Home | History | Annotate | Download | only in src
      1 /******************************************************************************
      2  *
      3  *  Copyright (C) 2009-2012 Broadcom Corporation
      4  *
      5  *  Licensed under the Apache License, Version 2.0 (the "License");
      6  *  you may not use this file except in compliance with the License.
      7  *  You may obtain a copy of the License at:
      8  *
      9  *  http://www.apache.org/licenses/LICENSE-2.0
     10  *
     11  *  Unless required by applicable law or agreed to in writing, software
     12  *  distributed under the License is distributed on an "AS IS" BASIS,
     13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14  *  See the License for the specific language governing permissions and
     15  *  limitations under the License.
     16  *
     17  ******************************************************************************/
     18 
     19 /******************************************************************************
     20  *
     21  *  Filename:      hci_h4.c
     22  *
     23  *  Description:   Contains HCI transport send/receive functions
     24  *
     25  ******************************************************************************/
     26 
     27 #define LOG_TAG "bt_h4"
     28 
     29 #include <utils/Log.h>
     30 #include <stdlib.h>
     31 #include <fcntl.h>
     32 
     33 #include "bt_hci_bdroid.h"
     34 #include "btsnoop.h"
     35 #include "hci.h"
     36 #include "userial.h"
     37 #include "utils.h"
     38 
     39 /******************************************************************************
     40 **  Constants & Macros
     41 ******************************************************************************/
     42 
     43 #ifndef HCI_DBG
     44 #define HCI_DBG FALSE
     45 #endif
     46 
     47 #if (HCI_DBG == TRUE)
     48 #define HCIDBG(param, ...) {LOGD(param, ## __VA_ARGS__);}
     49 #else
     50 #define HCIDBG(param, ...) {}
     51 #endif
     52 
     53 /* Preamble length for HCI Commands:
     54 **      2-bytes for opcode and 1 byte for length
     55 */
     56 #define HCI_CMD_PREAMBLE_SIZE   3
     57 
     58 /* Preamble length for HCI Events:
     59 **      1-byte for opcode and 1 byte for length
     60 */
     61 #define HCI_EVT_PREAMBLE_SIZE   2
     62 
     63 /* Preamble length for SCO Data:
     64 **      2-byte for Handle and 1 byte for length
     65 */
     66 #define HCI_SCO_PREAMBLE_SIZE   3
     67 
     68 /* Preamble length for ACL Data:
     69 **      2-byte for Handle and 2 byte for length
     70 */
     71 #define HCI_ACL_PREAMBLE_SIZE   4
     72 
     73 /* Table of HCI preamble sizes for the different HCI message types */
     74 static const uint8_t hci_preamble_table[] =
     75 {
     76     HCI_CMD_PREAMBLE_SIZE,
     77     HCI_ACL_PREAMBLE_SIZE,
     78     HCI_SCO_PREAMBLE_SIZE,
     79     HCI_EVT_PREAMBLE_SIZE
     80 };
     81 
     82 /* HCI H4 message type definitions */
     83 #define H4_TYPE_COMMAND         1
     84 #define H4_TYPE_ACL_DATA        2
     85 #define H4_TYPE_SCO_DATA        3
     86 #define H4_TYPE_EVENT           4
     87 
     88 static const uint16_t msg_evt_table[] =
     89 {
     90     MSG_HC_TO_STACK_HCI_ERR,       /* H4_TYPE_COMMAND */
     91     MSG_HC_TO_STACK_HCI_ACL,       /* H4_TYPE_ACL_DATA */
     92     MSG_HC_TO_STACK_HCI_SCO,       /* H4_TYPE_SCO_DATA */
     93     MSG_HC_TO_STACK_HCI_EVT        /* H4_TYPE_EVENT */
     94 };
     95 
     96 #define ACL_RX_PKT_START        2
     97 #define ACL_RX_PKT_CONTINUE     1
     98 #define L2CAP_HEADER_SIZE       4
     99 
    100 /* Maximum numbers of allowed internal
    101 ** outstanding command packets at any time
    102 */
    103 #define INT_CMD_PKT_MAX_COUNT       8
    104 #define INT_CMD_PKT_IDX_MASK        0x07
    105 
    106 #define HCI_COMMAND_COMPLETE_EVT    0x0E
    107 #define HCI_COMMAND_STATUS_EVT      0x0F
    108 #define HCI_READ_BUFFER_SIZE        0x1005
    109 #define HCI_LE_READ_BUFFER_SIZE     0x2002
    110 
    111 /******************************************************************************
    112 **  Local type definitions
    113 ******************************************************************************/
    114 
    115 /* H4 Rx States */
    116 typedef enum {
    117     H4_RX_MSGTYPE_ST,
    118     H4_RX_LEN_ST,
    119     H4_RX_DATA_ST,
    120     H4_RX_IGNORE_ST
    121 } tHCI_H4_RCV_STATE;
    122 
    123 /* Callback function for the returned event of internal issued command */
    124 typedef void (*tINT_CMD_CBACK)(void *p_mem);
    125 
    126 typedef struct
    127 {
    128     uint16_t opcode;        /* OPCODE of outstanding internal commands */
    129     tINT_CMD_CBACK cback;   /* Callback function when return of internal
    130                              * command is received */
    131 } tINT_CMD_Q;
    132 
    133 /* Control block for HCISU_H4 */
    134 typedef struct
    135 {
    136     HC_BT_HDR *p_rcv_msg;          /* Buffer to hold current rx HCI message */
