD_ADDR p_bda, void *p_ref_data, UINT8 status)
293 {
294     tL2C_CONN_INFO  ci;
295     tL2C_LCB        *p_lcb;
296     tL2C_CCB        *p_ccb;
297     tL2C_CCB        *p_next_ccb;
298     UINT8           event;
299 
300     L2CAP_TRACE_DEBUG2 ("l2c_link_sec_comp: %d, 0x%x", status, p_ref_data);
301 
302     if (status == BTM_SUCCESS_NO_SECURITY)
303         status = BTM_SUCCESS;
304 
305     /* Save the parameters */
306     ci.status       = status;
307     memcpy (ci.bd_addr, p_bda, BD_ADDR_LEN);
308 
309     p_lcb = l2cu_find_lcb_by_bd_addr (p_bda);
310 
311     /* If we don't have one, this is an error */
312     if (!p_lcb)
313     {
314         L2CAP_TRACE_WARNING0 ("L2CAP got sec_comp for unknown BD_ADDR");
315         return;
316     }
317 
318     /* Match p_ccb with p_ref_data returned by sec manager */
319     for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_next_ccb)
320     {
321         p_next_ccb = p_ccb->p_next_ccb;
322 
323         if (p_ccb == p_ref_data)
324         {
325             switch(status)
326             {
327             case BTM_SUCCESS:
328                 L2CAP_TRACE_DEBUG1 ("ccb timer ticks: %u", p_ccb->timer_entry.ticks);
329                 event = L2CEVT_SEC_COMP;
330                 break;
331 
332             case BTM_DELAY_CHECK:
333                 /* start a timer - encryption change not received before L2CAP connect req */
334                 btu_start_timer (&p_ccb->timer_entry, BTU_TTYPE_L2CAP_CHNL, L2CAP_DELAY_CHECK_SM4);
335                 return;
336 
337             default:
338                 event = L2CEVT_SEC_COMP_NEG;
339             }
340             l2c_csm_execute (p_ccb, event, &ci);
341             break;
342         }
343     }
344 }
345 
346 
347 /*******************************************************************************
348 **
349 ** Function         l2c_link_hci_disc_comp
350 **
351 ** Description      This function is called when an HCI Disconnect Complete
352 **                  event is received.
353 **
354 ** Returns          TRUE if the link is known about, else FALSE
355 **
356 *******************************************************************************/
l2c_link_hci_disc_comp(UINT16 handle,UINT8 reason)357 BOOLEAN l2c_link_hci_disc_comp (UINT16 handle, UINT8 reason)
358 {
359     tL2C_LCB    *p_lcb;
360     tL2C_CCB    *p_ccb;
361     BOOLEAN     status = TRUE;
362     BOOLEAN     lcb_is_free = TRUE;
363 
364     /* See if we have a link control block for the connection */
365     p_lcb = l2cu_find_lcb_by_handle (handle);
366 
367     /* If we don't have one, maybe an SCO link. Send to MM */
368     if (!p_lcb)
369     {
370         status = FALSE;
371     }
372     else
373     {
374         /* There can be a case when we rejected PIN code authentication */
375         /* otherwise save a new reason */
376         if (btm_cb.acl_disc_reason != HCI_ERR_HOST_REJECT_SECURITY)
377             btm_cb.acl_disc_reason = reason;
378 
379         p_lcb->disc_reason = btm_cb.acl_disc_reason;
380 
381         /* Just in case app decides to try again in the callback context */
382         p_lcb->link_state = LST_DISCONNECTING;
383 
384         /* Link is disconnected. For all channels, send the event through */
385         /* their FSMs. The CCBs should remove themselves from the LCB     */
386         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; )
387         {
388             tL2C_CCB *pn = p_ccb->p_next_ccb;
389 
390             /* Keep connect pending control block (if exists)
391              * Possible Race condition when a reconnect occurs
392              * on the channel during a disconnect of link. This
393              * ccb will be automatically retried after link disconnect
394              * arrives
395              */
396             if (p_ccb != p_lcb->p_pending_ccb)
397             {
398                 l2c_csm_execute (p_ccb, L2CEVT_LP_DISCONNECT_IND, &reason);
399             }
400             p_ccb = pn;
401         }
402 
403 #if BTM_SCO_INCLUDED == TRUE
404         /* Tell SCO management to drop any SCOs on this ACL */
405         btm_sco_acl_removed (p_lcb->remote_bd_addr);
406 #endif
407 
408         /* If waiting for disconnect and reconnect is pending start the reconnect now
409            race condition where layer above issued connect request on link that was
410            disconnecting
411          */
412         if (p_lcb->ccb_queue.p_first_ccb != NULL)
413         {
414 #if (L2CAP_NUM_FIXED_CHNLS > 0)
415             /* If we are going to re-use the LCB without dropping it, release all fixed channels here */
416             int         xx;
417 
418             for (xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++)
419             {
420                 if (p_lcb->p_fixed_ccbs[xx])
421                 {
422                     (*l2cb.fixed_reg[xx].pL2CA_FixedConn_Cb)(p_lcb->remote_bd_addr, FALSE, p_lcb->disc_reason);
423                     l2cu_release_ccb (p_lcb->p_fixed_ccbs[xx]);
424 
425                     p_lcb->p_fixed_ccbs[xx] = NULL;
426                 }
427             }
428 #endif
429             L2CAP_TRACE_DEBUG0("l2c_link_hci_disc_comp: Restarting pending ACL request");
430 
431             if (l2cu_create_conn(p_lcb))
432                 lcb_is_free = FALSE; /* still using this lcb */
433         }
434 
435         p_lcb->p_pending_ccb = NULL;
436 
437         /* Release the LCB */
438         if (lcb_is_free)
439             l2cu_release_lcb (p_lcb);
440     }
441 
442     /* Now that we have a free acl connection, see if any lcbs are pending */
443     if (lcb_is_free && ((p_lcb = l2cu_find_lcb_by_state(LST_CONNECT_HOLDING)) != NULL))
444     {
445         /* we found one-- create a connection */
446         l2cu_create_conn(p_lcb);
447     }
448 
449     return status;
450 }
451 
452 
453 /*******************************************************************************
454 **
455 ** Function         l2c_link_hci_qos_violation
456 **
457 ** Description      This function is called when an HCI QOS Violation
458 **                  event is received.
