1 /******************************************************************************
2 *
3 * Copyright (C) 2009-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * Filename: hci_h4.c
22 *
23 * Description: Contains HCI transport send/receive functions
24 *
25 ******************************************************************************/
26
27 #define LOG_TAG "bt_h4"
28
29 #include <utils/Log.h>
30 #include <stdlib.h>
31 #include <fcntl.h>
32
33 #include "bt_hci_bdroid.h"
34 #include "btsnoop.h"
35 #include "hci.h"
36 #include "userial.h"
37 #include "utils.h"
38
39 /******************************************************************************
40 ** Constants & Macros
41 ******************************************************************************/
42
43 #ifndef HCI_DBG
44 #define HCI_DBG FALSE
45 #endif
46
47 #if (HCI_DBG == TRUE)
48 #define HCIDBG(param, ...) {LOGD(param, ## __VA_ARGS__);}
49 #else
50 #define HCIDBG(param, ...) {}
51 #endif
52
53 /* Preamble length for HCI Commands:
54 ** 2-bytes for opcode and 1 byte for length
55 */
56 #define HCI_CMD_PREAMBLE_SIZE 3
57
58 /* Preamble length for HCI Events:
59 ** 1-byte for opcode and 1 byte for length
60 */
61 #define HCI_EVT_PREAMBLE_SIZE 2
62
63 /* Preamble length for SCO Data:
64 ** 2-byte for Handle and 1 byte for length
65 */
66 #define HCI_SCO_PREAMBLE_SIZE 3
67
68 /* Preamble length for ACL Data:
69 ** 2-byte for Handle and 2 byte for length
70 */
71 #define HCI_ACL_PREAMBLE_SIZE 4
72
73 /* Table of HCI preamble sizes for the different HCI message types */
74 static const uint8_t hci_preamble_table[] =
75 {
76 HCI_CMD_PREAMBLE_SIZE,
77 HCI_ACL_PREAMBLE_SIZE,
78 HCI_SCO_PREAMBLE_SIZE,
79 HCI_EVT_PREAMBLE_SIZE
80 };
81
82 /* HCI H4 message type definitions */
83 #define H4_TYPE_COMMAND 1
84 #define H4_TYPE_ACL_DATA 2
85 #define H4_TYPE_SCO_DATA 3
86 #define H4_TYPE_EVENT 4
87
88 static const uint16_t msg_evt_table[] =
89 {
90 MSG_HC_TO_STACK_HCI_ERR, /* H4_TYPE_COMMAND */
91 MSG_HC_TO_STACK_HCI_ACL, /* H4_TYPE_ACL_DATA */
92 MSG_HC_TO_STACK_HCI_SCO, /* H4_TYPE_SCO_DATA */
93 MSG_HC_TO_STACK_HCI_EVT /* H4_TYPE_EVENT */
94 };
95
96 #define ACL_RX_PKT_START 2
97 #define ACL_RX_PKT_CONTINUE 1
98 #define L2CAP_HEADER_SIZE 4
99
100 /* Maximum numbers of allowed internal
101 ** outstanding command packets at any time
102 */
103 #define INT_CMD_PKT_MAX_COUNT 8
104 #define INT_CMD_PKT_IDX_MASK 0x07
105
106 #define HCI_COMMAND_COMPLETE_EVT 0x0E
107 #define HCI_COMMAND_STATUS_EVT 0x0F
108 #define HCI_READ_BUFFER_SIZE 0x1005
109 #define HCI_LE_READ_BUFFER_SIZE 0x2002
110
111 /******************************************************************************
112 ** Local type definitions
113 ******************************************************************************/
114
115 /* H4 Rx States */
116 typedef enum {
117 H4_RX_MSGTYPE_ST,
118 H4_RX_LEN_ST,
119 H4_RX_DATA_ST,
120 H4_RX_IGNORE_ST
121 } tHCI_H4_RCV_STATE;
122
123 /* Callback function for the returned event of internal issued command */
124 typedef void (*tINT_CMD_CBACK)(void *p_mem);
125
126 typedef struct
127 {
128 uint16_t opcode; /* OPCODE of outstanding internal commands */
129 tINT_CMD_CBACK cback; /* Callback function when return of internal
130 * command is received */
131 } tINT_CMD_Q;
132
133 /* Control block for HCISU_H4 */
134 typedef struct
135 {
136 HC_BT_HDR *p_rcv_msg; /* Buffer to hold current rx HCI message */
137 uint16_t rcv_len; /* Size of current incoming message */
138 uint8_t rcv_msg_type; /* Current incoming message type */
139 tHCI_H4_RCV_STATE rcv_state; /* Receive state of current rx message */
140 uint16_t hc_acl_data_size; /* Controller's max ACL data length */
