1 /******************************************************************************
2  *
3  *  Copyright (C) 1999-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  this file contains the functions relating to link management. A "link"
22  *  is a connection between this device and another device. Only ACL links
23  *  are managed.
24  *
25  ******************************************************************************/
26 
27 #include <assert.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <stdio.h>
31 
32 #include "device/include/controller.h"
33 #include "bt_common.h"
34 #include "bt_types.h"
35 #include "bt_utils.h"
36 #include "hcimsgs.h"
37 #include "l2cdefs.h"
38 #include "l2c_int.h"
39 #include "l2c_api.h"
40 #include "btu.h"
41 #include "btm_api.h"
42 #include "btm_int.h"
43 #include "btcore/include/bdaddr.h"
44 
45 
46 extern fixed_queue_t *btu_general_alarm_queue;
47 
48 static BOOLEAN l2c_link_send_to_lower (tL2C_LCB *p_lcb, BT_HDR *p_buf);
49 
50 /*******************************************************************************
51 **
52 ** Function         l2c_link_hci_conn_req
53 **
54 ** Description      This function is called when an HCI Connection Request
55 **                  event is received.
56 **
57 ** Returns          TRUE, if accept conn
58 **
59 *******************************************************************************/
l2c_link_hci_conn_req(BD_ADDR bd_addr)60 BOOLEAN l2c_link_hci_conn_req (BD_ADDR bd_addr)
61 {
62     tL2C_LCB        *p_lcb;
63     tL2C_LCB        *p_lcb_cur;
64     int             xx;
65     BOOLEAN         no_links;
66 
67     /* See if we have a link control block for the remote device */
68     p_lcb = l2cu_find_lcb_by_bd_addr (bd_addr, BT_TRANSPORT_BR_EDR);
69 
70     /* If we don't have one, create one and accept the connection. */
71     if (!p_lcb)
72     {
73         p_lcb = l2cu_allocate_lcb (bd_addr, FALSE, BT_TRANSPORT_BR_EDR);
74         if (!p_lcb)
75         {
76             btsnd_hcic_reject_conn (bd_addr, HCI_ERR_HOST_REJECT_RESOURCES);
77             L2CAP_TRACE_ERROR ("L2CAP failed to allocate LCB");
78             return FALSE;
79         }
80 
81         no_links = TRUE;
82 
83         /* If we already have connection, accept as a master */
84         for (xx = 0, p_lcb_cur = &l2cb.lcb_pool[0]; xx < MAX_L2CAP_LINKS; xx++, p_lcb_cur++)
85         {
86             if (p_lcb_cur == p_lcb)
87                 continue;
88 
89             if (p_lcb_cur->in_use)
90             {
91                 no_links = FALSE;
92                 p_lcb->link_role = HCI_ROLE_MASTER;
93                 break;
94             }
95         }
96 
97         if (no_links)
98         {
99             if (!btm_dev_support_switch (bd_addr))
100                 p_lcb->link_role = HCI_ROLE_SLAVE;
101             else
102                 p_lcb->link_role = l2cu_get_conn_role(p_lcb);
103         }
104 
105 
106         /* Tell the other side we accept the connection */
107         btsnd_hcic_accept_conn (bd_addr, p_lcb->link_role);
108 
109         p_lcb->link_state = LST_CONNECTING;
110 
111         /* Start a timer waiting for connect complete */
112         alarm_set_on_queue(p_lcb->l2c_lcb_timer, L2CAP_LINK_CONNECT_TIMEOUT_MS,
113                            l2c_lcb_timer_timeout, p_lcb,
114                            btu_general_alarm_queue);
115         return (TRUE);
116     }
117 
118     /* We already had a link control block to the guy. Check what state it is in */
119     if ((p_lcb->link_state == LST_CONNECTING) || (p_lcb->link_state == LST_CONNECT_HOLDING))
120     {
121         /* Connection collision. Accept the connection anyways. */
122 
123         if (!btm_dev_support_switch (bd_addr))
124             p_lcb->link_role = HCI_ROLE_SLAVE;
125         else
126             p_lcb->link_role = l2cu_get_conn_role(p_lcb);
127 
128         btsnd_hcic_accept_conn (bd_addr, p_lcb->link_role);
129 
130         p_lcb->link_state = LST_CONNECTING;
131         return (TRUE);
132     }
133     else if (p_lcb->link_state == LST_DISCONNECTING)
134     {
135         /* In disconnecting state, reject the connection. */
136         btsnd_hcic_reject_conn (bd_addr, HCI_ERR_HOST_REJECT_DEVICE);
137     }
138     else
139     {
140         L2CAP_TRACE_ERROR("L2CAP got conn_req while connected (state:%d). Reject it",
141                 p_lcb->link_state);
142         /* Reject the connection with ACL Connection Already exist reason */
143         btsnd_hcic_reject_conn (bd_addr, HCI_ERR_CONNECTION_EXISTS);
144     }
145     return (FALSE);
146 }
147 
148 /*******************************************************************************
149 **
150 ** Function         l2c_link_hci_conn_comp
151 **
152 ** Description      This function is called when an HCI Connection Complete
153 **                  event is received.
154 **
155 ** Returns          void
156 **
157 *******************************************************************************/
l2c_link_hci_conn_comp(UINT8 status,UINT16 handle,BD_ADDR p_bda)158 BOOLEAN l2c_link_hci_conn_comp (UINT8 status, UINT16 handle, BD_ADDR p_bda)
159 {
160     tL2C_CONN_INFO       ci;
161     tL2C_LCB            *p_lcb;
162     tL2C_CCB            *p_ccb;
163     tBTM_SEC_DEV_REC    *p_dev_info = NULL;
164 
165     btm_acl_update_busy_level (BTM_BLI_PAGE_DONE_EVT);
166 
167     /* Save the parameters */
168     ci.status       = status;
169     memcpy (ci.bd_addr, p_bda, BD_ADDR_LEN);
170 
171     /* See if we have a link control block for the remote device */
172     p_lcb = l2cu_find_lcb_by_bd_addr (ci.bd_addr, BT_TRANSPORT_BR_EDR);
173 
174     /* If we don't have one, this is an error */
175     if (!p_lcb)
176     {
177         L2CAP_TRACE_WARNING ("L2CAP got conn_comp for unknown BD_ADDR");
178         return (FALSE);
179     }
180 
181     if (p_lcb->link_state != LST_CONNECTING)
182     {
183         L2CAP_TRACE_ERROR ("L2CAP got conn_comp in bad state: %d  status: 0x%d", p_lcb->link_state, status);
184 
185         if (status != HCI_SUCCESS)
186             l2c_link_hci_disc_comp (p_lcb->handle, status);
187 
188         return (FALSE);
189     }
190 
191     /* Save the handle */
192     p_lcb->handle = handle;
193 
194     if (ci.status == HCI_SUCCESS)
195     {
196         /* Connected OK. Change state to connected */
197         p_lcb->link_state = LST_CONNECTED;