459 **
460 ** Returns          TRUE if the link is known about, else FALSE
461 **
462 *******************************************************************************/
l2c_link_hci_qos_violation(UINT16 handle)463 BOOLEAN l2c_link_hci_qos_violation (UINT16 handle)
464 {
465     tL2C_LCB        *p_lcb;
466     tL2C_CCB        *p_ccb;
467 
468     /* See if we have a link control block for the connection */
469     p_lcb = l2cu_find_lcb_by_handle (handle);
470 
471     /* If we don't have one, maybe an SCO link. */
472     if (!p_lcb)
473         return (FALSE);
474 
475     /* For all channels, tell the upper layer about it */
476     for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb)
477     {
478         if (p_ccb->p_rcb->api.pL2CA_QoSViolationInd_Cb)
479             l2c_csm_execute (p_ccb, L2CEVT_LP_QOS_VIOLATION_IND, NULL);
480     }
481 
482     return (TRUE);
483 }
484 
485 
486 
487 /*******************************************************************************
488 **
489 ** Function         l2c_link_timeout
490 **
491 ** Description      This function is called when a link timer expires
492 **
493 ** Returns          void
494 **
495 *******************************************************************************/
l2c_link_timeout(tL2C_LCB * p_lcb)496 void l2c_link_timeout (tL2C_LCB *p_lcb)
497 {
498     tL2C_CCB   *p_ccb;
499     UINT16      timeout;
500     tBTM_STATUS rc;
501 
502      L2CAP_TRACE_EVENT3 ("L2CAP - l2c_link_timeout() link state %d first CCB %p is_bonding:%d",
503          p_lcb->link_state, p_lcb->ccb_queue.p_first_ccb, p_lcb->is_bonding);
504 
505     /* If link was connecting or disconnecting, clear all channels and drop the LCB */
506     if ((p_lcb->link_state == LST_CONNECTING_WAIT_SWITCH) ||
507         (p_lcb->link_state == LST_CONNECTING) ||
508         (p_lcb->link_state == LST_CONNECT_HOLDING) ||
509         (p_lcb->link_state == LST_DISCONNECTING))
510     {
511         p_lcb->p_pending_ccb = NULL;
512 
513         /* For all channels, send a disconnect indication event through */
514         /* their FSMs. The CCBs should remove themselves from the LCB   */
515         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; )
516         {
517             tL2C_CCB *pn = p_ccb->p_next_ccb;
518 
519             l2c_csm_execute (p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL);
520 
521             p_ccb = pn;
522         }
523 #if (BLE_INCLUDED == TRUE)
524         if (p_lcb->link_state == LST_CONNECTING &&
525             l2cb.is_ble_connecting == TRUE)
526         {
527             L2CA_CancelBleConnectReq(l2cb.ble_connecting_bda);
528         }
529 #endif
530         /* Release the LCB */
531         l2cu_release_lcb (p_lcb);
532     }
533 
534     /* If link is connected, check for inactivity timeout */
535     if (p_lcb->link_state == LST_CONNECTED)
536     {
537         /* Check for ping outstanding */
538         if (p_lcb->p_echo_rsp_cb)
539         {
540             tL2CA_ECHO_RSP_CB *p_cb = p_lcb->p_echo_rsp_cb;
541 
542             /* Zero out the callback in case app immediately calls us again */
543             p_lcb->p_echo_rsp_cb = NULL;
544 
545             (*p_cb) (L2CAP_PING_RESULT_NO_RESP);
546 
547              L2CAP_TRACE_WARNING0 ("L2CAP - ping timeout");
548 
549             /* For all channels, send a disconnect indication event through */
550             /* their FSMs. The CCBs should remove themselves from the LCB   */
551             for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; )
552             {
553                 tL2C_CCB *pn = p_ccb->p_next_ccb;
554 
555                 l2c_csm_execute (p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL);
556 
557                 p_ccb = pn;
558             }
559         }
560 
561         /* If no channels in use, drop the link. */
562         if (!p_lcb->ccb_queue.p_first_ccb)
563         {
564             rc = btm_sec_disconnect (p_lcb->handle, HCI_ERR_PEER_USER);
565 
566             if (rc == BTM_CMD_STORED)
567             {
568                 /* Security Manager will take care of disconnecting, state will be updated at that time */
569                 timeout = 0xFFFF;
570             }
571             else if (rc == BTM_CMD_STARTED)
572             {
573                 p_lcb->link_state = LST_DISCONNECTING;
574                 timeout = L2CAP_LINK_DISCONNECT_TOUT;
575             }
576             else if (rc == BTM_SUCCESS)
577             {
578                 /* BTM SEC will make sure that link is release (probably after pairing is done) */
579                 p_lcb->link_state = LST_DISCONNECTING;
580                 timeout = 0xFFFF;
581             }
582             else if (rc == BTM_BUSY)
583             {
584                 /* BTM is still executing security process. Let lcb stay as connected */
585                 timeout = 0xFFFF;
586             }
587             else if ((p_lcb->is_bonding)
588                   && (btsnd_hcic_disconnect (p_lcb->handle, HCI_ERR_PEER_USER)))
589             {
590                 p_lcb->link_state = LST_DISCONNECTING;
591                 timeout = L2CAP_LINK_DISCONNECT_TOUT;
592             }
593             else
594             {
595                 /* probably no buffer to send disconnect */
596                 timeout = BT_1SEC_TIMEOUT;
597             }
598 
599             if (timeout != 0xFFFF)
600             {
601                 btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, timeout);
602             }
603         }
604         else
605         {
606             /* Check in case we were flow controlled */
607             l2c_link_check_send_pkts (p_lcb, NULL, NULL);
608         }
609     }
610 }
611 
612 /*******************************************************************************
613 **
614 ** Function         l2c_info_timeout
615 **
616 ** Description      This function is called when an info request times out
617 **
618 ** Returns          void
619 **
620 *******************************************************************************/
l2c_info_timeout(tL2C_LCB * p_lcb)621 void l2c_info_timeout (tL2C_LCB *p_lcb)
622 {
623     tL2C_CCB   *p_ccb;
624     tL2C_CONN_INFO  ci;
625 
626     /* If we timed out waiting for info response, just continue using basic if allowed */
627     if (p_lcb->w4_info_rsp)
628     {
629         /* If waiting for security complete, restart the info response timer */
630         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb)
631         {
632             if ( (p_ccb->chnl_state == CST_ORIG_W4_SEC_COMP) || (p_ccb->chnl_state == CST_TERM_W4_SEC_COMP) )
633             {
634                 btu_start_timer (&p_lcb->info_timer_entry, BTU_TTYPE_L2CAP_INFO, L2CAP_WAIT_INFO_RSP_TOUT);
635                 return;
636             }
637         }
638 
639         p_lcb->w4_info_rsp = FALSE;
640 
641         /* If link is in process of being brought up */
642         if ((p_lcb->link_state != LST_DISCONNECTED) &&
643             (p_lcb->link_state != LST_DISCONNECTING))
644         {
645             /* Notify active channels that peer info is finished */
646             if (p_lcb->ccb_queue.p_first_ccb)
647             {
648                 ci.status = HCI_SUCCESS;
649                 memcpy (ci.bd_addr, p_lcb->remote_bd_addr, sizeof(BD_ADDR));
650 
651                 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb)
652                 {
653                     l2c_csm_execute (p_ccb, L2CEVT_L2CAP_INFO_RSP, &ci);
654                 }
655             }
656         }
657     }
658 }
659 
660 /*******************************************************************************
661 **
662 ** Function         l2c_link_adjust_allocation
663 **
664 ** Description      This function is called when a link is created or removed
665 **                  to calculate the amount of packets each link may send to
666 **                  the HCI without an ack coming back.
667 **
668 **                  Currently, this is a simple allocation, dividing the
669 **                  number of Controller Packets by the number of links. In
670 **                  the future, QOS configuration should be examined.