141 uint16_t hc_ble_acl_data_size; /* Controller's max BLE ACL data length */
142 BUFFER_Q acl_rx_q; /* Queue of base buffers for fragmented ACL pkts */
143 uint8_t preload_count; /* Count numbers of preload bytes */
144 uint8_t preload_buffer[6]; /* HCI_ACL_PREAMBLE_SIZE + 2 */
145 int int_cmd_rsp_pending; /* Num of internal cmds pending for ack */
146 uint8_t int_cmd_rd_idx; /* Read index of int_cmd_opcode queue */
147 uint8_t int_cmd_wrt_idx; /* Write index of int_cmd_opcode queue */
148 tINT_CMD_Q int_cmd[INT_CMD_PKT_MAX_COUNT]; /* FIFO queue */
149 } tHCI_H4_CB;
150
151 /******************************************************************************
152 ** Externs
153 ******************************************************************************/
154
155 uint8_t hci_h4_send_int_cmd(uint16_t opcode, HC_BT_HDR *p_buf, \
156 tINT_CMD_CBACK p_cback);
157 void lpm_wake_assert(void);
158 void lpm_tx_done(uint8_t is_tx_done);
159
160 /******************************************************************************
161 ** Variables
162 ******************************************************************************/
163
164 /* Num of allowed outstanding HCI CMD packets */
165 volatile int num_hci_cmd_pkts = 1;
166
167 /******************************************************************************
168 ** Static variables
169 ******************************************************************************/
170
171 static tHCI_H4_CB h4_cb;
172
173 /******************************************************************************
174 ** Static functions
175 ******************************************************************************/
176
177 /*******************************************************************************
178 **
179 ** Function get_acl_data_length_cback
180 **
181 ** Description Callback function for HCI_READ_BUFFER_SIZE and
182 ** HCI_LE_READ_BUFFER_SIZE commands if they were sent because
183 ** of internal request.
184 **
185 ** Returns None
186 **
187 *******************************************************************************/
get_acl_data_length_cback(void * p_mem)188 void get_acl_data_length_cback(void *p_mem)
189 {
190 uint8_t *p, status;
191 uint16_t opcode, len=0;
192 HC_BT_HDR *p_buf = (HC_BT_HDR *) p_mem;
193
194 p = (uint8_t *)(p_buf + 1) + 3;
195 STREAM_TO_UINT16(opcode, p)
196 status = *p++;
197 if (status == 0) /* Success */
198 STREAM_TO_UINT16(len, p)
199
200 if (opcode == HCI_READ_BUFFER_SIZE)
201 {
202 if (status == 0)
203 h4_cb.hc_acl_data_size = len;
204
205 /* reuse the rx buffer for sending HCI_LE_READ_BUFFER_SIZE command */
206 p_buf->event = MSG_STACK_TO_HC_HCI_CMD;
207 p_buf->offset = 0;
208 p_buf->layer_specific = 0;
209 p_buf->len = 3;
210
211 p = (uint8_t *) (p_buf + 1);
212 UINT16_TO_STREAM(p, HCI_LE_READ_BUFFER_SIZE);
213 *p = 0;
214
215 if ((status = hci_h4_send_int_cmd(HCI_LE_READ_BUFFER_SIZE, p_buf, \
216 get_acl_data_length_cback)) == FALSE)
217 {
218 bt_hc_cbacks->dealloc(p_buf);
219 bt_hc_cbacks->postload_cb(NULL, BT_HC_POSTLOAD_SUCCESS);
220 }
221 }
222 else if (opcode == HCI_LE_READ_BUFFER_SIZE)
223 {
224 if (status == 0)
225 h4_cb.hc_ble_acl_data_size = (len) ? len : h4_cb.hc_acl_data_size;
226
227 if (bt_hc_cbacks)
228 {
229 bt_hc_cbacks->dealloc(p_buf);
230 ALOGE("vendor lib postload completed");
231 bt_hc_cbacks->postload_cb(NULL, BT_HC_POSTLOAD_SUCCESS);
232 }
233 }
234 }
235
236
237 /*******************************************************************************
238 **
239 ** Function internal_event_intercept
240 **
241 ** Description This function is called to parse received HCI event and
242 ** - update the Num_HCI_Command_Packets
243 ** - intercept the event if it is the result of an early
244 ** issued internal command.