198 
199         /* Get the peer information if the l2cap flow-control/rtrans is supported */
200         l2cu_send_peer_info_req (p_lcb, L2CAP_EXTENDED_FEATURES_INFO_TYPE);
201 
202         /* Tell BTM Acl management about the link */
203         if ((p_dev_info = btm_find_dev (p_bda)) != NULL)
204             btm_acl_created (ci.bd_addr, p_dev_info->dev_class,
205                              p_dev_info->sec_bd_name, handle,
206                              p_lcb->link_role, BT_TRANSPORT_BR_EDR);
207         else
208             btm_acl_created (ci.bd_addr, NULL, NULL, handle, p_lcb->link_role, BT_TRANSPORT_BR_EDR);
209 
210         BTM_SetLinkSuperTout (ci.bd_addr, btm_cb.btm_def_link_super_tout);
211 
212         /* If dedicated bonding do not process any further */
213         if (p_lcb->is_bonding)
214         {
215             if (l2cu_start_post_bond_timer(handle))
216                 return (TRUE);
217         }
218 
219         /* Update the timeouts in the hold queue */
220         l2c_process_held_packets(FALSE);
221 
222         alarm_cancel(p_lcb->l2c_lcb_timer);
223 
224         /* For all channels, send the event through their FSMs */
225         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb)
226         {
227             l2c_csm_execute (p_ccb, L2CEVT_LP_CONNECT_CFM, &ci);
228         }
229 
230         if (p_lcb->p_echo_rsp_cb)
231         {
232             l2cu_send_peer_echo_req (p_lcb, NULL, 0);
233             alarm_set_on_queue(p_lcb->l2c_lcb_timer,
234                                L2CAP_ECHO_RSP_TIMEOUT_MS,
235                                l2c_lcb_timer_timeout, p_lcb,
236                                btu_general_alarm_queue);
237         }
238         else if (!p_lcb->ccb_queue.p_first_ccb)
239         {
240             period_ms_t timeout_ms = L2CAP_LINK_STARTUP_TOUT * 1000;
241             alarm_set_on_queue(p_lcb->l2c_lcb_timer, timeout_ms,
242                                l2c_lcb_timer_timeout, p_lcb,
243                                btu_general_alarm_queue);
244         }
245     }
246     /* Max number of acl connections.                          */
247     /* If there's an lcb disconnecting set this one to holding */
248     else if ((ci.status == HCI_ERR_MAX_NUM_OF_CONNECTIONS) && l2cu_lcb_disconnecting())
249     {
250         p_lcb->link_state = LST_CONNECT_HOLDING;
251         p_lcb->handle = HCI_INVALID_HANDLE;
252     }
253     else
254     {
255         /* Just in case app decides to try again in the callback context */
256         p_lcb->link_state = LST_DISCONNECTING;
257 
258         /* Connection failed. For all channels, send the event through */
259         /* their FSMs. The CCBs should remove themselves from the LCB  */
260         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; )
261         {
262             tL2C_CCB *pn = p_ccb->p_next_ccb;
263 
264             l2c_csm_execute (p_ccb, L2CEVT_LP_CONNECT_CFM_NEG, &ci);
265 
266             p_ccb = pn;
267         }
268 
269         p_lcb->disc_reason = status;
270         /* Release the LCB */
271         if (p_lcb->ccb_queue.p_first_ccb == NULL)
272             l2cu_release_lcb (p_lcb);
273         else                              /* there are any CCBs remaining */
274         {
275             if (ci.status == HCI_ERR_CONNECTION_EXISTS)
276             {
277                 /* we are in collision situation, wait for connecttion request from controller */
278                 p_lcb->link_state = LST_CONNECTING;
279             }
280             else
281             {
282                 l2cu_create_conn(p_lcb, BT_TRANSPORT_BR_EDR);
283             }
284         }
285     }
286     return (TRUE);
287 }
288 
289 
290 /*******************************************************************************
291 **
292 ** Function         l2c_link_sec_comp
293 **
294 ** Description      This function is called when required security procedures
295 **                  are completed.
296 **
297 ** Returns          void
298 **
299 *******************************************************************************/
l2c_link_sec_comp(BD_ADDR p_bda,tBT_TRANSPORT transport,void * p_ref_data,UINT8 status)300 void l2c_link_sec_comp (BD_ADDR p_bda, tBT_TRANSPORT transport, void *p_ref_data, UINT8 status)
301 {
302     tL2C_CONN_INFO  ci;
303     tL2C_LCB        *p_lcb;
304     tL2C_CCB        *p_ccb;
305     tL2C_CCB        *p_next_ccb;
306     UINT8           event;
307 
308     UNUSED(transport);
309 
310     L2CAP_TRACE_DEBUG ("l2c_link_sec_comp: %d, 0x%x", status, p_ref_data);
311 
312     if (status == BTM_SUCCESS_NO_SECURITY)
313         status = BTM_SUCCESS;
314 
315     /* Save the parameters */
316     ci.status       = status;
317     memcpy (ci.bd_addr, p_bda, BD_ADDR_LEN);
318 
319     p_lcb = l2cu_find_lcb_by_bd_addr (p_bda, transport);
320 
321     /* If we don't have one, this is an error */
322     if (!p_lcb)
323     {
324         L2CAP_TRACE_WARNING ("L2CAP got sec_comp for unknown BD_ADDR");
325         return;
326     }
327 
328     /* Match p_ccb with p_ref_data returned by sec manager */
329     for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_next_ccb)
330     {
331         p_next_ccb = p_ccb->p_next_ccb;
332 
333         if (p_ccb == p_ref_data)
334         {
335             switch(status)
336             {
337             case BTM_SUCCESS:
338                 event = L2CEVT_SEC_COMP;
339                 break;
340 
341             case BTM_DELAY_CHECK:
342                 /* start a timer - encryption change not received before L2CAP connect req */
343                 alarm_set_on_queue(p_ccb->l2c_ccb_timer,
344                                    L2CAP_DELAY_CHECK_SM4_TIMEOUT_MS,
345                                    l2c_ccb_timer_timeout, p_ccb,
346                                    btu_general_alarm_queue);
347                 return;
348 
349             default:
350                 event = L2CEVT_SEC_COMP_NEG;
351             }
352             l2c_csm_execute (p_ccb, event, &ci);
353             break;
354         }
355     }
356 }
357 
358 
359 /*******************************************************************************
360 **
361 ** Function         l2c_link_hci_disc_comp
362 **
363 ** Description      This function is called when an HCI Disconnect Complete
364 **                  event is received.