671 **
672 ** Returns          void
673 **
674 *******************************************************************************/
l2c_link_adjust_allocation(void)675 void l2c_link_adjust_allocation (void)
676 {
677     UINT16      qq, yy, qq_remainder;
678     tL2C_LCB    *p_lcb;
679     UINT16      hi_quota, low_quota;
680     UINT16      num_lowpri_links = 0;
681     UINT16      num_hipri_links  = 0;
682     UINT16      controller_xmit_quota = l2cb.num_lm_acl_bufs;
683     UINT16      high_pri_link_quota = L2CAP_HIGH_PRI_MIN_XMIT_QUOTA_A;
684 
685     /* If no links active, reset buffer quotas and controller buffers */
686     if (l2cb.num_links_active == 0)
687     {
688         l2cb.controller_xmit_window = l2cb.num_lm_acl_bufs;
689         l2cb.round_robin_quota = l2cb.round_robin_unacked = 0;
690         return;
691     }
692 
693     /* First, count the links */
694     for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++)
695     {
696         if (p_lcb->in_use)
697         {
698             if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
699                 num_hipri_links++;
700             else
701                 num_lowpri_links++;
702         }
703     }
704 
705     /* now adjust high priority link quota */
706     low_quota = num_lowpri_links ? 1 : 0;
707     while ( (num_hipri_links * high_pri_link_quota + low_quota) > controller_xmit_quota )
708         high_pri_link_quota--;
709 
710     /* Work out the xmit quota and buffer quota high and low priorities */
711     hi_quota  = num_hipri_links * high_pri_link_quota;
712     low_quota = (hi_quota < controller_xmit_quota) ? controller_xmit_quota - hi_quota : 1;
713 
714     /* Work out and save the HCI xmit quota for each low priority link */
715 
716     /* If each low priority link cannot have at least one buffer */
717     if (num_lowpri_links > low_quota)
718     {
719         l2cb.round_robin_quota = low_quota;
720         qq = qq_remainder = 0;
721     }
722     /* If each low priority link can have at least one buffer */
723     else if (num_lowpri_links > 0)
724     {
725         l2cb.round_robin_quota = 0;
726         l2cb.round_robin_unacked = 0;
727         qq = low_quota / num_lowpri_links;
728         qq_remainder = low_quota % num_lowpri_links;
729     }
730     /* If no low priority link */
731     else
732     {
733         l2cb.round_robin_quota = 0;
734         l2cb.round_robin_unacked = 0;
735         qq = qq_remainder = 0;
736     }
737 
738     L2CAP_TRACE_EVENT5 ("l2c_link_adjust_allocation  num_hipri: %u  num_lowpri: %u  low_quota: %u  round_robin_quota: %u  qq: %u",
739                         num_hipri_links, num_lowpri_links, low_quota,
740                         l2cb.round_robin_quota, qq);
741 
742     /* Now, assign the quotas to each link */
743     for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++)
744     {
745         if (p_lcb->in_use)
746         {
747             if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
748             {
749                 p_lcb->link_xmit_quota   = high_pri_link_quota;
750             }
751             else
752             {
753                 /* Safety check in case we switched to round-robin with something outstanding */
754                 /* if sent_not_acked is added into round_robin_unacked then don't add it again */
755                 /* l2cap keeps updating sent_not_acked for exiting from round robin */
756                 if (( p_lcb->link_xmit_quota > 0 )&&( qq == 0 ))
757                     l2cb.round_robin_unacked += p_lcb->sent_not_acked;
758 
759                 p_lcb->link_xmit_quota   = qq;
760                 if (qq_remainder > 0)
761                 {
762                     p_lcb->link_xmit_quota++;
763                     qq_remainder--;
764                 }
765             }
766 
767 #if L2CAP_HOST_FLOW_CTRL
768             p_lcb->link_ack_thresh = L2CAP_HOST_FC_ACL_BUFS / l2cb.num_links_active;
769 #endif
770             L2CAP_TRACE_EVENT3 ("l2c_link_adjust_allocation LCB %d   Priority: %d  XmitQuota: %d",
771                                 yy, p_lcb->acl_priority, p_lcb->link_xmit_quota);
772 
773             L2CAP_TRACE_EVENT2 ("        SentNotAcked: %d  RRUnacked: %d",
774                                 p_lcb->sent_not_acked, l2cb.round_robin_unacked);
775 
776             /* There is a special case where we have readjusted the link quotas and  */
777             /* this link may have sent anything but some other link sent packets so  */
778             /* so we may need a timer to kick off this link's transmissions.         */
779             if ( (p_lcb->link_state == LST_CONNECTED)
780               && (p_lcb->link_xmit_data_q.count)
781               && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota) )
782                 btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, L2CAP_LINK_FLOW_CONTROL_TOUT);
783         }
784     }
785 
786 }
787 
788 /*******************************************************************************
789 **
790 ** Function         l2c_link_adjust_chnl_allocation
791 **
792 ** Description      This function is called to calculate the amount of packets each
793 **                  non-F&EC channel may have outstanding.
794 **
795 **                  Currently, this is a simple allocation, dividing the number
796 **                  of packets allocated to the link by the number of channels. In
797 **                  the future, QOS configuration should be examined.
798 **
799 ** Returns          void
800 **
801 *******************************************************************************/
l2c_link_adjust_chnl_allocation(void)802 void l2c_link_adjust_chnl_allocation (void)
803 {
804     tL2C_CCB    *p_ccb;
805     UINT8       xx;
806 
807     UINT16      weighted_chnls[GKI_NUM_TOTAL_BUF_POOLS];
808     UINT16      quota_per_weighted_chnls[GKI_NUM_TOTAL_BUF_POOLS];
809     UINT16      reserved_buff[GKI_NUM_TOTAL_BUF_POOLS];
810 
811     L2CAP_TRACE_DEBUG0 ("l2c_link_adjust_chnl_allocation");
812 
813     /* initialize variables */
814     for (xx = 0; xx < GKI_NUM_TOTAL_BUF_POOLS; xx++ )
815     {
816         weighted_chnls[xx] = 0;
817         reserved_buff[xx] = 0;
818     }
819 
820     /* add up all of tx and rx data rate requirement */
821     /* channel required higher data rate will get more buffer quota */
822     for (xx = 0; xx < MAX_L2CAP_CHANNELS; xx++)
823     {
824         p_ccb = l2cb.ccb_pool + xx;
825 
826         if (!p_ccb->in_use)
827             continue;
828 
829         if (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_BASIC_MODE)
830         {
831             weighted_chnls[p_ccb->ertm_info.user_tx_pool_id] += p_ccb->tx_data_rate;
832             weighted_chnls[p_ccb->ertm_info.user_rx_pool_id] += p_ccb->rx_data_rate;
833 
834             if (p_ccb->ertm_info.fcr_tx_pool_id == HCI_ACL_POOL_ID)
835             {
836                 /* reserve buffers only for wait_for_ack_q to maximize throughput */
837                 /* retrans_q will work based on buffer status */
838                 reserved_buff[HCI_ACL_POOL_ID] += p_ccb->peer_cfg.fcr.tx_win_sz;
839             }
840 
841             if (p_ccb->ertm_info.fcr_rx_pool_id == HCI_ACL_POOL_ID)
842             {
843                 /* reserve buffers for srej_rcv_hold_q */