    137     uint16_t rcv_len;               /* Size of current incoming message */
    138     uint8_t rcv_msg_type;           /* Current incoming message type */
    139     tHCI_H4_RCV_STATE rcv_state;    /* Receive state of current rx message */
    140     uint16_t hc_acl_data_size;      /* Controller's max ACL data length */
    141     uint16_t hc_ble_acl_data_size;  /* Controller's max BLE ACL data length */
    142     BUFFER_Q acl_rx_q;      /* Queue of base buffers for fragmented ACL pkts */
    143     uint8_t preload_count;          /* Count numbers of preload bytes */
    144     uint8_t preload_buffer[6];      /* HCI_ACL_PREAMBLE_SIZE + 2 */
    145     int int_cmd_rsp_pending;        /* Num of internal cmds pending for ack */
    146     uint8_t int_cmd_rd_idx;         /* Read index of int_cmd_opcode queue */
    147     uint8_t int_cmd_wrt_idx;        /* Write index of int_cmd_opcode queue */
    148     tINT_CMD_Q int_cmd[INT_CMD_PKT_MAX_COUNT]; /* FIFO queue */
    149 } tHCI_H4_CB;
    150 
    151 /******************************************************************************
    152 **  Externs
    153 ******************************************************************************/
    154 
    155 uint8_t hci_h4_send_int_cmd(uint16_t opcode, HC_BT_HDR *p_buf, \
    156                                   tINT_CMD_CBACK p_cback);
    157 void lpm_wake_assert(void);
    158 void lpm_tx_done(uint8_t is_tx_done);
    159 
    160 /******************************************************************************
    161 **  Variables
    162 ******************************************************************************/
    163 
    164 /* Num of allowed outstanding HCI CMD packets */
    165 volatile int num_hci_cmd_pkts = 1;
    166 
    167 /******************************************************************************
    168 **  Static variables
    169 ******************************************************************************/
    170 
    171 static tHCI_H4_CB       h4_cb;
    172 
    173 /******************************************************************************
    174 **  Static functions
    175 ******************************************************************************/
    176 
    177 /*******************************************************************************
    178 **
    179 ** Function         get_acl_data_length_cback
    180 **
    181 ** Description      Callback function for HCI_READ_BUFFER_SIZE and
    182 **                  HCI_LE_READ_BUFFER_SIZE commands if they were sent because
    183 **                  of internal request.
    184 **
    185 ** Returns          None
    186 **
    187 *******************************************************************************/
    188 void get_acl_data_length_cback(void *p_mem)
    189 {
    190     uint8_t     *p, status;
    191     uint16_t    opcode, len=0;
    192     HC_BT_HDR   *p_buf = (HC_BT_HDR *) p_mem;
    193 
    194     p = (uint8_t *)(p_buf + 1) + 3;
    195     STREAM_TO_UINT16(opcode, p)
    196     status = *p++;
    197     if (status == 0) /* Success */
    198         STREAM_TO_UINT16(len, p)
    199 
    200     if (opcode == HCI_READ_BUFFER_SIZE)
    201     {
    202         if (status == 0)
    203             h4_cb.hc_acl_data_size = len;
    204 
    205         /* reuse the rx buffer for sending HCI_LE_READ_BUFFER_SIZE command */
    206         p_buf->event = MSG_STACK_TO_HC_HCI_CMD;
    207         p_buf->offset = 0;
    208         p_buf->layer_specific = 0;
    209         p_buf->len = 3;
    210 
    211         p = (uint8_t *) (p_buf + 1);
    212         UINT16_TO_STREAM(p, HCI_LE_READ_BUFFER_SIZE);
    213         *p = 0;
    214 
    215         if ((status = hci_h4_send_int_cmd(HCI_LE_READ_BUFFER_SIZE, p_buf, \
    216                                            get_acl_data_length_cback)) == FALSE)
    217         {
    218             bt_hc_cbacks->dealloc(p_buf);
    219             bt_hc_cbacks->postload_cb(NULL, BT_HC_POSTLOAD_SUCCESS);
    220         }
    221     }
    222     else if (opcode == HCI_LE_READ_BUFFER_SIZE)
    223     {
    224         if (status == 0)
    225             h4_cb.hc_ble_acl_data_size = (len) ? len : h4_cb.hc_acl_data_size;
    226 
    227         if (bt_hc_cbacks)
    228         {
    229             bt_hc_cbacks->dealloc(p_buf);
    230             ALOGE("vendor lib postload completed");
    231             bt_hc_cbacks->postload_cb(NULL, BT_HC_POSTLOAD_SUCCESS);
    232         }
    233     }
    234 }
    235 
    236 
    237 /*******************************************************************************
    238 **
    239 ** Function         internal_event_intercept
    240 **
    241 ** Description      This function is called to parse received HCI event and
    242 **                  - update the Num_HCI_Command_Packets
    243 **                  - intercept the event if it is the result of an early
    244 **                    issued internal command.