245 **
246 ** Returns TRUE : if the event had been intercepted for internal process
247 ** FALSE : send this event to core stack
248 **
249 *******************************************************************************/
internal_event_intercept(void)250 uint8_t internal_event_intercept(void)
251 {
252 uint8_t *p;
253 uint8_t event_code;
254 uint16_t opcode, len;
255 tHCI_H4_CB *p_cb = &h4_cb;
256
257 p = (uint8_t *)(p_cb->p_rcv_msg + 1);
258
259 event_code = *p++;
260 len = *p++;
261
262 if (event_code == HCI_COMMAND_COMPLETE_EVT)
263 {
264 num_hci_cmd_pkts = *p++;
265
266 if (p_cb->int_cmd_rsp_pending > 0)
267 {
268 STREAM_TO_UINT16(opcode, p)
269
270 if (opcode == p_cb->int_cmd[p_cb->int_cmd_rd_idx].opcode)
271 {
272 HCIDBG( \
273 "Intercept CommandCompleteEvent for internal command (0x%04X)",\
274 opcode);
275 if (p_cb->int_cmd[p_cb->int_cmd_rd_idx].cback != NULL)
276 {
277 p_cb->int_cmd[p_cb->int_cmd_rd_idx].cback(p_cb->p_rcv_msg);
278 }
279 else
280 {
281 // Missing cback function!
282 // Release the p_rcv_msg buffer.
283 if (bt_hc_cbacks)
284 {
285 bt_hc_cbacks->dealloc(p_cb->p_rcv_msg);
286 }
287 }
288 p_cb->int_cmd_rd_idx = ((p_cb->int_cmd_rd_idx+1) & \
289 INT_CMD_PKT_IDX_MASK);
290 p_cb->int_cmd_rsp_pending--;
291 return TRUE;
292 }
293 }
294 }
295 else if (event_code == HCI_COMMAND_STATUS_EVT)
296 {
297 num_hci_cmd_pkts = *(++p);
298 }
299
300 return FALSE;
301 }
302
303 /*******************************************************************************
304 **
305 ** Function acl_rx_frame_buffer_alloc
306 **
307 ** Description This function is called from the HCI transport when the
308 ** first 4 or 6 bytes of an HCI ACL packet have been received:
309 ** - Allocate a new buffer if it is a start pakcet of L2CAP
310 ** message.
311 ** - Return the buffer address of the starting L2CAP message
312 ** frame if the packet is the next segment of a fragmented
313 ** L2CAP message.
314 **
315 ** Returns the address of the receive buffer H4 RX should use
316 ** (CR419: Modified to return NULL in case of error.)
317 **
318 ** NOTE This assumes that the L2CAP MTU size is less than the size
319 ** of an HCI ACL buffer, so the maximum L2CAP message will fit
320 ** into one buffer.
321 **
322 *******************************************************************************/
acl_rx_frame_buffer_alloc(void)323 static HC_BT_HDR *acl_rx_frame_buffer_alloc (void)
324 {
325 uint8_t *p;
326 uint16_t handle;
327 uint16_t hci_len;
328 uint16_t total_len;
329 uint8_t pkt_type;
330 HC_BT_HDR *p_return_buf = NULL;
331 tHCI_H4_CB *p_cb = &h4_cb;
332
333
334 p = p_cb->preload_buffer;
335
336 STREAM_TO_UINT16 (handle, p);
337 STREAM_TO_UINT16 (hci_len, p);
338 STREAM_TO_UINT16 (total_len, p);
339
340 pkt_type = (uint8_t)(((handle) >> 12) & 0x0003);
341 handle = (uint16_t)((handle) & 0x0FFF);
342
343 if (p_cb->acl_rx_q.count)
344 {
345 uint16_t save_handle;
346 HC_BT_HDR *p_hdr = p_cb->acl_rx_q.p_first;
347
348 while (p_hdr != NULL)
349 {
350 p = (uint8_t *)(p_hdr + 1);
351 STREAM_TO_UINT16 (save_handle, p);
352 save_handle = (uint16_t)((save_handle) & 0x0FFF);
353 if (save_handle == handle)
354 {
355 p_return_buf = p_hdr;
356 break;
357 }
358 p_hdr = utils_getnext(p_hdr);
359 }
360 }
361
362 if (pkt_type == ACL_RX_PKT_START) /*** START PACKET ***/
363 {
364 /* Might have read 2 bytes for the L2CAP payload length */
365 p_cb->rcv_len = (hci_len) ? (hci_len - 2) : 0;
366
367 /* Start of packet. If we were in the middle of receiving */
368 /* a packet on the same ACL handle, the original packet is incomplete.