365 **
366 ** Returns          TRUE if the link is known about, else FALSE
367 **
368 *******************************************************************************/
l2c_link_hci_disc_comp(UINT16 handle,UINT8 reason)369 BOOLEAN l2c_link_hci_disc_comp (UINT16 handle, UINT8 reason)
370 {
371     tL2C_LCB    *p_lcb;
372     tL2C_CCB    *p_ccb;
373     BOOLEAN     status = TRUE;
374     BOOLEAN     lcb_is_free = TRUE;
375     tBT_TRANSPORT   transport = BT_TRANSPORT_BR_EDR;
376 
377     /* See if we have a link control block for the connection */
378     p_lcb = l2cu_find_lcb_by_handle (handle);
379 
380     /* If we don't have one, maybe an SCO link. Send to MM */
381     if (!p_lcb)
382     {
383         status = FALSE;
384     }
385     else
386     {
387         /* There can be a case when we rejected PIN code authentication */
388         /* otherwise save a new reason */
389         if (btm_cb.acl_disc_reason != HCI_ERR_HOST_REJECT_SECURITY)
390             btm_cb.acl_disc_reason = reason;
391 
392         p_lcb->disc_reason = btm_cb.acl_disc_reason;
393 
394         /* Just in case app decides to try again in the callback context */
395         p_lcb->link_state = LST_DISCONNECTING;
396 
397 #if (BLE_INCLUDED == TRUE)
398         /* Check for BLE and handle that differently */
399         if (p_lcb->transport == BT_TRANSPORT_LE)
400             btm_ble_update_link_topology_mask(p_lcb->link_role, FALSE);
401 #endif
402         /* Link is disconnected. For all channels, send the event through */
403         /* their FSMs. The CCBs should remove themselves from the LCB     */
404         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; )
405         {
406             tL2C_CCB *pn = p_ccb->p_next_ccb;
407 
408             /* Keep connect pending control block (if exists)
409              * Possible Race condition when a reconnect occurs
410              * on the channel during a disconnect of link. This
411              * ccb will be automatically retried after link disconnect
412              * arrives
413              */
414             if (p_ccb != p_lcb->p_pending_ccb)
415             {
416                 l2c_csm_execute (p_ccb, L2CEVT_LP_DISCONNECT_IND, &reason);
417             }
418             p_ccb = pn;
419         }
420 
421 #if (BTM_SCO_INCLUDED == TRUE)
422 #if (BLE_INCLUDED == TRUE)
423         if (p_lcb->transport == BT_TRANSPORT_BR_EDR)
424 #endif
425             /* Tell SCO management to drop any SCOs on this ACL */
426             btm_sco_acl_removed (p_lcb->remote_bd_addr);
427 #endif
428 
429         /* If waiting for disconnect and reconnect is pending start the reconnect now
430            race condition where layer above issued connect request on link that was
431            disconnecting
432          */
433         if (p_lcb->ccb_queue.p_first_ccb != NULL || p_lcb->p_pending_ccb)
434         {
435             L2CAP_TRACE_DEBUG("l2c_link_hci_disc_comp: Restarting pending ACL request");
436             transport = p_lcb->transport;
437 #if BLE_INCLUDED == TRUE
438             /* for LE link, always drop and re-open to ensure to get LE remote feature */
439             if (p_lcb->transport == BT_TRANSPORT_LE)
440             {
441                 l2cb.is_ble_connecting = FALSE;
442                 btm_acl_removed (p_lcb->remote_bd_addr, p_lcb->transport);
443                 /* Release any held buffers */
444                 BT_HDR *p_buf;
445                 while (!list_is_empty(p_lcb->link_xmit_data_q))
446                 {
447                     p_buf = list_front(p_lcb->link_xmit_data_q);
448                     list_remove(p_lcb->link_xmit_data_q, p_buf);
449                     osi_free(p_buf);
450                 }
451             }
452             else
453 #endif
454        {
455 #if (L2CAP_NUM_FIXED_CHNLS > 0)
456           /* If we are going to re-use the LCB without dropping it, release all fixed channels
457           here */
458           int xx;
459           for (xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++)
460           {
461               if (p_lcb->p_fixed_ccbs[xx] && p_lcb->p_fixed_ccbs[xx] != p_lcb->p_pending_ccb)
462               {
463 #if BLE_INCLUDED == TRUE
464                   (*l2cb.fixed_reg[xx].pL2CA_FixedConn_Cb)(xx + L2CAP_FIRST_FIXED_CHNL,
465                           p_lcb->remote_bd_addr, FALSE, p_lcb->disc_reason, p_lcb->transport);
466 #else
467                   (*l2cb.fixed_reg[xx].pL2CA_FixedConn_Cb)(xx + L2CAP_FIRST_FIXED_CHNL,
468                           p_lcb->remote_bd_addr, FALSE, p_lcb->disc_reason, BT_TRANSPORT_BR_EDR);
469 #endif
470                     if (p_lcb->p_fixed_ccbs[xx] == NULL) {
471                       bdstr_t bd_addr_str = {0};
472                       L2CAP_TRACE_ERROR("%s: unexpected p_fixed_ccbs[%d] is NULL remote_bd_addr = %s p_lcb = %p in_use = %d link_state = %d handle = %d link_role = %d is_bonding = %d disc_reason = %d transport = %d",
473                                         __func__, xx,
474                                         bdaddr_to_string((bt_bdaddr_t *)&p_lcb->remote_bd_addr,
475                                                          bd_addr_str,
476                                                          sizeof(bd_addr_str)),
477                                         p_lcb, p_lcb->in_use,
478                                         p_lcb->link_state, p_lcb->handle,
479                                         p_lcb->link_role, p_lcb->is_bonding,
480                                         p_lcb->disc_reason, p_lcb->transport);
481                     }
482                     assert(p_lcb->p_fixed_ccbs[xx] != NULL);
483                     l2cu_release_ccb (p_lcb->p_fixed_ccbs[xx]);
484 
485                     p_lcb->p_fixed_ccbs[xx] = NULL;
486               }
487           }
488 #endif
489         }
490             if (l2cu_create_conn(p_lcb, transport))
491                 lcb_is_free = FALSE; /* still using this lcb */
492         }
493 
494         p_lcb->p_pending_ccb = NULL;
495 
496         /* Release the LCB */
497         if (lcb_is_free)
498             l2cu_release_lcb (p_lcb);
499     }
500 
501     /* Now that we have a free acl connection, see if any lcbs are pending */
502     if (lcb_is_free && ((p_lcb = l2cu_find_lcb_by_state(LST_CONNECT_HOLDING)) != NULL))
503     {
504         /* we found one-- create a connection */
505         l2cu_create_conn(p_lcb, BT_TRANSPORT_BR_EDR);
506     }
507 
508     return status;
509 }
510 
511 
512 /*******************************************************************************
513 **
514 ** Function         l2c_link_hci_qos_violation
515 **
516 ** Description      This function is called when an HCI QOS Violation
517 **                  event is received.
518 **
519 ** Returns          TRUE if the link is known about, else FALSE
520 **
521 *******************************************************************************/
l2c_link_hci_qos_violation(UINT16 handle)522 BOOLEAN l2c_link_hci_qos_violation (UINT16 handle)
523 {
524     tL2C_LCB        *p_lcb;
525     tL2C_CCB        *p_ccb;
526 
527     /* See if we have a link control block for the connection */
528     p_lcb = l2cu_find_lcb_by_handle (handle);
529 
530     /* If we don't have one, maybe an SCO link. */
531     if (!p_lcb)
532         return (FALSE);
533 
534     /* For all channels, tell the upper layer about it */
535     for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb)
536     {
537         if (p_ccb->p_rcb->api.pL2CA_QoSViolationInd_Cb)
538             l2c_csm_execute (p_ccb, L2CEVT_LP_QOS_VIOLATION_IND, NULL);
539     }
540 
541     return (TRUE);
542 }
543 
544 
545 
546 /*******************************************************************************
547 **
548 ** Function         l2c_link_timeout
549 **
550 ** Description      This function is called when a link timer expires
551 **
552 ** Returns          void
553 **
554 *******************************************************************************/
l2c_link_timeout(tL2C_LCB * p_lcb)555 void l2c_link_timeout (tL2C_LCB *p_lcb)
556 {
557     tL2C_CCB   *p_ccb;
558     tBTM_STATUS rc;
559 
560      L2CAP_TRACE_EVENT ("L2CAP - l2c_link_timeout() link state %d first CCB %p is_bonding:%d",
561          p_lcb->link_state, p_lcb->ccb_queue.p_first_ccb, p_lcb->is_bonding);
562 
563     /* If link was connecting or disconnecting, clear all channels and drop the LCB */
564     if ((p_lcb->link_state == LST_CONNECTING_WAIT_SWITCH) ||
565         (p_lcb->link_state == LST_CONNECTING) ||
566         (p_lcb->link_state == LST_CONNECT_HOLDING) ||