    245 **
    246 ** Returns          TRUE : if the event had been intercepted for internal process
    247 **                  FALSE : send this event to core stack
    248 **
    249 *******************************************************************************/
    250 uint8_t internal_event_intercept(void)
    251 {
    252     uint8_t     *p;
    253     uint8_t     event_code;
    254     uint16_t    opcode, len;
    255     tHCI_H4_CB  *p_cb = &h4_cb;
    256 
    257     p = (uint8_t *)(p_cb->p_rcv_msg + 1);
    258 
    259     event_code = *p++;
    260     len = *p++;
    261 
    262     if (event_code == HCI_COMMAND_COMPLETE_EVT)
    263     {
    264         num_hci_cmd_pkts = *p++;
    265 
    266         if (p_cb->int_cmd_rsp_pending > 0)
    267         {
    268             STREAM_TO_UINT16(opcode, p)
    269 
    270             if (opcode == p_cb->int_cmd[p_cb->int_cmd_rd_idx].opcode)
    271             {
    272                 HCIDBG( \
    273                 "Intercept CommandCompleteEvent for internal command (0x%04X)",\
    274                           opcode);
    275                 if (p_cb->int_cmd[p_cb->int_cmd_rd_idx].cback != NULL)
    276                 {
    277                     p_cb->int_cmd[p_cb->int_cmd_rd_idx].cback(p_cb->p_rcv_msg);
    278                 }
    279                 else
    280                 {
    281                     // Missing cback function!
    282                     // Release the p_rcv_msg buffer.
    283                     if (bt_hc_cbacks)
    284                     {
    285                         bt_hc_cbacks->dealloc(p_cb->p_rcv_msg);
    286                     }
    287                 }
    288                 p_cb->int_cmd_rd_idx = ((p_cb->int_cmd_rd_idx+1) & \
    289                                         INT_CMD_PKT_IDX_MASK);
    290                 p_cb->int_cmd_rsp_pending--;
    291                 return TRUE;
    292             }
    293         }
    294     }
    295     else if (event_code == HCI_COMMAND_STATUS_EVT)
    296     {
    297         num_hci_cmd_pkts = *(++p);
    298     }
    299 
    300     return FALSE;
    301 }
    302 
    303 /*******************************************************************************
    304 **
    305 ** Function         acl_rx_frame_buffer_alloc
    306 **
    307 ** Description      This function is called from the HCI transport when the
    308 **                  first 4 or 6 bytes of an HCI ACL packet have been received:
    309 **                  - Allocate a new buffer if it is a start pakcet of L2CAP
    310 **                    message.
    311 **                  - Return the buffer address of the starting L2CAP message
    312 **                    frame if the packet is the next segment of a fragmented
    313 **                    L2CAP message.
    314 **
    315 ** Returns          the address of the receive buffer H4 RX should use
    316 **                  (CR419: Modified to return NULL in case of error.)
    317 **
    318 ** NOTE             This assumes that the L2CAP MTU size is less than the size
    319 **                  of an HCI ACL buffer, so the maximum L2CAP message will fit
    320 **                  into one buffer.
    321 **
    322 *******************************************************************************/
    323 static HC_BT_HDR *acl_rx_frame_buffer_alloc (void)
    324 {
    325     uint8_t     *p;
    326     uint16_t    handle;
    327     uint16_t    hci_len;
    328     uint16_t    total_len;
    329     uint8_t     pkt_type;
    330     HC_BT_HDR  *p_return_buf = NULL;
    331     tHCI_H4_CB  *p_cb = &h4_cb;
    332 
    333 
    334     p = p_cb->preload_buffer;
    335 
    336     STREAM_TO_UINT16 (handle, p);
    337     STREAM_TO_UINT16 (hci_len, p);
    338     STREAM_TO_UINT16 (total_len, p);
    339 
    340     pkt_type = (uint8_t)(((handle) >> 12) & 0x0003);
    341     handle   = (uint16_t)((handle) & 0x0FFF);
    342 
    343     if (p_cb->acl_rx_q.count)
    344     {
    345         uint16_t save_handle;
    346         HC_BT_HDR *p_hdr = p_cb->acl_rx_q.p_first;
    347 
    348         while (p_hdr != NULL)
    349         {
    350             p = (uint8_t *)(p_hdr + 1);
    351             STREAM_TO_UINT16 (save_handle, p);
    352             save_handle   = (uint16_t)((save_handle) & 0x0FFF);
    353             if (save_handle == handle)
    354             {
    355                 p_return_buf = p_hdr;
    356                 break;
    357             }
    358             p_hdr = utils_getnext(p_hdr);
    359         }
    360     }
    361 
    362     if (pkt_type == ACL_RX_PKT_START)       /*** START PACKET ***/
    363     {
    364         /* Might have read 2 bytes for the L2CAP payload length */
    365         p_cb->rcv_len = (hci_len) ? (hci_len - 2) : 0;
    366 
    367         /* Start of packet. If we were in the middle of receiving */
    368         /* a packet on the same ACL handle, the original packet is incomplete.