844                 reserved_buff[HCI_ACL_POOL_ID] += p_ccb->peer_cfg.fcr.tx_win_sz;
845             }
846         }
847         else
848         {
849             /* low data rate is 1, medium is 2, high is 3 and no traffic is 0 */
850             weighted_chnls[HCI_ACL_POOL_ID] += p_ccb->tx_data_rate + p_ccb->rx_data_rate;
851         }
852     }
853 
854 
855     /* get unit quota per pool */
856     for (xx = 0; xx < GKI_NUM_TOTAL_BUF_POOLS; xx++ )
857     {
858         if ( weighted_chnls[xx] > 0 )
859         {
860             if (GKI_poolcount(xx) > reserved_buff[xx])
861                 quota_per_weighted_chnls[xx] = ((GKI_poolcount(xx) - reserved_buff[xx])/weighted_chnls[xx]) + 1;
862             else
863                 quota_per_weighted_chnls[xx] = 1;
864 
865             L2CAP_TRACE_DEBUG5 ("POOL ID:%d, GKI_poolcount = %d, reserved_buff = %d, weighted_chnls = %d, quota_per_weighted_chnls = %d",
866                                  xx, GKI_poolcount(xx), reserved_buff[xx], weighted_chnls[xx], quota_per_weighted_chnls[xx] );
867         }
868         else
869             quota_per_weighted_chnls[xx] = 0;
870     }
871 
872 
873     /* assign buffer quota to each channel based on its data rate requirement */
874     for (xx = 0; xx < MAX_L2CAP_CHANNELS; xx++)
875     {
876         p_ccb = l2cb.ccb_pool + xx;
877 
878         if (!p_ccb->in_use)
879             continue;
880 
881         if (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_BASIC_MODE)
882         {
883             p_ccb->buff_quota = quota_per_weighted_chnls[p_ccb->ertm_info.user_tx_pool_id] * p_ccb->tx_data_rate;
884 
885             L2CAP_TRACE_EVENT6 ("CID:0x%04x FCR Mode:%u UserTxPool:%u Priority:%u TxDataRate:%u Quota:%u",
886                                 p_ccb->local_cid, p_ccb->peer_cfg.fcr.mode, p_ccb->ertm_info.user_tx_pool_id,
887                                 p_ccb->ccb_priority, p_ccb->tx_data_rate, p_ccb->buff_quota);
888 
889         }
890         else
891         {
892             p_ccb->buff_quota = quota_per_weighted_chnls[HCI_ACL_POOL_ID] * p_ccb->tx_data_rate;
893 
894             L2CAP_TRACE_EVENT4 ("CID:0x%04x Priority:%u TxDataRate:%u Quota:%u",
895                                 p_ccb->local_cid,
896                                 p_ccb->ccb_priority, p_ccb->tx_data_rate, p_ccb->buff_quota);
897         }
898 
899         /* quota may be change so check congestion */
900         l2cu_check_channel_congestion (p_ccb);
901     }
902 }
903 
904 /*******************************************************************************
905 **
906 ** Function         l2c_link_processs_num_bufs
907 **
908 ** Description      This function is called when a "controller buffer size"
909 **                  event is first received from the controller. It updates
910 **                  the L2CAP values.
911 **
912 ** Returns          void
913 **
914 *******************************************************************************/
l2c_link_processs_num_bufs(UINT16 num_lm_acl_bufs)915 void l2c_link_processs_num_bufs (UINT16 num_lm_acl_bufs)
916 {
917     l2cb.num_lm_acl_bufs = l2cb.controller_xmit_window = num_lm_acl_bufs;
918 
919 }
920 
921 /*******************************************************************************
922 **
923 ** Function         l2c_link_pkts_rcvd
924 **
925 ** Description      This function is called from the HCI transport when it is time
926 **                  tto send a "Host ready for packets" command. This is only when
927 **                  host to controller flow control is used. If fills in the arrays
928 **                  of numbers of packets and handles.
929 **
930 ** Returns          count of number of entries filled in
931 **
932 *******************************************************************************/
l2c_link_pkts_rcvd(UINT16 * num_pkts,UINT16 * handles)933 UINT8 l2c_link_pkts_rcvd (UINT16 *num_pkts, UINT16 *handles)
934 {
935     UINT8       num_found = 0;
936 
937 #if (L2CAP_HOST_FLOW_CTRL == TRUE)
938 
939     int         xx;
940     tL2C_LCB    *p_lcb = &l2cb.lcb_pool[0];
941 
942     for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++)
943     {
944         if ((p_lcb->in_use) && (p_lcb->link_pkts_unacked))
945         {
946             num_pkts[num_found] = p_lcb->link_pkts_unacked;
947             handles[num_found]  = p_lcb->handle;
948             p_lcb->link_pkts_unacked = 0;
949             num_found++;
950         }
951     }
952 
953 #endif
954 
955     return (num_found);
956 }
957 
958 /*******************************************************************************
959 **
960 ** Function         l2c_link_role_changed
961 **
962 ** Description      This function is called whan a link's master/slave role change
963 **                  event is received. It simply updates the link control block.
964 **
965 ** Returns          void
966 **
967 *******************************************************************************/
l2c_link_role_changed(BD_ADDR bd_addr,UINT8 new_role,UINT8 hci_status)968 void l2c_link_role_changed (BD_ADDR bd_addr, UINT8 new_role, UINT8 hci_status)
969 {
970     tL2C_LCB *p_lcb;
971     int      xx;
972 
973     /* Make sure not called from HCI Command Status (bd_addr and new_role are invalid) */
974     if (bd_addr)
975     {
976         /* If here came form hci role change event */
977         p_lcb = l2cu_find_lcb_by_bd_addr (bd_addr);
978         if (p_lcb)
979         {
980             p_lcb->link_role = new_role;
981 
982             /* Reset high priority link if needed */
983             if (hci_status == HCI_SUCCESS)
984                 l2cu_set_acl_priority(bd_addr, p_lcb->acl_priority, TRUE);
985         }
986     }
987 
988     /* Check if any LCB was waiting for switch to be completed */
989     for (xx = 0, p_lcb = &l2cb.lcb_pool[0]; xx < MAX_L2CAP_LINKS; xx++, p_lcb++)
990     {
991         if ((p_lcb->in_use) && (p_lcb->link_state == LST_CONNECTING_WAIT_SWITCH))
992         {
993             l2cu_create_conn_after_switch (p_lcb);
994         }
995     }
996 }
997 
998 /*******************************************************************************
999 **
1000 ** Function         l2c_pin_code_request
1001 **
1002 ** Description      This function is called whan a pin-code request is received
1003 **                  on a connection. If there are no channels active yet on the
1004 **                  link, it extends the link first connection timer.  Make sure
1005 **                  that inactivity timer is not extended if PIN code happens
1006 **                  to be after last ccb released.
1007 **
1008 ** Returns          void
1009 **
1010 *******************************************************************************/
l2c_pin_code_request(BD_ADDR bd_addr)1011 void l2c_pin_code_request (BD_ADDR bd_addr)
1012 {
1013     tL2C_LCB *p_lcb = l2cu_find_lcb_by_bd_addr (bd_addr);
1014 
1015     if ( (p_lcb) && (!p_lcb->ccb_queue.p_first_ccb) )
1016     {
1017         btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, L2CAP_LINK_CONNECT_TOUT_EXT);
1018     }
1019 }
1020 
1021 #if ((BTM_PWR_MGR_INCLUDED == TRUE) && L2CAP_WAKE_PARKED_LINK == TRUE)
1022 /*******************************************************************************
1023 **
1024 ** Function         l2c_link_check_power_mode
1025 **
1026 ** Description      This function is called to check power mode.