369 * Drop it. */
370 if (p_return_buf)
371 {
372 ALOGW("H4 - dropping incomplete ACL frame");
373
374 utils_remove_from_queue(&(p_cb->acl_rx_q), p_return_buf);
375
376 if (bt_hc_cbacks)
377 {
378 bt_hc_cbacks->dealloc(p_return_buf);
379 }
380 p_return_buf = NULL;
381 }
382
383 /* Allocate a buffer for message */
384 if (bt_hc_cbacks)
385 {
386 int len = total_len + HCI_ACL_PREAMBLE_SIZE + L2CAP_HEADER_SIZE + \
387 BT_HC_HDR_SIZE;
388 p_return_buf = (HC_BT_HDR *) bt_hc_cbacks->alloc(len);
389 }
390
391 if (p_return_buf)
392 {
393 /* Initialize buffer with preloaded data */
394 p_return_buf->offset = 0;
395 p_return_buf->layer_specific = 0;
396 p_return_buf->event = MSG_HC_TO_STACK_HCI_ACL;
397 p_return_buf->len = p_cb->preload_count;
398 memcpy((uint8_t *)(p_return_buf + 1), p_cb->preload_buffer, \
399 p_cb->preload_count);
400
401 if (hci_len && ((total_len + L2CAP_HEADER_SIZE) > hci_len))
402 {
403 /* Will expect to see fragmented ACL packets */
404 /* Keep the base buffer address in the watching queue */
405 utils_enqueue(&(p_cb->acl_rx_q), p_return_buf);
406 }
407 }
408 }
409 else /*** CONTINUATION PACKET ***/
410 {
411 p_cb->rcv_len = hci_len;
412
413 if (p_return_buf)
414 {
415 /* Packet continuation and found the original rx buffer */
416 uint8_t *p_f = p = (uint8_t *)(p_return_buf + 1) + 2;
417
418 STREAM_TO_UINT16 (total_len, p);
419
420 /* Update HCI header of first segment (base buffer) with new len */
421 total_len += hci_len;
422 UINT16_TO_STREAM (p_f, total_len);
423 }
424 }
425
426 return (p_return_buf);
427 }
428
429 /*******************************************************************************
430 **
431 ** Function acl_rx_frame_end_chk
432 **
433 ** Description This function is called from the HCI transport when the last
434 ** byte of an HCI ACL packet has been received. It checks if
435 ** the L2CAP message is complete, i.e. no more continuation
436 ** packets are expected.
437 **
438 ** Returns TRUE if message complete, FALSE if continuation expected
439 **
440 *******************************************************************************/
acl_rx_frame_end_chk(void)441 static uint8_t acl_rx_frame_end_chk (void)
442 {
443 uint8_t *p;
444 uint16_t handle, hci_len, l2cap_len;
445 HC_BT_HDR *p_buf;
446 tHCI_H4_CB *p_cb = &h4_cb;
447 uint8_t frame_end=TRUE;
448
449 p_buf = p_cb->p_rcv_msg;
450 p = (uint8_t *)(p_buf + 1);
451
452 STREAM_TO_UINT16 (handle, p);
453 STREAM_TO_UINT16 (hci_len, p);
454 STREAM_TO_UINT16 (l2cap_len, p);
455
456 if (hci_len > 0)
457 {
458 if (l2cap_len > (p_buf->len-(HCI_ACL_PREAMBLE_SIZE+L2CAP_HEADER_SIZE)) )
459 {
460 /* If the L2CAP length has not been reached, tell H4 not to send
461 * this buffer to stack */
462 frame_end = FALSE;
463 }
464 else
465 {
466 /*
467 * The current buffer coulb be in the watching list.
468 * Remove it from the list if it is in.
469 */
470 if (p_cb->acl_rx_q.count)
471 utils_remove_from_queue(&(p_cb->acl_rx_q), p_buf);
472 }
473 }
474
475 /****
476 ** Print snoop trace
477 ****/
478 if (p_buf->offset)
479 {
480 /* CONTINUATION PACKET */
481
482 /* save original p_buf->len content */
483 uint16_t tmp_u16 = p_buf->len;
484
485 /* borrow HCI_ACL_PREAMBLE_SIZE bytes from the payload section */
486 p = (uint8_t *)(p_buf + 1) + p_buf->offset - HCI_ACL_PREAMBLE_SIZE;
487
488 /* save contents */
489 memcpy(p_cb->preload_buffer, p, HCI_ACL_PREAMBLE_SIZE);
490
491 /* Set packet boundary flags to "continuation packet" */
492 handle = (handle & 0xCFFF) | 0x1000;
493
494 /* write handl & length info */
495 UINT16_TO_STREAM (p, handle);
496 UINT16_TO_STREAM (p, (p_buf->len - p_buf->offset));
497
498 /* roll pointer back */
499 p = p - HCI_ACL_PREAMBLE_SIZE;
500
501 /* adjust `p_buf->offset` & `p_buf->len`
502 * before calling btsnoop_capture() */
503 p_buf->offset = p_buf->offset - HCI_ACL_PREAMBLE_SIZE;
504 p_buf->len = p_buf->len - p_buf->offset;
505
506 btsnoop_capture(p_buf, true);
507
508 /* restore contents */
509 memcpy(p, p_cb->preload_buffer, HCI_ACL_PREAMBLE_SIZE);
510
511 /* restore p_buf->len */