    369          * Drop it. */
    370         if (p_return_buf)
    371         {
    372             ALOGW("H4 - dropping incomplete ACL frame");
    373 
    374             utils_remove_from_queue(&(p_cb->acl_rx_q), p_return_buf);
    375 
    376             if (bt_hc_cbacks)
    377             {
    378                 bt_hc_cbacks->dealloc(p_return_buf);
    379             }
    380             p_return_buf = NULL;
    381         }
    382 
    383         /* Allocate a buffer for message */
    384         if (bt_hc_cbacks)
    385         {
    386             int len = total_len + HCI_ACL_PREAMBLE_SIZE + L2CAP_HEADER_SIZE + \
    387                       BT_HC_HDR_SIZE;
    388             p_return_buf = (HC_BT_HDR *) bt_hc_cbacks->alloc(len);
    389         }
    390 
    391         if (p_return_buf)
    392         {
    393             /* Initialize buffer with preloaded data */
    394             p_return_buf->offset = 0;
    395             p_return_buf->layer_specific = 0;
    396             p_return_buf->event = MSG_HC_TO_STACK_HCI_ACL;
    397             p_return_buf->len = p_cb->preload_count;
    398             memcpy((uint8_t *)(p_return_buf + 1), p_cb->preload_buffer, \
    399                    p_cb->preload_count);
    400 
    401             if (hci_len && ((total_len + L2CAP_HEADER_SIZE) > hci_len))
    402             {
    403                 /* Will expect to see fragmented ACL packets */
    404                 /* Keep the base buffer address in the watching queue */
    405                 utils_enqueue(&(p_cb->acl_rx_q), p_return_buf);
    406             }
    407         }
    408     }
    409     else                                    /*** CONTINUATION PACKET ***/
    410     {
    411         p_cb->rcv_len = hci_len;
    412 
    413         if (p_return_buf)
    414         {
    415             /* Packet continuation and found the original rx buffer */
    416             uint8_t *p_f = p = (uint8_t *)(p_return_buf + 1) + 2;
    417 
    418             STREAM_TO_UINT16 (total_len, p);
    419 
    420             /* Update HCI header of first segment (base buffer) with new len */
    421             total_len += hci_len;
    422             UINT16_TO_STREAM (p_f, total_len);
    423         }
    424     }
    425 
    426     return (p_return_buf);
    427 }
    428 
    429 /*******************************************************************************
    430 **
    431 ** Function         acl_rx_frame_end_chk
    432 **
    433 ** Description      This function is called from the HCI transport when the last
    434 **                  byte of an HCI ACL packet has been received. It checks if
    435 **                  the L2CAP message is complete, i.e. no more continuation
    436 **                  packets are expected.
    437 **
    438 ** Returns          TRUE if message complete, FALSE if continuation expected
    439 **
    440 *******************************************************************************/
    441 static uint8_t acl_rx_frame_end_chk (void)
    442 {
    443     uint8_t     *p;
    444     uint16_t    handle, hci_len, l2cap_len;
    445     HC_BT_HDR  *p_buf;
    446     tHCI_H4_CB  *p_cb = &h4_cb;
    447     uint8_t     frame_end=TRUE;
    448 
    449     p_buf = p_cb->p_rcv_msg;
    450     p = (uint8_t *)(p_buf + 1);
    451 
    452     STREAM_TO_UINT16 (handle, p);
    453     STREAM_TO_UINT16 (hci_len, p);
    454     STREAM_TO_UINT16 (l2cap_len, p);
    455 
    456     if (hci_len > 0)
    457     {
    458         if (l2cap_len > (p_buf->len-(HCI_ACL_PREAMBLE_SIZE+L2CAP_HEADER_SIZE)) )
    459         {
    460             /* If the L2CAP length has not been reached, tell H4 not to send
    461              * this buffer to stack */
    462             frame_end = FALSE;
    463         }
    464         else
    465         {
    466             /*
    467              * The current buffer coulb be in the watching list.
    468              * Remove it from the list if it is in.
    469              */
    470             if (p_cb->acl_rx_q.count)
    471                 utils_remove_from_queue(&(p_cb->acl_rx_q), p_buf);
    472         }
    473     }
    474 
    475     /****
    476      ** Print snoop trace
    477      ****/
    478     if (p_buf->offset)
    479     {
    480         /* CONTINUATION PACKET */
    481 
    482         /* save original p_buf->len content */
    483         uint16_t tmp_u16 = p_buf->len;
    484 
    485         /* borrow HCI_ACL_PREAMBLE_SIZE bytes from the payload section */
    486         p = (uint8_t *)(p_buf + 1) + p_buf->offset - HCI_ACL_PREAMBLE_SIZE;
    487 
    488         /* save contents */
    489         memcpy(p_cb->preload_buffer, p, HCI_ACL_PREAMBLE_SIZE);
    490 
    491         /* Set packet boundary flags to "continuation packet" */
    492         handle = (handle & 0xCFFF) | 0x1000;
    493 
    494         /* write handl & length info */
    495         UINT16_TO_STREAM (p, handle);
    496         UINT16_TO_STREAM (p, (p_buf->len - p_buf->offset));
    497 
    498         /* roll pointer back */
    499         p = p - HCI_ACL_PREAMBLE_SIZE;
    500 
    501         /* adjust `p_buf->offset` & `p_buf->len`
    502          * before calling btsnoop_capture() */
    503         p_buf->offset = p_buf->offset - HCI_ACL_PREAMBLE_SIZE;
    504         p_buf->len = p_buf->len - p_buf->offset;
    505 
    506         btsnoop_capture(p_buf, true);
    507 
    508         /* restore contents */
    509         memcpy(p, p_cb->preload_buffer, HCI_ACL_PREAMBLE_SIZE);
    510 
    511         /* restore p_buf->len */