1027 **
1028 ** Returns          TRUE if link is going to be active from park
1029 **                  FALSE if nothing to send or not in park mode
1030 **
1031 *******************************************************************************/
l2c_link_check_power_mode(tL2C_LCB * p_lcb)1032 BOOLEAN l2c_link_check_power_mode (tL2C_LCB *p_lcb)
1033 {
1034     tBTM_PM_MODE     mode;
1035     tL2C_CCB    *p_ccb;
1036     BOOLEAN need_to_active = FALSE;
1037 
1038     /*
1039      * We only switch park to active only if we have unsent packets
1040      */
1041     if ( p_lcb->link_xmit_data_q.count == 0 )
1042     {
1043         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb)
1044         {
1045             if (p_ccb->xmit_hold_q.count != 0)
1046             {
1047                 need_to_active = TRUE;
1048                 break;
1049             }
1050         }
1051     }
1052     else
1053         need_to_active = TRUE;
1054 
1055     /* if we have packets to send */
1056     if ( need_to_active )
1057     {
1058         /* check power mode */
1059         if (BTM_ReadPowerMode(p_lcb->remote_bd_addr, &mode) == BTM_SUCCESS)
1060         {
1061             if ( mode == BTM_PM_STS_PENDING )
1062             {
1063                 L2CAP_TRACE_DEBUG1 ("LCB(0x%x) is in PM pending state", p_lcb->handle);
1064 
1065                 return TRUE;
1066             }
1067         }
1068     }
1069     return FALSE;
1070 }
1071 #endif /* ((BTM_PWR_MGR_INCLUDED == TRUE) && L2CAP_WAKE_PARKED_LINK == TRUE) */
1072 
1073 /*******************************************************************************
1074 **
1075 ** Function         l2c_link_check_send_pkts
1076 **
1077 ** Description      This function is called to check if it can send packets
1078 **                  to the Host Controller. It may be passed the address of
1079 **                  a packet to send.
1080 **
1081 ** Returns          void
1082 **
1083 *******************************************************************************/
l2c_link_check_send_pkts(tL2C_LCB * p_lcb,tL2C_CCB * p_ccb,BT_HDR * p_buf)1084 void l2c_link_check_send_pkts (tL2C_LCB *p_lcb, tL2C_CCB *p_ccb, BT_HDR *p_buf)
1085 {
1086     int         xx;
1087     BOOLEAN     single_write = FALSE;
1088 
1089     /* Save the channel ID for faster counting */
1090     if (p_buf)
1091     {
1092         if (p_ccb != NULL)
1093         {
1094             p_buf->event = p_ccb->local_cid;
1095             single_write = TRUE;
1096         }
1097         else
1098             p_buf->event = 0;
1099 
1100         p_buf->layer_specific = 0;
1101         GKI_enqueue (&p_lcb->link_xmit_data_q, p_buf);
1102 
1103         if (p_lcb->link_xmit_quota == 0)
1104             l2cb.check_round_robin = TRUE;
1105     }
1106 
1107     /* If this is called from uncongested callback context break recursive calling.
1108     ** This LCB will be served when receiving number of completed packet event.
1109     */
1110     if (l2cb.is_cong_cback_context)
1111         return;
1112 
1113     /* If we are in a scenario where there are not enough buffers for each link to
1114     ** have at least 1, then do a round-robin for all the LCBs
1115     */
1116     if ( (p_lcb == NULL) || (p_lcb->link_xmit_quota == 0) )
1117     {
1118         if (p_lcb == NULL)
1119             p_lcb = l2cb.lcb_pool;
1120         else if (!single_write)
1121             p_lcb++;
1122 
1123         /* Loop through, starting at the next */
1124         for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++)
1125         {
1126             /* If controller window is full, nothing to do */
1127             if ( (l2cb.controller_xmit_window == 0
1128 #if (BLE_INCLUDED == TRUE)
1129                   && !p_lcb->is_ble_link
1130 #endif
1131                 )
1132 #if (BLE_INCLUDED == TRUE)
1133                 || (p_lcb->is_ble_link && l2cb.controller_le_xmit_window == 0 )
1134 #endif
1135               || (l2cb.round_robin_unacked >= l2cb.round_robin_quota) )
1136                 break;
1137 
1138             /* Check for wraparound */
1139             if (p_lcb == &l2cb.lcb_pool[MAX_L2CAP_LINKS])
1140                 p_lcb = &l2cb.lcb_pool[0];
1141 
1142             if ( (!p_lcb->in_use)
1143                || (p_lcb->partial_segment_being_sent)
1144                || (p_lcb->link_state != LST_CONNECTED)
1145                || (p_lcb->link_xmit_quota != 0)
1146                || (L2C_LINK_CHECK_POWER_MODE (p_lcb)) )
1147                 continue;
1148 
1149             /* See if we can send anything from the Link Queue */
1150             if ((p_buf = (BT_HDR *)GKI_dequeue (&p_lcb->link_xmit_data_q)) != NULL)
1151             {
1152                 l2c_link_send_to_lower (p_lcb, p_buf);
1153             }
1154             else if (single_write)
1155             {
1156                 /* If only doing one write, break out */
1157                 break;
1158             }
1159             /* If nothing on the link queue, check the channel queue */
1160             else if ((p_buf = l2cu_get_next_buffer_to_send (p_lcb)) != NULL)
1161             {
1162                 l2c_link_send_to_lower (p_lcb, p_buf);
1163             }
1164         }
1165 
1166         /* If we finished without using up our quota, no need for a safety check */
1167 #if (BLE_INCLUDED == TRUE)
1168         if ( ((l2cb.controller_xmit_window > 0 && !p_lcb->is_ble_link) ||
1169              (l2cb.controller_le_xmit_window > 0 && p_lcb->is_ble_link))
1170           && (l2cb.round_robin_unacked < l2cb.round_robin_quota) )
1171 #else
1172         if ( (l2cb.controller_xmit_window > 0)
1173           && (l2cb.round_robin_unacked < l2cb.round_robin_quota) )
1174 
1175 #endif
1176             l2cb.check_round_robin = FALSE;
1177     }
1178     else /* if this is not round-robin service */
1179     {
1180         /* If a partial segment is being sent, can't send anything else */
1181         if ( (p_lcb->partial_segment_being_sent)
1182           || (p_lcb->link_state != LST_CONNECTED)
1183           || (L2C_LINK_CHECK_POWER_MODE (p_lcb)) )
1184             return;
1185 
1186         /* See if we can send anything from the link queue */
1187 #if (BLE_INCLUDED == TRUE)
1188         while ( ((l2cb.controller_xmit_window != 0 && !p_lcb->is_ble_link) ||
1189                  (l2cb.controller_le_xmit_window != 0 && p_lcb->is_ble_link))
1190              && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota))
1191 #else
1192         while ( (l2cb.controller_xmit_window != 0)