512 p_buf->len = tmp_u16;
513 }
514 else
515 {
516 /* START PACKET */
517 btsnoop_capture(p_buf, true);
518 }
519
520 if (frame_end == TRUE)
521 p_buf->offset = 0;
522 else
523 p_buf->offset = p_buf->len; /* save current buffer-end position */
524
525 return frame_end;
526 }
527
528 /*****************************************************************************
529 ** HCI H4 INTERFACE FUNCTIONS
530 *****************************************************************************/
531
532 /*******************************************************************************
533 **
534 ** Function hci_h4_init
535 **
536 ** Description Initialize H4 module
537 **
538 ** Returns None
539 **
540 *******************************************************************************/
hci_h4_init(void)541 void hci_h4_init(void)
542 {
543 HCIDBG("hci_h4_init");
544
545 memset(&h4_cb, 0, sizeof(tHCI_H4_CB));
546 utils_queue_init(&(h4_cb.acl_rx_q));
547
548 /* Per HCI spec., always starts with 1 */
549 num_hci_cmd_pkts = 1;
550
551 /* Give an initial values of Host Controller's ACL data packet length
552 * Will update with an internal HCI(_LE)_Read_Buffer_Size request
553 */
554 h4_cb.hc_acl_data_size = 1021;
555 h4_cb.hc_ble_acl_data_size = 27;
556 }
557
558 /*******************************************************************************
559 **
560 ** Function hci_h4_cleanup
561 **
562 ** Description Clean H4 module
563 **
564 ** Returns None
565 **
566 *******************************************************************************/
hci_h4_cleanup(void)567 void hci_h4_cleanup(void)
568 {
569 HCIDBG("hci_h4_cleanup");
570 }
571
572 /*******************************************************************************
573 **
574 ** Function hci_h4_send_msg
575 **
576 ** Description Determine message type, set HCI H4 packet indicator, and
577 ** send message through USERIAL driver
578 **
579 ** Returns None
580 **
581 *******************************************************************************/
hci_h4_send_msg(HC_BT_HDR * p_msg)582 void hci_h4_send_msg(HC_BT_HDR *p_msg)
583 {
584 uint8_t type = 0;
585 uint16_t handle;
586 uint16_t bytes_to_send, lay_spec;
587 uint8_t *p = ((uint8_t *)(p_msg + 1)) + p_msg->offset;
588 uint16_t event = p_msg->event & MSG_EVT_MASK;
589 uint16_t sub_event = p_msg->event & MSG_SUB_EVT_MASK;
590 uint16_t acl_pkt_size = 0, acl_data_size = 0;
591 uint16_t bytes_sent;
592
593 /* wake up BT device if its in sleep mode */
594 lpm_wake_assert();
595
596 if (event == MSG_STACK_TO_HC_HCI_ACL)
597 type = H4_TYPE_ACL_DATA;
598 else if (event == MSG_STACK_TO_HC_HCI_SCO)
599 type = H4_TYPE_SCO_DATA;
600 else if (event == MSG_STACK_TO_HC_HCI_CMD)
601 type = H4_TYPE_COMMAND;
602
603 if (sub_event == LOCAL_BR_EDR_CONTROLLER_ID)
604 {
605 acl_data_size = h4_cb.hc_acl_data_size;
606 acl_pkt_size = h4_cb.hc_acl_data_size + HCI_ACL_PREAMBLE_SIZE;
607 }
608 else
609 {
610 acl_data_size = h4_cb.hc_ble_acl_data_size;
611 acl_pkt_size = h4_cb.hc_ble_acl_data_size + HCI_ACL_PREAMBLE_SIZE;
612 }
613
614 /* Check if sending ACL data that needs fragmenting */
615 if ((event == MSG_STACK_TO_HC_HCI_ACL) && (p_msg->len > acl_pkt_size))
616 {
617 /* Get the handle from the packet */
618 STREAM_TO_UINT16 (handle, p);
619
620 /* Set packet boundary flags to "continuation packet" */
621 handle = (handle & 0xCFFF) | 0x1000;
622
623 /* Do all the first chunks */
624 while (p_msg->len > acl_pkt_size)
625 {
626 /* remember layer_specific because uart borrow
627 one byte from layer_specific for packet type */
628 lay_spec = p_msg->layer_specific;
629
630 p = ((uint8_t *)(p_msg + 1)) + p_msg->offset - 1;
631 *p = type;
632 bytes_to_send = acl_pkt_size + 1; /* packet_size + message type */
633
634 bytes_sent = userial_write(event,(uint8_t *) p,bytes_to_send);
635
636 /* generate snoop trace message */
637 btsnoop_capture(p_msg, false);
638
639 p_msg->layer_specific = lay_spec;
640 /* Adjust offset and length for what we just sent */
641 p_msg->offset += acl_data_size;
642 p_msg->len -= acl_data_size;
643
644 p = ((uint8_t *)(p_msg + 1)) + p_msg->offset;