    512         p_buf->len = tmp_u16;
    513     }
    514     else
    515     {
    516         /* START PACKET */
    517         btsnoop_capture(p_buf, true);
    518     }
    519 
    520     if (frame_end == TRUE)
    521         p_buf->offset = 0;
    522     else
    523         p_buf->offset = p_buf->len; /* save current buffer-end position */
    524 
    525     return frame_end;
    526 }
    527 
    528 /*****************************************************************************
    529 **   HCI H4 INTERFACE FUNCTIONS
    530 *****************************************************************************/
    531 
    532 /*******************************************************************************
    533 **
    534 ** Function        hci_h4_init
    535 **
    536 ** Description     Initialize H4 module
    537 **
    538 ** Returns         None
    539 **
    540 *******************************************************************************/
    541 void hci_h4_init(void)
    542 {
    543     HCIDBG("hci_h4_init");
    544 
    545     memset(&h4_cb, 0, sizeof(tHCI_H4_CB));
    546     utils_queue_init(&(h4_cb.acl_rx_q));
    547 
    548     /* Per HCI spec., always starts with 1 */
    549     num_hci_cmd_pkts = 1;
    550 
    551     /* Give an initial values of Host Controller's ACL data packet length
    552      * Will update with an internal HCI(_LE)_Read_Buffer_Size request
    553      */
    554     h4_cb.hc_acl_data_size = 1021;
    555     h4_cb.hc_ble_acl_data_size = 27;
    556 }
    557 
    558 /*******************************************************************************
    559 **
    560 ** Function        hci_h4_cleanup
    561 **
    562 ** Description     Clean H4 module
    563 **
    564 ** Returns         None
    565 **
    566 *******************************************************************************/
    567 void hci_h4_cleanup(void)
    568 {
    569     HCIDBG("hci_h4_cleanup");
    570 }
    571 
    572 /*******************************************************************************
    573 **
    574 ** Function        hci_h4_send_msg
    575 **
    576 ** Description     Determine message type, set HCI H4 packet indicator, and
    577 **                 send message through USERIAL driver
    578 **
    579 ** Returns         None
    580 **
    581 *******************************************************************************/
    582 void hci_h4_send_msg(HC_BT_HDR *p_msg)
    583 {
    584     uint8_t type = 0;
    585     uint16_t handle;
    586     uint16_t bytes_to_send, lay_spec;
    587     uint8_t *p = ((uint8_t *)(p_msg + 1)) + p_msg->offset;
    588     uint16_t event = p_msg->event & MSG_EVT_MASK;
    589     uint16_t sub_event = p_msg->event & MSG_SUB_EVT_MASK;
    590     uint16_t acl_pkt_size = 0, acl_data_size = 0;
    591     uint16_t bytes_sent;
    592 
    593     /* wake up BT device if its in sleep mode */
    594     lpm_wake_assert();
    595 
    596     if (event == MSG_STACK_TO_HC_HCI_ACL)
    597         type = H4_TYPE_ACL_DATA;
    598     else if (event == MSG_STACK_TO_HC_HCI_SCO)
    599         type = H4_TYPE_SCO_DATA;
    600     else if (event == MSG_STACK_TO_HC_HCI_CMD)
    601         type = H4_TYPE_COMMAND;
    602 
    603     if (sub_event == LOCAL_BR_EDR_CONTROLLER_ID)
    604     {
    605         acl_data_size = h4_cb.hc_acl_data_size;
    606         acl_pkt_size = h4_cb.hc_acl_data_size + HCI_ACL_PREAMBLE_SIZE;
    607     }
    608     else
    609     {
    610         acl_data_size = h4_cb.hc_ble_acl_data_size;
    611         acl_pkt_size = h4_cb.hc_ble_acl_data_size + HCI_ACL_PREAMBLE_SIZE;
    612     }
    613 
    614     /* Check if sending ACL data that needs fragmenting */
    615     if ((event == MSG_STACK_TO_HC_HCI_ACL) && (p_msg->len > acl_pkt_size))
    616     {
    617         /* Get the handle from the packet */
    618         STREAM_TO_UINT16 (handle, p);
    619 
    620         /* Set packet boundary flags to "continuation packet" */
    621         handle = (handle & 0xCFFF) | 0x1000;
    622 
    623         /* Do all the first chunks */
    624         while (p_msg->len > acl_pkt_size)
    625         {
    626             /* remember layer_specific because uart borrow
    627                one byte from layer_specific for packet type */
    628             lay_spec = p_msg->layer_specific;
    629 
    630             p = ((uint8_t *)(p_msg + 1)) + p_msg->offset - 1;
    631             *p = type;
    632             bytes_to_send = acl_pkt_size + 1; /* packet_size + message type */
    633 
    634             bytes_sent = userial_write(event,(uint8_t *) p,bytes_to_send);
    635 
    636             /* generate snoop trace message */
    637             btsnoop_capture(p_msg, false);
    638 
    639             p_msg->layer_specific = lay_spec;
    640             /* Adjust offset and length for what we just sent */
    641             p_msg->offset += acl_data_size;
    642             p_msg->len    -= acl_data_size;
    643 
    644             p = ((uint8_t *)(p_msg + 1)) + p_msg->offset;
    645 
    646             UINT16_TO_STREAM (p, handle);
    647 
    648             if (p_msg->len > acl_pkt_size)
    649             {
    650                 UINT16_TO_STREAM (p, acl_data_size);
    651             }
    652             else
    653             {
    654                 UINT16_TO_STREAM (p, p_msg->len - HCI_ACL_PREAMBLE_SIZE);
    655             }
    656 
    657             /* If we were only to send partial buffer, stop when done.    */