567         (p_lcb->link_state == LST_DISCONNECTING))
568     {
569         p_lcb->p_pending_ccb = NULL;
570 
571         /* For all channels, send a disconnect indication event through */
572         /* their FSMs. The CCBs should remove themselves from the LCB   */
573         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; )
574         {
575             tL2C_CCB *pn = p_ccb->p_next_ccb;
576 
577             l2c_csm_execute (p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL);
578 
579             p_ccb = pn;
580         }
581 #if (BLE_INCLUDED == TRUE)
582         if (p_lcb->link_state == LST_CONNECTING &&
583             l2cb.is_ble_connecting == TRUE)
584         {
585             L2CA_CancelBleConnectReq(l2cb.ble_connecting_bda);
586         }
587 #endif
588         /* Release the LCB */
589         l2cu_release_lcb (p_lcb);
590     }
591 
592     /* If link is connected, check for inactivity timeout */
593     if (p_lcb->link_state == LST_CONNECTED)
594     {
595         /* Check for ping outstanding */
596         if (p_lcb->p_echo_rsp_cb)
597         {
598             tL2CA_ECHO_RSP_CB *p_cb = p_lcb->p_echo_rsp_cb;
599 
600             /* Zero out the callback in case app immediately calls us again */
601             p_lcb->p_echo_rsp_cb = NULL;
602 
603             (*p_cb) (L2CAP_PING_RESULT_NO_RESP);
604 
605              L2CAP_TRACE_WARNING ("L2CAP - ping timeout");
606 
607             /* For all channels, send a disconnect indication event through */
608             /* their FSMs. The CCBs should remove themselves from the LCB   */
609             for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; )
610             {
611                 tL2C_CCB *pn = p_ccb->p_next_ccb;
612 
613                 l2c_csm_execute (p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL);
614 
615                 p_ccb = pn;
616             }
617         }
618 
619         /* If no channels in use, drop the link. */
620         if (!p_lcb->ccb_queue.p_first_ccb)
621         {
622             period_ms_t timeout_ms;
623             bool start_timeout = true;
624 
625             rc = btm_sec_disconnect (p_lcb->handle, HCI_ERR_PEER_USER);
626 
627             if (rc == BTM_CMD_STORED)
628             {
629                 /* Security Manager will take care of disconnecting, state will be updated at that time */
630                 start_timeout = false;
631             }
632             else if (rc == BTM_CMD_STARTED)
633             {
634                 p_lcb->link_state = LST_DISCONNECTING;
635                 timeout_ms = L2CAP_LINK_DISCONNECT_TIMEOUT_MS;
636             }
637             else if (rc == BTM_SUCCESS)
638             {
639                 l2cu_process_fixed_disc_cback(p_lcb);
640                 /* BTM SEC will make sure that link is release (probably after pairing is done) */
641                 p_lcb->link_state = LST_DISCONNECTING;
642                 start_timeout = false;
643             }
644             else if (rc == BTM_BUSY)
645             {
646                 /* BTM is still executing security process. Let lcb stay as connected */
647                 start_timeout = false;
648             }
649             else if ((p_lcb->is_bonding)
650                   && (btsnd_hcic_disconnect (p_lcb->handle, HCI_ERR_PEER_USER)))
651             {
652                 l2cu_process_fixed_disc_cback(p_lcb);
653                 p_lcb->link_state = LST_DISCONNECTING;
654                 timeout_ms = L2CAP_LINK_DISCONNECT_TIMEOUT_MS;
655             }
656             else
657             {
658                 /* probably no buffer to send disconnect */
659                 timeout_ms = BT_1SEC_TIMEOUT_MS;
660             }
661 
662             if (start_timeout) {
663                 alarm_set_on_queue(p_lcb->l2c_lcb_timer, timeout_ms,
664                                    l2c_lcb_timer_timeout, p_lcb,
665                                    btu_general_alarm_queue);
666             }
667         }
668         else
669         {
670             /* Check in case we were flow controlled */
671             l2c_link_check_send_pkts (p_lcb, NULL, NULL);
672         }
673     }
674 }
675 
676 /*******************************************************************************
677 **
678 ** Function         l2c_info_resp_timer_timeout
679 **
680 ** Description      This function is called when an info request times out
681 **
682 ** Returns          void
683 **
684 *******************************************************************************/
l2c_info_resp_timer_timeout(void * data)685 void l2c_info_resp_timer_timeout(void *data)
686 {
687     tL2C_LCB *p_lcb = (tL2C_LCB *)data;
688     tL2C_CCB   *p_ccb;
689     tL2C_CONN_INFO  ci;
690 
691     /* If we timed out waiting for info response, just continue using basic if allowed */
692     if (p_lcb->w4_info_rsp)
693     {
694         /* If waiting for security complete, restart the info response timer */
695         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb)
696         {
697             if ( (p_ccb->chnl_state == CST_ORIG_W4_SEC_COMP) || (p_ccb->chnl_state == CST_TERM_W4_SEC_COMP) )
698             {
699                 alarm_set_on_queue(p_lcb->info_resp_timer,
700                                    L2CAP_WAIT_INFO_RSP_TIMEOUT_MS,
701                                    l2c_info_resp_timer_timeout, p_lcb,
702                                    btu_general_alarm_queue);
703                 return;
704             }
705         }
706 
707         p_lcb->w4_info_rsp = FALSE;
708 
709         /* If link is in process of being brought up */
710         if ((p_lcb->link_state != LST_DISCONNECTED) &&
711             (p_lcb->link_state != LST_DISCONNECTING))
712         {
713             /* Notify active channels that peer info is finished */
714             if (p_lcb->ccb_queue.p_first_ccb)
715             {
716                 ci.status = HCI_SUCCESS;
717                 memcpy (ci.bd_addr, p_lcb->remote_bd_addr, sizeof(BD_ADDR));
718 
719                 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb)
720                 {
721                     l2c_csm_execute (p_ccb, L2CEVT_L2CAP_INFO_RSP, &ci);
722                 }
723             }
724         }
725     }
726 }
727 
728 /*******************************************************************************
729 **
730 ** Function         l2c_link_adjust_allocation
731 **
732 ** Description      This function is called when a link is created or removed
733 **                  to calculate the amount of packets each link may send to
734 **                  the HCI without an ack coming back.
735 **
736 **                  Currently, this is a simple allocation, dividing the
737 **                  number of Controller Packets by the number of links. In
738 **                  the future, QOS configuration should be examined.
739 **
740 ** Returns          void
741 **
742 *******************************************************************************/
l2c_link_adjust_allocation(void)743 void l2c_link_adjust_allocation (void)
744 {
745     UINT16      qq, yy, qq_remainder;
746     tL2C_LCB    *p_lcb;
747     UINT16      hi_quota, low_quota;
748     UINT16      num_lowpri_links = 0;
749     UINT16      num_hipri_links  = 0;
750     UINT16      controller_xmit_quota = l2cb.num_lm_acl_bufs;
751     UINT16      high_pri_link_quota = L2CAP_HIGH_PRI_MIN_XMIT_QUOTA_A;
752 
753     /* If no links active, reset buffer quotas and controller buffers */
754     if (l2cb.num_links_active == 0)
755     {
756         l2cb.controller_xmit_window = l2cb.num_lm_acl_bufs;
757         l2cb.round_robin_quota = l2cb.round_robin_unacked = 0;
758         return;
759     }
760 
761     /* First, count the links */
762     for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++)
763     {
764         if (p_lcb->in_use)
765         {
766             if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
767                 num_hipri_links++;
768             else
769                 num_lowpri_links++;
770         }
771     }
772 
773     /* now adjust high priority link quota */
774     low_quota = num_lowpri_links ? 1 : 0;
775     while ( (num_hipri_links * high_pri_link_quota + low_quota) > controller_xmit_quota )
776         high_pri_link_quota--;
777 
778     /* Work out the xmit quota and buffer quota high and low priorities */
779     hi_quota  = num_hipri_links * high_pri_link_quota;
780     low_quota = (hi_quota < controller_xmit_quota) ? controller_xmit_quota - hi_quota : 1;
781 
782     /* Work out and save the HCI xmit quota for each low priority link */
783 