645
646 UINT16_TO_STREAM (p, handle);
647
648 if (p_msg->len > acl_pkt_size)
649 {
650 UINT16_TO_STREAM (p, acl_data_size);
651 }
652 else
653 {
654 UINT16_TO_STREAM (p, p_msg->len - HCI_ACL_PREAMBLE_SIZE);
655 }
656
657 /* If we were only to send partial buffer, stop when done. */
658 /* Send the buffer back to L2CAP to send the rest of it later */
659 if (p_msg->layer_specific)
660 {
661 if (--p_msg->layer_specific == 0)
662 {
663 p_msg->event = MSG_HC_TO_STACK_L2C_SEG_XMIT;
664
665 if (bt_hc_cbacks)
666 {
667 bt_hc_cbacks->tx_result((TRANSAC) p_msg, \
668 (char *) (p_msg + 1), \
669 BT_HC_TX_FRAGMENT);
670 }
671
672 return;
673 }
674 }
675 }
676 }
677
678
679 /* remember layer_specific because uart borrow
680 one byte from layer_specific for packet type */
681 lay_spec = p_msg->layer_specific;
682
683 /* Put the HCI Transport packet type 1 byte before the message */
684 p = ((uint8_t *)(p_msg + 1)) + p_msg->offset - 1;
685 *p = type;
686 bytes_to_send = p_msg->len + 1; /* message_size + message type */
687
688 bytes_sent = userial_write(event,(uint8_t *) p, bytes_to_send);
689
690 p_msg->layer_specific = lay_spec;
691
692 if (event == MSG_STACK_TO_HC_HCI_CMD)
693 {
694 num_hci_cmd_pkts--;
695
696 /* If this is an internal Cmd packet, the layer_specific field would
697 * have stored with the opcode of HCI command.
698 * Retrieve the opcode from the Cmd packet.
699 */
700 p++;
701 STREAM_TO_UINT16(lay_spec, p);
702 }
703
704 /* generate snoop trace message */
705 btsnoop_capture(p_msg, false);
706
707 if (bt_hc_cbacks)
708 {
709 if ((event == MSG_STACK_TO_HC_HCI_CMD) && \
710 (h4_cb.int_cmd_rsp_pending > 0) && \
711 (p_msg->layer_specific == lay_spec))
712 {
713 /* dealloc buffer of internal command */
714 bt_hc_cbacks->dealloc(p_msg);
715 }
716 else
717 {
718 bt_hc_cbacks->tx_result((TRANSAC) p_msg, (char *) (p_msg + 1), \
719 BT_HC_TX_SUCCESS);
720 }
721 }
722
723 lpm_tx_done(TRUE);
724
725 return;
726 }
727
728
729 /*******************************************************************************
730 **
731 ** Function hci_h4_receive_msg
732 **
733 ** Description Construct HCI EVENT/ACL packets and send them to stack once
734 ** complete packet has been received.
735 **
736 ** Returns Number of read bytes
737 **
738 *******************************************************************************/
hci_h4_receive_msg(void)739 uint16_t hci_h4_receive_msg(void)
740 {
741 uint16_t bytes_read = 0;
742 uint8_t byte;
743 uint16_t msg_len, len;
744 uint8_t msg_received;
745 tHCI_H4_CB *p_cb=&h4_cb;
746
747 while (TRUE)
748 {
749 /* Read one byte to see if there is anything waiting to be read */
750 if (userial_read(0 /*dummy*/, &byte, 1) == 0)
751 {
752 break;
753 }
754
755 bytes_read++;
756 msg_received = FALSE;
757
758 switch (p_cb->rcv_state)
759 {
760 case H4_RX_MSGTYPE_ST:
761 /* Start of new message */
762 if ((byte < H4_TYPE_ACL_DATA) || (byte > H4_TYPE_EVENT))
763 {
764 /* Unknown HCI message type */
765 /* Drop this byte */
766 ALOGE("[h4] Unknown HCI message type drop this byte 0x%x", byte);
767 break;
768 }
769
770 /* Initialize rx parameters */
771 p_cb->rcv_msg_type = byte;
772 p_cb->rcv_len = hci_preamble_table[byte-1];
773 memset(p_cb->preload_buffer, 0 , 6);
774 p_cb->preload_count = 0;
775 // p_cb->p_rcv_msg = NULL;
776 p_cb->rcv_state = H4_RX_LEN_ST; /* Next, wait for length to come */
777 break;
778
779 case H4_RX_LEN_ST:
780 /* Receiving preamble */
781 p_cb->preload_buffer[p_cb->preload_count++] = byte;
782 p_cb->rcv_len--;
783
784 /* Check if we received entire preamble yet */
785 if (p_cb->rcv_len == 0)
786 {
787 if (p_cb->rcv_msg_type == H4_TYPE_ACL_DATA)
788 {
789 /* ACL data lengths are 16-bits */
790 msg_len = p_cb->preload_buffer[3];
791 msg_len = (msg_len << 8) + p_cb->preload_buffer[2];
792
793 if (msg_len && (p_cb->preload_count == 4))
794 {
795 /* Check if this is a start packet */
796 byte = ((p_cb->preload_buffer[1] >> 4) & 0x03);
797
798 if (byte == ACL_RX_PKT_START)
799 {
800 /*
801 * A start packet & with non-zero data payload length.