    658             /* Send the buffer back to L2CAP to send the rest of it later */
    659             if (p_msg->layer_specific)
    660             {
    661                 if (--p_msg->layer_specific == 0)
    662                 {
    663                     p_msg->event = MSG_HC_TO_STACK_L2C_SEG_XMIT;
    664 
    665                     if (bt_hc_cbacks)
    666                     {
    667                         bt_hc_cbacks->tx_result((TRANSAC) p_msg, \
    668                                                     (char *) (p_msg + 1), \
    669                                                     BT_HC_TX_FRAGMENT);
    670                     }
    671 
    672                     return;
    673                 }
    674             }
    675         }
    676     }
    677 
    678 
    679     /* remember layer_specific because uart borrow
    680        one byte from layer_specific for packet type */
    681     lay_spec = p_msg->layer_specific;
    682 
    683     /* Put the HCI Transport packet type 1 byte before the message */
    684     p = ((uint8_t *)(p_msg + 1)) + p_msg->offset - 1;
    685     *p = type;
    686     bytes_to_send = p_msg->len + 1;     /* message_size + message type */
    687 
    688     bytes_sent = userial_write(event,(uint8_t *) p, bytes_to_send);
    689 
    690     p_msg->layer_specific = lay_spec;
    691 
    692     if (event == MSG_STACK_TO_HC_HCI_CMD)
    693     {
    694         num_hci_cmd_pkts--;
    695 
    696         /* If this is an internal Cmd packet, the layer_specific field would
    697          * have stored with the opcode of HCI command.
    698          * Retrieve the opcode from the Cmd packet.
    699          */
    700          p++;
    701         STREAM_TO_UINT16(lay_spec, p);
    702     }
    703 
    704     /* generate snoop trace message */
    705     btsnoop_capture(p_msg, false);
    706 
    707     if (bt_hc_cbacks)
    708     {
    709         if ((event == MSG_STACK_TO_HC_HCI_CMD) && \
    710             (h4_cb.int_cmd_rsp_pending > 0) && \
    711             (p_msg->layer_specific == lay_spec))
    712         {
    713             /* dealloc buffer of internal command */
    714             bt_hc_cbacks->dealloc(p_msg);
    715         }
    716         else
    717         {
    718             bt_hc_cbacks->tx_result((TRANSAC) p_msg, (char *) (p_msg + 1), \
    719                                         BT_HC_TX_SUCCESS);
    720         }
    721     }
    722 
    723     lpm_tx_done(TRUE);
    724 
    725     return;
    726 }
    727 
    728 
    729 /*******************************************************************************
    730 **
    731 ** Function        hci_h4_receive_msg
    732 **
    733 ** Description     Construct HCI EVENT/ACL packets and send them to stack once
    734 **                 complete packet has been received.
    735 **
    736 ** Returns         Number of read bytes
    737 **
    738 *******************************************************************************/
    739 uint16_t hci_h4_receive_msg(void)
    740 {
    741     uint16_t    bytes_read = 0;
    742     uint8_t     byte;
    743     uint16_t    msg_len, len;
    744     uint8_t     msg_received;
    745     tHCI_H4_CB  *p_cb=&h4_cb;
    746 
    747     while (TRUE)
    748     {
    749         /* Read one byte to see if there is anything waiting to be read */
    750         if (userial_read(0 /*dummy*/, &byte, 1) == 0)
    751         {
    752             break;
    753         }
    754 
    755         bytes_read++;
    756         msg_received = FALSE;
    757 
    758         switch (p_cb->rcv_state)
    759         {
    760         case H4_RX_MSGTYPE_ST:
    761             /* Start of new message */
    762             if ((byte < H4_TYPE_ACL_DATA) || (byte > H4_TYPE_EVENT))
    763             {
    764                 /* Unknown HCI message type */
    765                 /* Drop this byte */
    766                 ALOGE("[h4] Unknown HCI message type drop this byte 0x%x", byte);
    767                 break;
    768             }
    769 
    770             /* Initialize rx parameters */
    771             p_cb->rcv_msg_type = byte;
    772             p_cb->rcv_len = hci_preamble_table[byte-1];
    773             memset(p_cb->preload_buffer, 0 , 6);
    774             p_cb->preload_count = 0;
    775             // p_cb->p_rcv_msg = NULL;
    776             p_cb->rcv_state = H4_RX_LEN_ST; /* Next, wait for length to come */
    777             break;
    778 
    779         case H4_RX_LEN_ST:
    780             /* Receiving preamble */
    781             p_cb->preload_buffer[p_cb->preload_count++] = byte;
    782             p_cb->rcv_len--;
    783 
    784             /* Check if we received entire preamble yet */
    785             if (p_cb->rcv_len == 0)
    786             {
    787                 if (p_cb->rcv_msg_type == H4_TYPE_ACL_DATA)
    788                 {
    789                     /* ACL data lengths are 16-bits */
    790                     msg_len = p_cb->preload_buffer[3];
    791                     msg_len = (msg_len << 8) + p_cb->preload_buffer[2];
    792 
    793                     if (msg_len && (p_cb->preload_count == 4))
    794                     {
    795                         /* Check if this is a start packet */
    796                         byte = ((p_cb->preload_buffer[1] >> 4) & 0x03);
    797 
    798                         if (byte == ACL_RX_PKT_START)
    799                         {
    800                            /*
    801                             * A start packet & with non-zero data payload length.