784     /* If each low priority link cannot have at least one buffer */
785     if (num_lowpri_links > low_quota)
786     {
787         l2cb.round_robin_quota = low_quota;
788         qq = qq_remainder = 1;
789     }
790     /* If each low priority link can have at least one buffer */
791     else if (num_lowpri_links > 0)
792     {
793         l2cb.round_robin_quota = 0;
794         l2cb.round_robin_unacked = 0;
795         qq = low_quota / num_lowpri_links;
796         qq_remainder = low_quota % num_lowpri_links;
797     }
798     /* If no low priority link */
799     else
800     {
801         l2cb.round_robin_quota = 0;
802         l2cb.round_robin_unacked = 0;
803         qq = qq_remainder = 1;
804     }
805 
806     L2CAP_TRACE_EVENT ("l2c_link_adjust_allocation  num_hipri: %u  num_lowpri: %u  low_quota: %u  round_robin_quota: %u  qq: %u",
807                         num_hipri_links, num_lowpri_links, low_quota,
808                         l2cb.round_robin_quota, qq);
809 
810     /* Now, assign the quotas to each link */
811     for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++)
812     {
813         if (p_lcb->in_use)
814         {
815             if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
816             {
817                 p_lcb->link_xmit_quota   = high_pri_link_quota;
818             }
819             else
820             {
821                 /* Safety check in case we switched to round-robin with something outstanding */
822                 /* if sent_not_acked is added into round_robin_unacked then don't add it again */
823                 /* l2cap keeps updating sent_not_acked for exiting from round robin */
824                 if (( p_lcb->link_xmit_quota > 0 )&&( qq == 0 ))
825                     l2cb.round_robin_unacked += p_lcb->sent_not_acked;
826 
827                 p_lcb->link_xmit_quota   = qq;
828                 if (qq_remainder > 0)
829                 {
830                     p_lcb->link_xmit_quota++;
831                     qq_remainder--;
832                 }
833             }
834 
835             L2CAP_TRACE_EVENT ("l2c_link_adjust_allocation LCB %d   Priority: %d  XmitQuota: %d",
836                                 yy, p_lcb->acl_priority, p_lcb->link_xmit_quota);
837 
838             L2CAP_TRACE_EVENT ("        SentNotAcked: %d  RRUnacked: %d",
839                                 p_lcb->sent_not_acked, l2cb.round_robin_unacked);
840 
841             /* There is a special case where we have readjusted the link quotas and  */
842             /* this link may have sent anything but some other link sent packets so  */
843             /* so we may need a timer to kick off this link's transmissions.         */
844             if ( (p_lcb->link_state == LST_CONNECTED)
845               && (!list_is_empty(p_lcb->link_xmit_data_q))
846                  && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota) ) {
847                 alarm_set_on_queue(p_lcb->l2c_lcb_timer,
848                                    L2CAP_LINK_FLOW_CONTROL_TIMEOUT_MS,
849                                    l2c_lcb_timer_timeout, p_lcb,
850                                    btu_general_alarm_queue);
851             }
852         }
853     }
854 }
855 
856 /*******************************************************************************
857 **
858 ** Function         l2c_link_adjust_chnl_allocation
859 **
860 ** Description      This function is called to calculate the amount of packets each
861 **                  non-F&EC channel may have outstanding.
862 **
863 **                  Currently, this is a simple allocation, dividing the number
864 **                  of packets allocated to the link by the number of channels. In
865 **                  the future, QOS configuration should be examined.
866 **
867 ** Returns          void
868 **
869 *******************************************************************************/
l2c_link_adjust_chnl_allocation(void)870 void l2c_link_adjust_chnl_allocation (void)
871 {
872     UINT8       xx;
873 
874     L2CAP_TRACE_DEBUG("%s", __func__);
875 
876     /* assign buffer quota to each channel based on its data rate requirement */
877     for (xx = 0; xx < MAX_L2CAP_CHANNELS; xx++)
878     {
879         tL2C_CCB *p_ccb = l2cb.ccb_pool + xx;
880 
881         if (!p_ccb->in_use)
882             continue;
883 
884         tL2CAP_CHNL_DATA_RATE data_rate = p_ccb->tx_data_rate + p_ccb->rx_data_rate;
885         p_ccb->buff_quota = L2CAP_CBB_DEFAULT_DATA_RATE_BUFF_QUOTA * data_rate;
886         L2CAP_TRACE_EVENT("CID:0x%04x FCR Mode:%u Priority:%u TxDataRate:%u RxDataRate:%u Quota:%u",
887                           p_ccb->local_cid, p_ccb->peer_cfg.fcr.mode,
888                           p_ccb->ccb_priority, p_ccb->tx_data_rate,
889                           p_ccb->rx_data_rate, p_ccb->buff_quota);
890 
891         /* quota may be change so check congestion */
892         l2cu_check_channel_congestion(p_ccb);
893     }
894 }
895 
896 /*******************************************************************************
897 **
898 ** Function         l2c_link_processs_num_bufs
899 **
900 ** Description      This function is called when a "controller buffer size"
901 **                  event is first received from the controller. It updates
902 **                  the L2CAP values.
903 **
904 ** Returns          void
905 **
906 *******************************************************************************/
l2c_link_processs_num_bufs(UINT16 num_lm_acl_bufs)907 void l2c_link_processs_num_bufs (UINT16 num_lm_acl_bufs)
908 {
909     l2cb.num_lm_acl_bufs = l2cb.controller_xmit_window = num_lm_acl_bufs;
910 
911 }
912 
913 /*******************************************************************************
914 **
915 ** Function         l2c_link_pkts_rcvd
916 **
917 ** Description      This function is called from the HCI transport when it is time
918 **                  tto send a "Host ready for packets" command. This is only when
919 **                  host to controller flow control is used. If fills in the arrays
920 **                  of numbers of packets and handles.
921 **
922 ** Returns          count of number of entries filled in
923 **
924 *******************************************************************************/
l2c_link_pkts_rcvd(UINT16 * num_pkts,UINT16 * handles)925 UINT8 l2c_link_pkts_rcvd (UINT16 *num_pkts, UINT16 *handles)
926 {
927     UINT8       num_found = 0;
928 
929     UNUSED(num_pkts);
930     UNUSED(handles);
931 
932     return (num_found);
933 }
934 
935 /*******************************************************************************
936 **
937 ** Function         l2c_link_role_changed
938 **
939 ** Description      This function is called whan a link's master/slave role change
940 **                  event is received. It simply updates the link control block.
941 **
942 ** Returns          void
943 **
944 *******************************************************************************/
l2c_link_role_changed(BD_ADDR bd_addr,UINT8 new_role,UINT8 hci_status)945 void l2c_link_role_changed (BD_ADDR bd_addr, UINT8 new_role, UINT8 hci_status)
946 {
947     tL2C_LCB *p_lcb;
948     int      xx;
949 
950     /* Make sure not called from HCI Command Status (bd_addr and new_role are invalid) */
951     if (bd_addr)
952     {
953         /* If here came form hci role change event */
954         p_lcb = l2cu_find_lcb_by_bd_addr (bd_addr, BT_TRANSPORT_BR_EDR);
955         if (p_lcb)
956         {
957             p_lcb->link_role = new_role;
958 
959             /* Reset high priority link if needed */
960             if (hci_status == HCI_SUCCESS)
961                 l2cu_set_acl_priority(bd_addr, p_lcb->acl_priority, TRUE);
962         }
963     }
964 
965     /* Check if any LCB was waiting for switch to be completed */
966     for (xx = 0, p_lcb = &l2cb.lcb_pool[0]; xx < MAX_L2CAP_LINKS; xx++, p_lcb++)
967     {
968         if ((p_lcb->in_use) && (p_lcb->link_state == LST_CONNECTING_WAIT_SWITCH))
969         {
970             l2cu_create_conn_after_switch (p_lcb);
971         }
972     }
973 }
974 
975 /*******************************************************************************
976 **
977 ** Function         l2c_pin_code_request
978 **
979 ** Description      This function is called whan a pin-code request is received
980 **                  on a connection. If there are no channels active yet on the
981 **                  link, it extends the link first connection timer.  Make sure
982 **                  that inactivity timer is not extended if PIN code happens
983 **                  to be after last ccb released.