802 * We want to read 2 more bytes to get L2CAP payload
803 * length.
804 */
805 p_cb->rcv_len = 2;
806
807 break;
808 }
809 }
810
811 /*
812 * Check for segmented packets. If this is a continuation
813 * packet, then we will continue appending data to the
814 * original rcv buffer.
815 */
816 p_cb->p_rcv_msg = acl_rx_frame_buffer_alloc();
817 }
818 else
819 {
820 /* Received entire preamble.
821 * Length is in the last received byte */
822 msg_len = byte;
823 p_cb->rcv_len = msg_len;
824
825 /* Allocate a buffer for message */
826 if (bt_hc_cbacks)
827 {
828 len = msg_len + p_cb->preload_count + BT_HC_HDR_SIZE;
829 p_cb->p_rcv_msg = \
830 (HC_BT_HDR *) bt_hc_cbacks->alloc(len);
831 }
832
833 if (p_cb->p_rcv_msg)
834 {
835 /* Initialize buffer with preloaded data */
836 p_cb->p_rcv_msg->offset = 0;
837 p_cb->p_rcv_msg->layer_specific = 0;
838 p_cb->p_rcv_msg->event = \
839 msg_evt_table[p_cb->rcv_msg_type-1];
840 p_cb->p_rcv_msg->len = p_cb->preload_count;
841 memcpy((uint8_t *)(p_cb->p_rcv_msg + 1), \
842 p_cb->preload_buffer, p_cb->preload_count);
843 }
844 }
845
846 if (p_cb->p_rcv_msg == NULL)
847 {
848 /* Unable to acquire message buffer. */
849 ALOGE( \
850 "H4: Unable to acquire buffer for incoming HCI message." \
851 );
852
853 if (msg_len == 0)
854 {
855 /* Wait for next message */
856 p_cb->rcv_state = H4_RX_MSGTYPE_ST;
857 }
858 else
859 {
860 /* Ignore rest of the packet */
861 p_cb->rcv_state = H4_RX_IGNORE_ST;
862 }
863
864 break;
865 }
866
867 /* Message length is valid */
868 if (msg_len)
869 {
870 /* Read rest of message */
871 p_cb->rcv_state = H4_RX_DATA_ST;
872 }
873 else
874 {
875 /* Message has no additional parameters.
876 * (Entire message has been received) */
877 if (p_cb->rcv_msg_type == H4_TYPE_ACL_DATA)
878 acl_rx_frame_end_chk(); /* to print snoop trace */
879
880 msg_received = TRUE;
881
882 /* Next, wait for next message */
883 p_cb->rcv_state = H4_RX_MSGTYPE_ST;
884 }
885 }
886 break;
887
888 case H4_RX_DATA_ST:
889 *((uint8_t *)(p_cb->p_rcv_msg + 1) + p_cb->p_rcv_msg->len++) = byte;
890 p_cb->rcv_len--;
891
892 if (p_cb->rcv_len > 0)
893 {
894 /* Read in the rest of the message */
895 len = userial_read(0 /*dummy*/, \
896 ((uint8_t *)(p_cb->p_rcv_msg+1) + p_cb->p_rcv_msg->len), \
897 p_cb->rcv_len);
898 p_cb->p_rcv_msg->len += len;
899 p_cb->rcv_len -= len;
900 bytes_read += len;
901 }
902
903 /* Check if we read in entire message yet */
904 if (p_cb->rcv_len == 0)
905 {
906 /* Received entire packet. */
907 /* Check for segmented l2cap packets */
908 if ((p_cb->rcv_msg_type == H4_TYPE_ACL_DATA) &&
909 !acl_rx_frame_end_chk())
910 {
911 /* Not the end of packet yet. */
912 /* Next, wait for next message */
913 p_cb->rcv_state = H4_RX_MSGTYPE_ST;
914 }
915 else
916 {
917 msg_received = TRUE;
918 /* Next, wait for next message */
919 p_cb->rcv_state = H4_RX_MSGTYPE_ST;
920 }
921 }
922 break;
923
924
925 case H4_RX_IGNORE_ST:
926 /* Ignore reset of packet */
927 p_cb->rcv_len--;
928
929 /* Check if we read in entire message yet */
930 if (p_cb->rcv_len == 0)
931 {
932 /* Next, wait for next message */
933 p_cb->rcv_state = H4_RX_MSGTYPE_ST;
934 }
935 break;
936 }
937
938
939 /* If we received entire message, then send it to the task */
940 if (msg_received)
941 {
942 uint8_t intercepted = FALSE;
943
944 /* generate snoop trace message */
945 /* ACL packet tracing had done in acl_rx_frame_end_chk() */
946 if (p_cb->p_rcv_msg->event != MSG_HC_TO_STACK_HCI_ACL)
947 btsnoop_capture(p_cb->p_rcv_msg, true);
948
949 if (p_cb->p_rcv_msg->event == MSG_HC_TO_STACK_HCI_EVT)
950 intercepted = internal_event_intercept();
951
952 if ((bt_hc_cbacks) && (intercepted == FALSE))
953 {
954 bt_hc_cbacks->data_ind((TRANSAC) p_cb->p_rcv_msg, \
955 (char *) (p_cb->p_rcv_msg + 1), \
956 p_cb->p_rcv_msg->len + BT_HC_HDR_SIZE);
957 }
958 p_cb->p_rcv_msg = NULL;
959 }
960 }
961
962 return (bytes_read);
963 }
964
965
966 /*******************************************************************************
967 **
968 ** Function hci_h4_send_int_cmd
969 **
970 ** Description Place the internal commands (issued internally by vendor lib)
971 ** in the tx_q.