    802                             * We want to read 2 more bytes to get L2CAP payload
    803                             * length.
    804                             */
    805                             p_cb->rcv_len = 2;
    806 
    807                             break;
    808                         }
    809                     }
    810 
    811                     /*
    812                      * Check for segmented packets. If this is a continuation
    813                      * packet, then we will continue appending data to the
    814                      * original rcv buffer.
    815                      */
    816                     p_cb->p_rcv_msg = acl_rx_frame_buffer_alloc();
    817                 }
    818                 else
    819                 {
    820                     /* Received entire preamble.
    821                      * Length is in the last received byte */
    822                     msg_len = byte;
    823                     p_cb->rcv_len = msg_len;
    824 
    825                     /* Allocate a buffer for message */
    826                     if (bt_hc_cbacks)
    827                     {
    828                         len = msg_len + p_cb->preload_count + BT_HC_HDR_SIZE;
    829                         p_cb->p_rcv_msg = \
    830                             (HC_BT_HDR *) bt_hc_cbacks->alloc(len);
    831                     }
    832 
    833                     if (p_cb->p_rcv_msg)
    834                     {
    835                         /* Initialize buffer with preloaded data */
    836                         p_cb->p_rcv_msg->offset = 0;
    837                         p_cb->p_rcv_msg->layer_specific = 0;
    838                         p_cb->p_rcv_msg->event = \
    839                             msg_evt_table[p_cb->rcv_msg_type-1];
    840                         p_cb->p_rcv_msg->len = p_cb->preload_count;
    841                         memcpy((uint8_t *)(p_cb->p_rcv_msg + 1), \
    842                                p_cb->preload_buffer, p_cb->preload_count);
    843                     }
    844                 }
    845 
    846                 if (p_cb->p_rcv_msg == NULL)
    847                 {
    848                     /* Unable to acquire message buffer. */
    849                     ALOGE( \
    850                      "H4: Unable to acquire buffer for incoming HCI message." \
    851                     );
    852 
    853                     if (msg_len == 0)
    854                     {
    855                         /* Wait for next message */
    856                         p_cb->rcv_state = H4_RX_MSGTYPE_ST;
    857                     }
    858                     else
    859                     {
    860                         /* Ignore rest of the packet */
    861                         p_cb->rcv_state = H4_RX_IGNORE_ST;
    862                     }
    863 
    864                     break;
    865                 }
    866 
    867                 /* Message length is valid */
    868                 if (msg_len)
    869                 {
    870                     /* Read rest of message */
    871                     p_cb->rcv_state = H4_RX_DATA_ST;
    872                 }
    873                 else
    874                 {
    875                     /* Message has no additional parameters.
    876                      * (Entire message has been received) */
    877                     if (p_cb->rcv_msg_type == H4_TYPE_ACL_DATA)
    878                         acl_rx_frame_end_chk(); /* to print snoop trace */
    879 
    880                     msg_received = TRUE;
    881 
    882                     /* Next, wait for next message */
    883                     p_cb->rcv_state = H4_RX_MSGTYPE_ST;
    884                 }
    885             }
    886             break;
    887 
    888         case H4_RX_DATA_ST:
    889             *((uint8_t *)(p_cb->p_rcv_msg + 1) + p_cb->p_rcv_msg->len++) = byte;
    890             p_cb->rcv_len--;
    891 
    892             if (p_cb->rcv_len > 0)
    893             {
    894                 /* Read in the rest of the message */
    895                 len = userial_read(0 /*dummy*/, \
    896                       ((uint8_t *)(p_cb->p_rcv_msg+1) + p_cb->p_rcv_msg->len), \
    897                       p_cb->rcv_len);
    898                 p_cb->p_rcv_msg->len += len;
    899                 p_cb->rcv_len -= len;
    900                 bytes_read += len;
    901             }
    902 
    903             /* Check if we read in entire message yet */
    904             if (p_cb->rcv_len == 0)
    905             {
    906                 /* Received entire packet. */
    907                 /* Check for segmented l2cap packets */
    908                 if ((p_cb->rcv_msg_type == H4_TYPE_ACL_DATA) &&
    909                     !acl_rx_frame_end_chk())
    910                 {
    911                     /* Not the end of packet yet. */
    912                     /* Next, wait for next message */
    913                     p_cb->rcv_state = H4_RX_MSGTYPE_ST;
    914                 }
    915                 else
    916                 {
    917                     msg_received = TRUE;
    918                     /* Next, wait for next message */
    919                     p_cb->rcv_state = H4_RX_MSGTYPE_ST;
    920                 }
    921             }
    922             break;
    923 
    924 
    925         case H4_RX_IGNORE_ST:
    926             /* Ignore reset of packet */
    927             p_cb->rcv_len--;
    928 
    929             /* Check if we read in entire message yet */
    930             if (p_cb->rcv_len == 0)
    931             {
    932                 /* Next, wait for next message */
    933                 p_cb->rcv_state = H4_RX_MSGTYPE_ST;
    934             }
    935             break;
    936         }
    937 
    938 
    939         /* If we received entire message, then send it to the task */
    940         if (msg_received)
    941         {
    942             uint8_t intercepted = FALSE;
    943 
    944             /* generate snoop trace message */
    945             /* ACL packet tracing had done in acl_rx_frame_end_chk() */
    946             if (p_cb->p_rcv_msg->event != MSG_HC_TO_STACK_HCI_ACL)
    947                 btsnoop_capture(p_cb->p_rcv_msg, true);
    948 
    949             if (p_cb->p_rcv_msg->event == MSG_HC_TO_STACK_HCI_EVT)
    950                 intercepted = internal_event_intercept();
    951 
    952             if ((bt_hc_cbacks) && (intercepted == FALSE))
    953             {
    954                 bt_hc_cbacks->data_ind((TRANSAC) p_cb->p_rcv_msg, \
    955                                        (char *) (p_cb->p_rcv_msg + 1), \
    956                                        p_cb->p_rcv_msg->len + BT_HC_HDR_SIZE);
    957             }
    958             p_cb->p_rcv_msg = NULL;
    959         }
    960     }
    961 
    962     return (bytes_read);
    963 }
    964 
    965 
    966 /*******************************************************************************
    967 **
    968 ** Function        hci_h4_send_int_cmd
    969 **
    970 ** Description     Place the internal commands (issued internally by vendor lib)
    971 **                 in the tx_q.