984 **
985 ** Returns          void
986 **
987 *******************************************************************************/
l2c_pin_code_request(BD_ADDR bd_addr)988 void l2c_pin_code_request (BD_ADDR bd_addr)
989 {
990     tL2C_LCB *p_lcb = l2cu_find_lcb_by_bd_addr (bd_addr, BT_TRANSPORT_BR_EDR);
991 
992     if ( (p_lcb) && (!p_lcb->ccb_queue.p_first_ccb) )
993     {
994         alarm_set_on_queue(p_lcb->l2c_lcb_timer,
995                            L2CAP_LINK_CONNECT_EXT_TIMEOUT_MS,
996                            l2c_lcb_timer_timeout, p_lcb,
997                            btu_general_alarm_queue);
998     }
999 }
1000 
1001 #if L2CAP_WAKE_PARKED_LINK == TRUE
1002 /*******************************************************************************
1003 **
1004 ** Function         l2c_link_check_power_mode
1005 **
1006 ** Description      This function is called to check power mode.
1007 **
1008 ** Returns          TRUE if link is going to be active from park
1009 **                  FALSE if nothing to send or not in park mode
1010 **
1011 *******************************************************************************/
l2c_link_check_power_mode(tL2C_LCB * p_lcb)1012 BOOLEAN l2c_link_check_power_mode (tL2C_LCB *p_lcb)
1013 {
1014     tBTM_PM_MODE     mode;
1015     tL2C_CCB    *p_ccb;
1016     BOOLEAN need_to_active = FALSE;
1017 
1018     /*
1019      * We only switch park to active only if we have unsent packets
1020      */
1021     if (list_is_empty(p_lcb->link_xmit_data_q))
1022     {
1023         for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb)
1024         {
1025             if (!fixed_queue_is_empty(p_ccb->xmit_hold_q))
1026             {
1027                 need_to_active = TRUE;
1028                 break;
1029             }
1030         }
1031     }
1032     else
1033         need_to_active = TRUE;
1034 
1035     /* if we have packets to send */
1036     if ( need_to_active )
1037     {
1038         /* check power mode */
1039         if (BTM_ReadPowerMode(p_lcb->remote_bd_addr, &mode) == BTM_SUCCESS)
1040         {
1041             if ( mode == BTM_PM_STS_PENDING )
1042             {
1043                 L2CAP_TRACE_DEBUG ("LCB(0x%x) is in PM pending state", p_lcb->handle);
1044 
1045                 return TRUE;
1046             }
1047         }
1048     }
1049     return FALSE;
1050 }
1051 #endif /* L2CAP_WAKE_PARKED_LINK == TRUE) */
1052 
1053 /*******************************************************************************
1054 **
1055 ** Function         l2c_link_check_send_pkts
1056 **
1057 ** Description      This function is called to check if it can send packets
1058 **                  to the Host Controller. It may be passed the address of
1059 **                  a packet to send.
1060 **
1061 ** Returns          void
1062 **
1063 *******************************************************************************/
l2c_link_check_send_pkts(tL2C_LCB * p_lcb,tL2C_CCB * p_ccb,BT_HDR * p_buf)1064 void l2c_link_check_send_pkts (tL2C_LCB *p_lcb, tL2C_CCB *p_ccb, BT_HDR *p_buf)
1065 {
1066     int         xx;
1067     BOOLEAN     single_write = FALSE;
1068 
1069     /* Save the channel ID for faster counting */
1070     if (p_buf)
1071     {
1072         if (p_ccb != NULL)
1073         {
1074             p_buf->event = p_ccb->local_cid;
1075             single_write = TRUE;
1076         }
1077         else
1078             p_buf->event = 0;
1079 
1080         p_buf->layer_specific = 0;
1081         list_append(p_lcb->link_xmit_data_q, p_buf);
1082 
1083         if (p_lcb->link_xmit_quota == 0)
1084         {
1085 #if BLE_INCLUDED == TRUE
1086             if (p_lcb->transport == BT_TRANSPORT_LE)
1087                 l2cb.ble_check_round_robin = TRUE;
1088             else
1089 #endif
1090                 l2cb.check_round_robin = TRUE;
1091         }
1092     }
1093 
1094     /* If this is called from uncongested callback context break recursive calling.
1095     ** This LCB will be served when receiving number of completed packet event.
1096     */
1097     if (l2cb.is_cong_cback_context)
1098         return;
1099 
1100     /* If we are in a scenario where there are not enough buffers for each link to
1101     ** have at least 1, then do a round-robin for all the LCBs
1102     */
1103     if ( (p_lcb == NULL) || (p_lcb->link_xmit_quota == 0) )
1104     {
1105         if (p_lcb == NULL)
1106             p_lcb = l2cb.lcb_pool;
1107         else if (!single_write)
1108             p_lcb++;
1109 
1110         /* Loop through, starting at the next */
1111         for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++)
1112         {
1113             /* If controller window is full, nothing to do */
1114             if (((l2cb.controller_xmit_window == 0 ||
1115                   (l2cb.round_robin_unacked >= l2cb.round_robin_quota))
1116 #if (BLE_INCLUDED == TRUE)
1117                 && (p_lcb->transport == BT_TRANSPORT_BR_EDR)
1118                 )
1119               || (p_lcb->transport == BT_TRANSPORT_LE &&
1120                  (l2cb.ble_round_robin_unacked >= l2cb.ble_round_robin_quota ||
1121                   l2cb.controller_le_xmit_window == 0 )))
1122 #else
1123                 ))
1124 #endif
1125             break;
1126 
1127 
1128             /* Check for wraparound */
1129             if (p_lcb == &l2cb.lcb_pool[MAX_L2CAP_LINKS])
1130                 p_lcb = &l2cb.lcb_pool[0];
1131 
1132             if ( (!p_lcb->in_use)
1133                || (p_lcb->partial_segment_being_sent)
1134                || (p_lcb->link_state != LST_CONNECTED)
1135                || (p_lcb->link_xmit_quota != 0)
1136                || (L2C_LINK_CHECK_POWER_MODE (p_lcb)) )
1137                 continue;
1138 
1139             /* See if we can send anything from the Link Queue */
1140             if (!list_is_empty(p_lcb->link_xmit_data_q)) {
1141                 p_buf = (BT_HDR *)list_front(p_lcb->link_xmit_data_q);
1142                 list_remove(p_lcb->link_xmit_data_q, p_buf);
1143                 l2c_link_send_to_lower (p_lcb, p_buf);
1144             }
1145             else if (single_write)
1146             {
1147                 /* If only doing one write, break out */
1148                 break;
1149             }
1150             /* If nothing on the link queue, check the channel queue */
1151             else if ((p_buf = l2cu_get_next_buffer_to_send (p_lcb)) != NULL)
1152             {
1153                 l2c_link_send_to_lower (p_lcb, p_buf);
1154             }
1155         }
1156 
1157         /* If we finished without using up our quota, no need for a safety check */
1158         if ( (l2cb.controller_xmit_window > 0)
1159           && (l2cb.round_robin_unacked < l2cb.round_robin_quota)
1160 #if (BLE_INCLUDED == TRUE)
1161           && (p_lcb->transport == BT_TRANSPORT_BR_EDR)
1162 #endif
1163           )
1164             l2cb.check_round_robin = FALSE;
1165 
1166 #if (BLE_INCLUDED == TRUE)
1167         if ( (l2cb.controller_le_xmit_window > 0)
1168           && (l2cb.ble_round_robin_unacked < l2cb.ble_round_robin_quota)
1169           && (p_lcb->transport == BT_TRANSPORT_LE))
1170             l2cb.ble_check_round_robin = FALSE;
1171 #endif
1172     }
1173     else /* if this is not round-robin service */
1174     {
1175         /* If a partial segment is being sent, can't send anything else */
1176         if ( (p_lcb->partial_segment_being_sent)
1177           || (p_lcb->link_state != LST_CONNECTED)
1178           || (L2C_LINK_CHECK_POWER_MODE (p_lcb)) )
1179             return;
1180 
1181         /* See if we can send anything from the link queue */
1182 #if (BLE_INCLUDED == TRUE)
1183         while ( ((l2cb.controller_xmit_window != 0 && (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1184                  (l2cb.controller_le_xmit_window != 0 && (p_lcb->transport == BT_TRANSPORT_LE)))