1193              && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota))
1194 #endif
1195         {
1196             if ((p_buf = (BT_HDR *)GKI_dequeue (&p_lcb->link_xmit_data_q)) == NULL)
1197                 break;
1198 
1199             if (!l2c_link_send_to_lower (p_lcb, p_buf))
1200                 break;
1201         }
1202 
1203         if (!single_write)
1204         {
1205             /* See if we can send anything for any channel */
1206 #if (BLE_INCLUDED == TRUE)
1207             while ( ((l2cb.controller_xmit_window != 0 && !p_lcb->is_ble_link) ||
1208                     (l2cb.controller_le_xmit_window != 0 && p_lcb->is_ble_link))
1209                     && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota))
1210 #else
1211             while ((l2cb.controller_xmit_window != 0) && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota))
1212 #endif
1213             {
1214                 if ((p_buf = l2cu_get_next_buffer_to_send (p_lcb)) == NULL)
1215                     break;
1216 
1217                 if (!l2c_link_send_to_lower (p_lcb, p_buf))
1218                     break;
1219             }
1220         }
1221 
1222         /* There is a special case where we have readjusted the link quotas and  */
1223         /* this link may have sent anything but some other link sent packets so  */
1224         /* so we may need a timer to kick off this link's transmissions.         */
1225         if ( (p_lcb->link_xmit_data_q.count) && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota) )
1226             btu_start_timer (&p_lcb->timer_entry, BTU_TTYPE_L2CAP_LINK, L2CAP_LINK_FLOW_CONTROL_TOUT);
1227     }
1228 
1229 }
1230 
1231 /*******************************************************************************
1232 **
1233 ** Function         l2c_link_send_to_lower
1234 **
1235 ** Description      This function queues the buffer for HCI transmission
1236 **
1237 ** Returns          TRUE for success, FALSE for fail
1238 **
1239 *******************************************************************************/
l2c_link_send_to_lower(tL2C_LCB * p_lcb,BT_HDR * p_buf)1240 static BOOLEAN l2c_link_send_to_lower (tL2C_LCB *p_lcb, BT_HDR *p_buf)
1241 {
1242     UINT16      num_segs;
1243     UINT16      xmit_window, acl_data_size;
1244 
1245 #if (BLE_INCLUDED == TRUE)
1246     if ((!p_lcb->is_ble_link && (p_buf->len <= btu_cb.hcit_acl_pkt_size)) ||
1247         (p_lcb->is_ble_link && (p_buf->len <= btu_cb.hcit_ble_acl_pkt_size)))
1248 #else
1249     if (p_buf->len <= btu_cb.hcit_acl_pkt_size)
1250 #endif
1251     {
1252         if (p_lcb->link_xmit_quota == 0)
1253             l2cb.round_robin_unacked++;
1254 
1255         p_lcb->sent_not_acked++;
1256         p_buf->layer_specific = 0;
1257 
1258 #if (BLE_INCLUDED == TRUE)
1259         if (p_lcb->is_ble_link)
1260         {
1261             l2cb.controller_le_xmit_window--;
1262             L2C_LINK_SEND_BLE_ACL_DATA (p_buf);
1263         }
1264         else
1265 #endif
1266         {
1267             l2cb.controller_xmit_window--;
1268             L2C_LINK_SEND_ACL_DATA (p_buf);
1269         }
1270     }
1271     else
1272     {
1273 #if BLE_INCLUDED == TRUE
1274         if (p_lcb->is_ble_link)
1275         {
1276             acl_data_size = btu_cb.hcit_ble_acl_data_size;
1277             xmit_window = l2cb.controller_le_xmit_window;
1278 
1279         }
1280         else
1281 #endif
1282         {
1283             acl_data_size = btu_cb.hcit_acl_data_size;
1284             xmit_window = l2cb.controller_xmit_window;
1285         }
1286         num_segs = (p_buf->len - HCI_DATA_PREAMBLE_SIZE + acl_data_size - 1) / acl_data_size;
1287 
1288 
1289         /* If doing round-robin, then only 1 segment each time */
1290         if (p_lcb->link_xmit_quota == 0)
1291         {
1292             num_segs = 1;
1293             p_lcb->partial_segment_being_sent = TRUE;
1294         }
1295         else
1296         {
1297             /* Multi-segment packet. Make sure it can fit */
1298             if (num_segs > xmit_window)
1299             {
1300                 num_segs = xmit_window;
1301                 p_lcb->partial_segment_being_sent = TRUE;
1302             }
1303 
1304             if (num_segs > (p_lcb->link_xmit_quota - p_lcb->sent_not_acked))
1305             {
1306                 num_segs = (p_lcb->link_xmit_quota - p_lcb->sent_not_acked);
1307                 p_lcb->partial_segment_being_sent = TRUE;
1308             }
1309         }
1310 
1311         p_buf->layer_specific        = num_segs;
1312 #if BLE_INCLUDED == TRUE
1313         if (p_lcb->is_ble_link)
1314         {
1315             l2cb.controller_le_xmit_window -= num_segs;
1316 
1317         }
1318         else
1319 #endif
1320         l2cb.controller_xmit_window -= num_segs;
1321 
1322         if (p_lcb->link_xmit_quota == 0)
1323             l2cb.round_robin_unacked += num_segs;
1324 
1325         p_lcb->sent_not_acked += num_segs;
1326 #if BLE_INCLUDED == TRUE
1327         if (p_lcb->is_ble_link)
1328         {
1329             L2C_LINK_SEND_BLE_ACL_DATA(p_buf);
1330         }
1331         else
1332 #endif
1333         {
1334             L2C_LINK_SEND_ACL_DATA (p_buf);
1335         }
1336     }
1337 
1338 #if (L2CAP_HCI_FLOW_CONTROL_DEBUG == TRUE)
1339 #if (BLE_INCLUDED == TRUE)
1340     if (p_lcb->is_ble_link)
1341     {
1342         L2CAP_TRACE_DEBUG6 ("TotalWin=%d,Hndl=0x%x,Quota=%d,Unack=%d,RRQuota=%d,RRUnack=%d",
1343                 l2cb.controller_le_xmit_window,
1344                 p_lcb->handle,
1345                 p_lcb->link_xmit_quota, p_lcb->sent_not_acked,
1346                 l2cb.round_robin_quota, l2cb.round_robin_unacked);
1347     }
1348     else
1349 #endif
1350     {
1351         L2CAP_TRACE_DEBUG6 ("TotalWin=%d,Hndl=0x%x,Quota=%d,Unack=%d,RRQuota=%d,RRUnack=%d",
1352                 l2cb.controller_xmit_window,
1353                 p_lcb->handle,
1354                 p_lcb->link_xmit_quota, p_lcb->sent_not_acked,
1355                 l2cb.round_robin_quota, l2cb.round_robin_unacked);
1356     }
1357 #endif
1358 
1359     return TRUE;
1360 }
1361 
1362 /*******************************************************************************
1363 **
1364 ** Function         l2c_link_process_num_completed_pkts
1365 **
1366 ** Description      This function is called when a "number-of-completed-packets"
1367 **                  event is received from the controller. It updates all the
1368 **                  LCB transmit counts.