    972 **
    973 ** Returns         TRUE/FALSE
    974 **
    975 *******************************************************************************/
    976 uint8_t hci_h4_send_int_cmd(uint16_t opcode, HC_BT_HDR *p_buf, \
    977                                   tINT_CMD_CBACK p_cback)
    978 {
    979     if (h4_cb.int_cmd_rsp_pending > INT_CMD_PKT_MAX_COUNT)
    980     {
    981         ALOGE( \
    982         "Allow only %d outstanding internal commands at a time [Reject 0x%04X]"\
    983         , INT_CMD_PKT_MAX_COUNT, opcode);
    984         return FALSE;
    985     }
    986 
    987     h4_cb.int_cmd_rsp_pending++;
    988     h4_cb.int_cmd[h4_cb.int_cmd_wrt_idx].opcode = opcode;
    989     h4_cb.int_cmd[h4_cb.int_cmd_wrt_idx].cback = p_cback;
    990     h4_cb.int_cmd_wrt_idx = ((h4_cb.int_cmd_wrt_idx+1) & INT_CMD_PKT_IDX_MASK);
    991 
    992     /* stamp signature to indicate an internal command */
    993     p_buf->layer_specific = opcode;
    994 
    995     bthc_tx(p_buf);
    996     return TRUE;
    997 }
    998 
    999 
   1000 /*******************************************************************************
   1001 **
   1002 ** Function        hci_h4_get_acl_data_length
   1003 **
   1004 ** Description     Issue HCI_READ_BUFFER_SIZE command to retrieve Controller's
   1005 **                 ACL data length setting
   1006 **
   1007 ** Returns         None
   1008 **
   1009 *******************************************************************************/
   1010 void hci_h4_get_acl_data_length(void)
   1011 {
   1012     HC_BT_HDR  *p_buf = NULL;
   1013     uint8_t     *p, ret;
   1014 
   1015     if (bt_hc_cbacks)
   1016     {
   1017         p_buf = (HC_BT_HDR *) bt_hc_cbacks->alloc(BT_HC_HDR_SIZE + \
   1018                                                        HCI_CMD_PREAMBLE_SIZE);
   1019     }
   1020 
   1021     if (p_buf)
   1022     {
   1023         p_buf->event = MSG_STACK_TO_HC_HCI_CMD;
   1024         p_buf->offset = 0;
   1025         p_buf->layer_specific = 0;
   1026         p_buf->len = HCI_CMD_PREAMBLE_SIZE;
   1027 
   1028         p = (uint8_t *) (p_buf + 1);
   1029         UINT16_TO_STREAM(p, HCI_READ_BUFFER_SIZE);
   1030         *p = 0;
   1031 
   1032         if ((ret = hci_h4_send_int_cmd(HCI_READ_BUFFER_SIZE, p_buf, \
   1033                                        get_acl_data_length_cback)) == FALSE)
   1034         {
   1035             bt_hc_cbacks->dealloc(p_buf);
   1036         }
   1037         else
   1038             return;
   1039     }
   1040 
   1041     if (bt_hc_cbacks)
   1042     {
   1043         ALOGE("vendor lib postload aborted");
   1044         bt_hc_cbacks->postload_cb(NULL, BT_HC_POSTLOAD_FAIL);
   1045     }
   1046 }
   1047 
   1048 
   1049 /******************************************************************************
   1050 **  HCI H4 Services interface table
   1051 ******************************************************************************/
   1052 
   1053 const tHCI_IF hci_h4_func_table =
   1054 {
   1055     hci_h4_init,
   1056     hci_h4_cleanup,
   1057     hci_h4_send_msg,
   1058     hci_h4_send_int_cmd,
   1059     hci_h4_get_acl_data_length,
   1060     hci_h4_receive_msg
   1061 };
   1062 
   1063