1185              && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota))
1186 #else
1187         while ( (l2cb.controller_xmit_window != 0)
1188              && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota))
1189 #endif
1190         {
1191             if (list_is_empty(p_lcb->link_xmit_data_q))
1192                 break;
1193 
1194             p_buf = (BT_HDR *)list_front(p_lcb->link_xmit_data_q);
1195             list_remove(p_lcb->link_xmit_data_q, p_buf);
1196             if (!l2c_link_send_to_lower (p_lcb, p_buf))
1197                 break;
1198         }
1199 
1200         if (!single_write)
1201         {
1202             /* See if we can send anything for any channel */
1203 #if (BLE_INCLUDED == TRUE)
1204             while ( ((l2cb.controller_xmit_window != 0 && (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1205                     (l2cb.controller_le_xmit_window != 0 && (p_lcb->transport == BT_TRANSPORT_LE)))
1206                     && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota))
1207 #else
1208             while ((l2cb.controller_xmit_window != 0) && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota))
1209 #endif
1210             {
1211                 if ((p_buf = l2cu_get_next_buffer_to_send (p_lcb)) == NULL)
1212                     break;
1213 
1214                 if (!l2c_link_send_to_lower (p_lcb, p_buf))
1215                     break;
1216             }
1217         }
1218 
1219         /* There is a special case where we have readjusted the link quotas and  */
1220         /* this link may have sent anything but some other link sent packets so  */
1221         /* so we may need a timer to kick off this link's transmissions.         */
1222         if ( (!list_is_empty(p_lcb->link_xmit_data_q)) && (p_lcb->sent_not_acked < p_lcb->link_xmit_quota) ) {
1223             alarm_set_on_queue(p_lcb->l2c_lcb_timer,
1224                                L2CAP_LINK_FLOW_CONTROL_TIMEOUT_MS,
1225                                l2c_lcb_timer_timeout, p_lcb,
1226                                btu_general_alarm_queue);
1227         }
1228     }
1229 }
1230 
1231 /*******************************************************************************
1232 **
1233 ** Function         l2c_link_send_to_lower
1234 **
1235 ** Description      This function queues the buffer for HCI transmission
1236 **
1237 ** Returns          TRUE for success, FALSE for fail
1238 **
1239 *******************************************************************************/
l2c_link_send_to_lower(tL2C_LCB * p_lcb,BT_HDR * p_buf)1240 static BOOLEAN l2c_link_send_to_lower (tL2C_LCB *p_lcb, BT_HDR *p_buf)
1241 {
1242     UINT16      num_segs;
1243     UINT16      xmit_window, acl_data_size;
1244     const controller_t *controller = controller_get_interface();
1245 
1246     if ((p_buf->len <= controller->get_acl_packet_size_classic()
1247 #if (BLE_INCLUDED == TRUE)
1248         && (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1249         ((p_lcb->transport == BT_TRANSPORT_LE) && (p_buf->len <= controller->get_acl_packet_size_ble()))
1250 #else
1251         )
1252 #endif
1253         )
1254     {
1255         if (p_lcb->link_xmit_quota == 0)
1256         {
1257 #if (BLE_INCLUDED == TRUE)
1258             if (p_lcb->transport == BT_TRANSPORT_LE)
1259                 l2cb.ble_round_robin_unacked++;
1260             else
1261 #endif
1262                 l2cb.round_robin_unacked++;
1263         }
1264         p_lcb->sent_not_acked++;
1265         p_buf->layer_specific = 0;
1266 
1267 #if (BLE_INCLUDED == TRUE)
1268         if (p_lcb->transport == BT_TRANSPORT_LE)
1269         {
1270             l2cb.controller_le_xmit_window--;
1271             bte_main_hci_send(p_buf, (UINT16)(BT_EVT_TO_LM_HCI_ACL|LOCAL_BLE_CONTROLLER_ID));
1272         }
1273         else
1274 #endif
1275         {
1276             l2cb.controller_xmit_window--;
1277             bte_main_hci_send(p_buf, BT_EVT_TO_LM_HCI_ACL);
1278         }
1279     }
1280     else
1281     {
1282 #if BLE_INCLUDED == TRUE
1283         if (p_lcb->transport == BT_TRANSPORT_LE)
1284         {
1285             acl_data_size = controller->get_acl_data_size_ble();
1286             xmit_window = l2cb.controller_le_xmit_window;
1287 
1288         }
1289         else
1290 #endif
1291         {
1292             acl_data_size = controller->get_acl_data_size_classic();
1293             xmit_window = l2cb.controller_xmit_window;
1294         }
1295         num_segs = (p_buf->len - HCI_DATA_PREAMBLE_SIZE + acl_data_size - 1) / acl_data_size;
1296 
1297 
1298         /* If doing round-robin, then only 1 segment each time */
1299         if (p_lcb->link_xmit_quota == 0)
1300         {
1301             num_segs = 1;
1302             p_lcb->partial_segment_being_sent = TRUE;
1303         }
1304         else
1305         {
1306             /* Multi-segment packet. Make sure it can fit */
1307             if (num_segs > xmit_window)
1308             {
1309                 num_segs = xmit_window;
1310                 p_lcb->partial_segment_being_sent = TRUE;
1311             }
1312 
1313             if (num_segs > (p_lcb->link_xmit_quota - p_lcb->sent_not_acked))
1314             {
1315                 num_segs = (p_lcb->link_xmit_quota - p_lcb->sent_not_acked);
1316                 p_lcb->partial_segment_being_sent = TRUE;
1317             }
1318         }
1319 
1320         p_buf->layer_specific        = num_segs;
1321 #if BLE_INCLUDED == TRUE
1322         if (p_lcb->transport == BT_TRANSPORT_LE)
1323         {
1324             l2cb.controller_le_xmit_window -= num_segs;
1325             if (p_lcb->link_xmit_quota == 0)
1326                 l2cb.ble_round_robin_unacked += num_segs;
1327         }
1328         else
1329 #endif
1330         {
1331             l2cb.controller_xmit_window -= num_segs;
1332 
1333             if (p_lcb->link_xmit_quota == 0)
1334                 l2cb.round_robin_unacked += num_segs;
1335         }
1336 
1337         p_lcb->sent_not_acked += num_segs;
1338 #if BLE_INCLUDED == TRUE
1339         if (p_lcb->transport == BT_TRANSPORT_LE)
1340         {
1341             bte_main_hci_send(p_buf, (UINT16)(BT_EVT_TO_LM_HCI_ACL|LOCAL_BLE_CONTROLLER_ID));
1342         }
1343         else
1344 #endif
1345         {
1346             bte_main_hci_send(p_buf, BT_EVT_TO_LM_HCI_ACL);
1347         }
1348     }
1349 
1350 #if (L2CAP_HCI_FLOW_CONTROL_DEBUG == TRUE)
1351 #if (BLE_INCLUDED == TRUE)
1352     if (p_lcb->transport == BT_TRANSPORT_LE)
1353     {
1354         L2CAP_TRACE_DEBUG ("TotalWin=%d,Hndl=0x%x,Quota=%d,Unack=%d,RRQuota=%d,RRUnack=%d",
1355                 l2cb.controller_le_xmit_window,
1356                 p_lcb->handle,
1357                 p_lcb->link_xmit_quota, p_lcb->sent_not_acked,
1358                 l2cb.ble_round_robin_quota, l2cb.ble_round_robin_unacked);
1359     }
1360     else
1361 #endif
1362     {
1363         L2CAP_TRACE_DEBUG ("TotalWin=%d,Hndl=0x%x,Quota=%d,Unack=%d,RRQuota=%d,RRUnack=%d",
1364                 l2cb.controller_xmit_window,
1365                 p_lcb->handle,
1366                 p_lcb->link_xmit_quota, p_lcb->sent_not_acked,
1367                 l2cb.round_robin_quota, l2cb.round_robin_unacked);
1368     }
1369 #endif
1370 
1371     return TRUE;
1372 }
1373 
1374 /*******************************************************************************
1375 **
1376 ** Function         l2c_link_process_num_completed_pkts
1377 **
1378 ** Description      This function is called when a "number-of-completed-packets"
1379 **                  event is received from the controller. It updates all the
1380 **                  LCB transmit counts.