1369 **
1370 ** Returns          void
1371 **
1372 *******************************************************************************/
l2c_link_process_num_completed_pkts(UINT8 * p)1373 void l2c_link_process_num_completed_pkts (UINT8 *p)
1374 {
1375     UINT8       num_handles, xx;
1376     UINT16      handle;
1377     UINT16      num_sent;
1378     tL2C_LCB    *p_lcb;
1379 
1380     STREAM_TO_UINT8 (num_handles, p);
1381 
1382     for (xx = 0; xx < num_handles; xx++)
1383     {
1384         STREAM_TO_UINT16 (handle, p);
1385         STREAM_TO_UINT16 (num_sent, p);
1386 
1387         p_lcb = l2cu_find_lcb_by_handle (handle);
1388 
1389         /* Callback for number of completed packet event    */
1390         /* Originally designed for [3DSG]                   */
1391         if((p_lcb != NULL) && (p_lcb->p_nocp_cb))
1392         {
1393             L2CAP_TRACE_DEBUG0 ("L2CAP - calling NoCP callback");
1394             (*p_lcb->p_nocp_cb)(p_lcb->remote_bd_addr);
1395         }
1396 
1397         if (p_lcb)
1398         {
1399 #if (BLE_INCLUDED == TRUE)
1400             if (p_lcb->is_ble_link)
1401             {
1402                 l2cb.controller_le_xmit_window += num_sent;
1403             }
1404             else
1405 #endif
1406             {
1407                 /* Maintain the total window to the controller */
1408                 l2cb.controller_xmit_window += num_sent;
1409             }
1410             /* If doing round-robin, adjust communal counts */
1411             if (p_lcb->link_xmit_quota == 0)
1412             {
1413                 /* Don't go negative */
1414                 if (l2cb.round_robin_unacked > num_sent)
1415                     l2cb.round_robin_unacked -= num_sent;
1416                 else
1417                     l2cb.round_robin_unacked = 0;
1418             }
1419 
1420             /* Don't go negative */
1421             if (p_lcb->sent_not_acked > num_sent)
1422                 p_lcb->sent_not_acked -= num_sent;
1423             else
1424                 p_lcb->sent_not_acked = 0;
1425 
1426             l2c_link_check_send_pkts (p_lcb, NULL, NULL);
1427 
1428             /* If we were doing round-robin for low priority links, check 'em */
1429             if ( (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
1430               && (l2cb.check_round_robin)
1431               && (l2cb.round_robin_unacked < l2cb.round_robin_quota) )
1432             {
1433               l2c_link_check_send_pkts (NULL, NULL, NULL);
1434             }
1435         }
1436 
1437 #if (L2CAP_HCI_FLOW_CONTROL_DEBUG == TRUE)
1438         if (p_lcb)
1439         {
1440 #if (BLE_INCLUDED == TRUE)
1441             if (p_lcb->is_ble_link)
1442             {
1443                 L2CAP_TRACE_DEBUG5 ("TotalWin=%d,LinkUnack(0x%x)=%d,RRCheck=%d,RRUnack=%d",
1444                     l2cb.controller_le_xmit_window,
1445                     p_lcb->handle, p_lcb->sent_not_acked,
1446                     l2cb.check_round_robin, l2cb.round_robin_unacked);
1447             }
1448             else
1449 #endif
1450             {
1451                 L2CAP_TRACE_DEBUG5 ("TotalWin=%d,LinkUnack(0x%x)=%d,RRCheck=%d,RRUnack=%d",
1452                     l2cb.controller_xmit_window,
1453                     p_lcb->handle, p_lcb->sent_not_acked,
1454                     l2cb.check_round_robin, l2cb.round_robin_unacked);
1455 
1456             }
1457         }
1458         else
1459         {
1460 #if (BLE_INCLUDED == TRUE)
1461             L2CAP_TRACE_DEBUG5 ("TotalWin=%d  LE_Win: %d, Handle=0x%x, RRCheck=%d, RRUnack=%d",
1462                 l2cb.controller_xmit_window,
1463                 l2cb.controller_le_xmit_window,
1464                 handle,
1465                 l2cb.check_round_robin, l2cb.round_robin_unacked);
1466 #else
1467             L2CAP_TRACE_DEBUG4 ("TotalWin=%d  Handle=0x%x  RRCheck=%d  RRUnack=%d",
1468                 l2cb.controller_xmit_window,
1469                 handle,
1470                 l2cb.check_round_robin, l2cb.round_robin_unacked);
1471 #endif
1472         }
1473 #endif
1474     }
1475 
1476 #if (defined(HCILP_INCLUDED) && HCILP_INCLUDED == TRUE)
1477     /* only full stack can enable sleep mode */
1478     btu_check_bt_sleep ();
1479 #endif
1480 }
1481 
1482 /*******************************************************************************
1483 **
1484 ** Function         l2cap_link_chk_pkt_start
1485 **
1486 ** Description      This function is called from the HCI transport when the first
1487 **                  4 bytes of an HCI ACL packet have been received. It checks if the
1488 **                  packet is the next segment of a fragmented L2CAP message. If it
1489 **                  is, and the length is OK, it returns the address of the
1490 **                  starting L2CAP message segment buffer.
1491 **
1492 ** Returns          the address of the receive buffer HCIT should use
1493 **                  (CR419: Modified to return NULL in case of error.)
1494 **
1495 ** NOTE             This assumes that the L2CAP MTU size is less than the size
1496 **                  of an HCI ACL buffer, so the maximum L2CAP message will fit
1497 **                  into one buffer.