972 **
973 ** Returns TRUE/FALSE
974 **
975 *******************************************************************************/
hci_h4_send_int_cmd(uint16_t opcode,HC_BT_HDR * p_buf,tINT_CMD_CBACK p_cback)976 uint8_t hci_h4_send_int_cmd(uint16_t opcode, HC_BT_HDR *p_buf, \
977 tINT_CMD_CBACK p_cback)
978 {
979 if (h4_cb.int_cmd_rsp_pending > INT_CMD_PKT_MAX_COUNT)
980 {
981 ALOGE( \
982 "Allow only %d outstanding internal commands at a time [Reject 0x%04X]"\
983 , INT_CMD_PKT_MAX_COUNT, opcode);
984 return FALSE;
985 }
986
987 h4_cb.int_cmd_rsp_pending++;
988 h4_cb.int_cmd[h4_cb.int_cmd_wrt_idx].opcode = opcode;
989 h4_cb.int_cmd[h4_cb.int_cmd_wrt_idx].cback = p_cback;
990 h4_cb.int_cmd_wrt_idx = ((h4_cb.int_cmd_wrt_idx+1) & INT_CMD_PKT_IDX_MASK);
991
992 /* stamp signature to indicate an internal command */
993 p_buf->layer_specific = opcode;
994
995 bthc_tx(p_buf);
996 return TRUE;
997 }
998
999
1000 /*******************************************************************************
1001 **
1002 ** Function hci_h4_get_acl_data_length
1003 **
1004 ** Description Issue HCI_READ_BUFFER_SIZE command to retrieve Controller's
1005 ** ACL data length setting
1006 **
1007 ** Returns None
1008 **
1009 *******************************************************************************/
hci_h4_get_acl_data_length(void)1010 void hci_h4_get_acl_data_length(void)
1011 {
1012 HC_BT_HDR *p_buf = NULL;
1013 uint8_t *p, ret;
1014
1015 if (bt_hc_cbacks)
1016 {
1017 p_buf = (HC_BT_HDR *) bt_hc_cbacks->alloc(BT_HC_HDR_SIZE + \
1018 HCI_CMD_PREAMBLE_SIZE);
1019 }
1020
1021 if (p_buf)
1022 {
1023 p_buf->event = MSG_STACK_TO_HC_HCI_CMD;
1024 p_buf->offset = 0;
1025 p_buf->layer_specific = 0;
1026 p_buf->len = HCI_CMD_PREAMBLE_SIZE;
1027
1028 p = (uint8_t *) (p_buf + 1);
1029 UINT16_TO_STREAM(p, HCI_READ_BUFFER_SIZE);
1030 *p = 0;
1031
1032 if ((ret = hci_h4_send_int_cmd(HCI_READ_BUFFER_SIZE, p_buf, \
1033 get_acl_data_length_cback)) == FALSE)
1034 {
1035 bt_hc_cbacks->dealloc(p_buf);
1036 }
1037 else
1038 return;
1039 }
1040
1041 if (bt_hc_cbacks)
1042 {
1043 ALOGE("vendor lib postload aborted");
1044 bt_hc_cbacks->postload_cb(NULL, BT_HC_POSTLOAD_FAIL);
1045 }
1046 }
1047
1048
1049 /******************************************************************************
1050 ** HCI H4 Services interface table
1051 ******************************************************************************/
1052
1053 const tHCI_IF hci_h4_func_table =
1054 {
1055 hci_h4_init,
1056 hci_h4_cleanup,
1057 hci_h4_send_msg,
1058 hci_h4_send_int_cmd,
1059 hci_h4_get_acl_data_length,
1060 hci_h4_receive_msg
1061 };
1062
1063