1381 **
1382 ** Returns          void
1383 **
1384 *******************************************************************************/
l2c_link_process_num_completed_pkts(UINT8 * p)1385 void l2c_link_process_num_completed_pkts (UINT8 *p)
1386 {
1387     UINT8       num_handles, xx;
1388     UINT16      handle;
1389     UINT16      num_sent;
1390     tL2C_LCB    *p_lcb;
1391 
1392     STREAM_TO_UINT8 (num_handles, p);
1393 
1394     for (xx = 0; xx < num_handles; xx++)
1395     {
1396         STREAM_TO_UINT16 (handle, p);
1397         STREAM_TO_UINT16 (num_sent, p);
1398 
1399         p_lcb = l2cu_find_lcb_by_handle (handle);
1400 
1401         /* Callback for number of completed packet event    */
1402         /* Originally designed for [3DSG]                   */
1403         if((p_lcb != NULL) && (p_lcb->p_nocp_cb))
1404         {
1405             L2CAP_TRACE_DEBUG ("L2CAP - calling NoCP callback");
1406             (*p_lcb->p_nocp_cb)(p_lcb->remote_bd_addr);
1407         }
1408 
1409         if (p_lcb)
1410         {
1411 #if (BLE_INCLUDED == TRUE)
1412         if (p_lcb && (p_lcb->transport == BT_TRANSPORT_LE))
1413             l2cb.controller_le_xmit_window += num_sent;
1414         else
1415 #endif
1416             {
1417                 /* Maintain the total window to the controller */
1418                 l2cb.controller_xmit_window += num_sent;
1419             }
1420             /* If doing round-robin, adjust communal counts */
1421             if (p_lcb->link_xmit_quota == 0)
1422             {
1423 #if BLE_INCLUDED == TRUE
1424                 if (p_lcb->transport == BT_TRANSPORT_LE)
1425                 {
1426                    /* Don't go negative */
1427                     if (l2cb.ble_round_robin_unacked > num_sent)
1428                         l2cb.ble_round_robin_unacked -= num_sent;
1429                     else
1430                         l2cb.ble_round_robin_unacked = 0;
1431                 }
1432                 else
1433 #endif
1434                 {
1435                     /* Don't go negative */
1436                     if (l2cb.round_robin_unacked > num_sent)
1437                         l2cb.round_robin_unacked -= num_sent;
1438                     else
1439                         l2cb.round_robin_unacked = 0;
1440                 }
1441             }
1442 
1443             /* Don't go negative */
1444             if (p_lcb->sent_not_acked > num_sent)
1445                 p_lcb->sent_not_acked -= num_sent;
1446             else
1447                 p_lcb->sent_not_acked = 0;
1448 
1449             l2c_link_check_send_pkts (p_lcb, NULL, NULL);
1450 
1451             /* If we were doing round-robin for low priority links, check 'em */
1452             if ( (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
1453               && (l2cb.check_round_robin)
1454               && (l2cb.round_robin_unacked < l2cb.round_robin_quota) )
1455             {
1456               l2c_link_check_send_pkts (NULL, NULL, NULL);
1457             }
1458 #if BLE_INCLUDED == TRUE
1459             if ((p_lcb->transport == BT_TRANSPORT_LE)
1460                 && (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
1461                 && ((l2cb.ble_check_round_robin)
1462                 && (l2cb.ble_round_robin_unacked < l2cb.ble_round_robin_quota)))
1463             {
1464               l2c_link_check_send_pkts (NULL, NULL, NULL);
1465             }
1466 #endif
1467         }
1468 
1469 #if (L2CAP_HCI_FLOW_CONTROL_DEBUG == TRUE)
1470         if (p_lcb)
1471         {
1472 #if (BLE_INCLUDED == TRUE)
1473             if (p_lcb->transport == BT_TRANSPORT_LE)
1474             {
1475                 L2CAP_TRACE_DEBUG ("TotalWin=%d,LinkUnack(0x%x)=%d,RRCheck=%d,RRUnack=%d",
1476                     l2cb.controller_le_xmit_window,
1477                     p_lcb->handle, p_lcb->sent_not_acked,
1478                     l2cb.ble_check_round_robin, l2cb.ble_round_robin_unacked);
1479             }
1480             else
1481 #endif
1482             {
1483                 L2CAP_TRACE_DEBUG ("TotalWin=%d,LinkUnack(0x%x)=%d,RRCheck=%d,RRUnack=%d",
1484                     l2cb.controller_xmit_window,
1485                     p_lcb->handle, p_lcb->sent_not_acked,
1486                     l2cb.check_round_robin, l2cb.round_robin_unacked);
1487 
1488             }
1489         }
1490         else
1491         {
1492 #if (BLE_INCLUDED == TRUE)
1493             L2CAP_TRACE_DEBUG ("TotalWin=%d  LE_Win: %d, Handle=0x%x, RRCheck=%d, RRUnack=%d",
1494                 l2cb.controller_xmit_window,
1495                 l2cb.controller_le_xmit_window,
1496                 handle,
1497                 l2cb.ble_check_round_robin, l2cb.ble_round_robin_unacked);
1498 #else
1499             L2CAP_TRACE_DEBUG ("TotalWin=%d  Handle=0x%x  RRCheck=%d  RRUnack=%d",
1500                 l2cb.controller_xmit_window,
1501                 handle,
1502                 l2cb.check_round_robin, l2cb.round_robin_unacked);
1503 #endif
1504         }
1505 #endif
1506     }
1507 
1508 #if (defined(HCILP_INCLUDED) && HCILP_INCLUDED == TRUE)
1509     /* only full stack can enable sleep mode */
1510     btu_check_bt_sleep ();
1511 #endif
1512 }
1513 
1514 /*******************************************************************************
1515 **
1516 ** Function         l2c_link_segments_xmitted
1517 **
1518 ** Description      This function is called from the HCI Interface when an ACL
1519 **                  data packet segment is transmitted.
1520 **
1521 ** Returns          void
1522 **
1523 *******************************************************************************/
l2c_link_segments_xmitted(BT_HDR * p_msg)1524 void l2c_link_segments_xmitted (BT_HDR *p_msg)
1525 {
1526     UINT8       *p = (UINT8 *)(p_msg + 1) + p_msg->offset;
1527     UINT16      handle;
1528     tL2C_LCB    *p_lcb;
1529 
1530     /* Extract the handle */
1531     STREAM_TO_UINT16 (handle, p);
1532     handle   = HCID_GET_HANDLE (handle);
1533 
1534     /* Find the LCB based on the handle */
1535     if ((p_lcb = l2cu_find_lcb_by_handle (handle)) == NULL)
1536     {
1537         L2CAP_TRACE_WARNING ("L2CAP - rcvd segment complete, unknown handle: %d", handle);
1538         osi_free(p_msg);
1539         return;
1540     }
1541 
1542     if (p_lcb->link_state == LST_CONNECTED)
1543     {
1544         /* Enqueue the buffer to the head of the transmit queue, and see */
1545         /* if we can transmit anything more.                             */
1546         list_prepend(p_lcb->link_xmit_data_q, p_msg);
1547 
1548         p_lcb->partial_segment_being_sent = FALSE;
1549 
1550         l2c_link_check_send_pkts (p_lcb, NULL, NULL);
1551     }
1552     else
1553         osi_free(p_msg);
1554 }
1555