1498 **
1499 *******************************************************************************/
l2cap_link_chk_pkt_start(BT_HDR * p_cur_buf)1500 BT_HDR *l2cap_link_chk_pkt_start (BT_HDR *p_cur_buf)
1501 {
1502     UINT8       *p;
1503     UINT16      handle;
1504     UINT16      hci_len;
1505     UINT16      pkt_type;
1506     tL2C_LCB    *p_lcb;
1507     BT_HDR *	p_return_buf;       /* CR419: To avoid returning from too many places */
1508 
1509 
1510     if (p_cur_buf)
1511     {
1512         p = (UINT8 *)(p_cur_buf + 1) + p_cur_buf->offset;
1513     }
1514     else
1515     {
1516         return (NULL);
1517     }
1518 
1519     /* L2CAP expects all rcvd packets to have a layer-specific value of 0 */
1520     p_cur_buf->layer_specific = 0;
1521 
1522     STREAM_TO_UINT16 (handle, p);
1523     STREAM_TO_UINT16 (hci_len, p);
1524 
1525     pkt_type = HCID_GET_EVENT (handle);
1526     handle   = HCID_GET_HANDLE (handle);
1527 
1528     l2cb.p_cur_hcit_lcb = NULL;
1529 
1530     /* Find the link that is associated with this handle */
1531     p_lcb = l2cu_find_lcb_by_handle (handle);
1532 
1533     /* If no link for this handle, nothing to do. */
1534     if (!p_lcb)
1535         return (p_cur_buf) ;
1536 
1537     if (pkt_type == L2CAP_PKT_START)            /*** START PACKET ***/
1538     {
1539         /* Start of packet. If we were in the middle of receiving */
1540         /* a packet, it is incomplete. Drop it.                   */
1541         if (p_lcb->p_hcit_rcv_acl)
1542         {
1543             L2CAP_TRACE_WARNING0 ("L2CAP - dropping incomplete pkt");
1544             GKI_freebuf (p_lcb->p_hcit_rcv_acl);
1545             p_lcb->p_hcit_rcv_acl = NULL;
1546         }
1547 
1548         /* Save the active buffer address in the LCB  */
1549         if ((p_return_buf = p_cur_buf) != NULL)
1550         {
1551             p_lcb->p_hcit_rcv_acl = p_return_buf;
1552             l2cb.p_cur_hcit_lcb   = p_lcb;
1553         }
1554     }
1555     else                                        /*** CONTINUATION PACKET ***/
1556     {
1557         /* Packet continuation. Check if we were expecting it */
1558         if (p_lcb->p_hcit_rcv_acl)
1559         {
1560             UINT16  total_len;
1561             BT_HDR  *p_base_buf = p_lcb->p_hcit_rcv_acl;
1562             UINT8   *p_f        = (UINT8 *)(p_base_buf + 1) + p_base_buf->offset + 2;
1563 
1564             STREAM_TO_UINT16 (total_len, p_f);
1565 
1566             /* We were expecting the CONTINUATION packet. If length fits, it can go in the  */
1567             /* current buffer.                                                              */
1568             if ((total_len + hci_len) <= (L2CAP_MTU_SIZE + HCI_DATA_PREAMBLE_SIZE))
1569             {
1570                 /* GKI_freebuf (p_cur_buf); CR419:Do not free it yet */
1571                 p_return_buf        = p_lcb->p_hcit_rcv_acl;	/* CR419: return base buffer */
1572                 l2cb.p_cur_hcit_lcb = p_lcb;
1573 
1574                 if ((p_cur_buf->len > HCI_DATA_PREAMBLE_SIZE))
1575                 {
1576                     UINT8 *	p		= (UINT8 *)(p_cur_buf + 1)
1577                                                 + p_cur_buf->offset
1578                                                 + HCI_DATA_PREAMBLE_SIZE;
1579                     UINT8 *	p1		= (UINT8 *)(p_return_buf + 1)
1580                                                 + p_return_buf->offset
1581                                                 + p_return_buf->len;
1582 
1583                     /* Copy data from new buffer into base buffer then update the data  */
1584                     /* count in the base buffer accordingly.                            */
1585                     memcpy (p1, p, p_cur_buf->len - HCI_DATA_PREAMBLE_SIZE);
1586                     p_return_buf->len   += (p_cur_buf->len - HCI_DATA_PREAMBLE_SIZE);
1587                 }
1588 
1589                 GKI_freebuf (p_cur_buf);
1590                 p_cur_buf = NULL;
1591 
1592                 /* Update HCI header of first segment (base buffer) with new length */
1593                 total_len += hci_len;
1594                 p_f        = (UINT8 *)(p_base_buf + 1) + p_base_buf->offset + 2;
1595                 UINT16_TO_STREAM (p_f, total_len);
1596             }
1597             else
1598             {
1599                 /* Packet too long. Drop the base packet */
1600                 L2CAP_TRACE_WARNING3 ("L2CAP - dropping too long pkt BufLen: %d  total_len: %d  hci_len: %d",
1601                                       p_lcb->p_hcit_rcv_acl->len, total_len, hci_len);
1602 
1603                 GKI_freebuf (p_lcb->p_hcit_rcv_acl);
1604                 p_lcb->p_hcit_rcv_acl = NULL;
1605                 p_return_buf          = NULL ; /* Can't hold onto it any more */
1606             }
1607         }
1608         else                                    /*** NEITHER START OR CONTINUATION PACKET ***/
1609         {
1610             p_return_buf = NULL ;
1611         }
1612     }
1613 
1614     if (p_return_buf == NULL)                   /* if error is indicated..  */
1615     {
1616         if (p_cur_buf != NULL)                  /* ..drop input buffer      */
1617             GKI_freebuf(p_cur_buf);             /*     (if present)         */
1618     }
1619 
1620     return (p_return_buf);
1621 }
1622 
1623 /*******************************************************************************
1624 **
1625 ** Function         l2cap_link_chk_pkt_end
1626 **
1627 ** Description      This function is called from the HCI transport when the last
1628 **                  byte of an HCI ACL packet has been received. It checks if the
1629 **                  L2CAP message is complete, i.e. no more continuation packets
1630 **                  are expected.
1631 **
1632 ** Returns          TRUE if message complete, FALSE if continuation expected
1633 **
1634 *******************************************************************************/
l2cap_link_chk_pkt_end(void)1635 BOOLEAN l2cap_link_chk_pkt_end (void)
1636 {
1637     UINT8       *p;
1638     BT_HDR      *p_buf;
1639     UINT16      l2cap_len;
1640     tL2C_LCB    *p_lcb;
1641 
1642     /* If link or buffer pointer not set up, let main line handle it */
1643     if (((p_lcb = l2cb.p_cur_hcit_lcb) == NULL) || ((p_buf = p_lcb->p_hcit_rcv_acl) == NULL))
1644         return (TRUE);
1645 
1646     /* Point to the L2CAP length */
1647     p = (UINT8 *)(p_buf + 1) + p_buf->offset + HCI_DATA_PREAMBLE_SIZE;
1648 
1649     STREAM_TO_UINT16 (l2cap_len, p);
1650 
1651     /* If the L2CAP length has not been reached, tell HCIT not to send this buffer to BTU */
1652     if (l2cap_len > (p_buf->len - (HCI_DATA_PREAMBLE_SIZE + L2CAP_PKT_OVERHEAD)))
1653     {
1654         return (FALSE);
1655     }
1656     else
1657     {
1658         p_lcb->p_hcit_rcv_acl = NULL;
1659         return (TRUE);
1660     }
1661 }
1662 
1663 
1664 /*******************************************************************************
1665 **
1666 ** Function         l2c_link_segments_xmitted
1667 **
1668 ** Description      This function is called from the HCI Interface when an ACL
1669 **                  data packet segment is transmitted.
1670 **
1671 ** Returns          void
1672 **
1673 *******************************************************************************/
l2c_link_segments_xmitted(BT_HDR * p_msg)1674 void l2c_link_segments_xmitted (BT_HDR *p_msg)
1675 {
1676     UINT8       *p = (UINT8 *)(p_msg + 1) + p_msg->offset;
1677     UINT16      handle;
1678     tL2C_LCB    *p_lcb;
1679 
1680     /* Extract the handle */
1681     STREAM_TO_UINT16 (handle, p);
1682     handle   = HCID_GET_HANDLE (handle);
1683 
1684     /* Find the LCB based on the handle */
1685     if ((p_lcb = l2cu_find_lcb_by_handle (handle)) == NULL)
1686     {
1687         L2CAP_TRACE_WARNING1 ("L2CAP - rcvd segment complete, unknown handle: %d", handle);
1688         GKI_freebuf (p_msg);
1689         return;
1690     }
1691 
1692     if (p_lcb->link_state == LST_CONNECTED)
1693     {
1694         /* Enqueue the buffer to the head of the transmit queue, and see */
1695         /* if we can transmit anything more.                             */
1696         GKI_enqueue_head (&p_lcb->link_xmit_data_q, p_msg);
1697 
1698         p_lcb->partial_segment_being_sent = FALSE;
1699 
1700         l2c_link_check_send_pkts (p_lcb, NULL, NULL);
1701     }
1702     else
1703         GKI_freebuf (p_msg);
1704 }
1705