1 /****************************************************************************** 2 * 3 * Copyright (C) 2014 Google, Inc. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 #define LOG_TAG "bt_hci" 20 21 #include "hci_layer.h" 22 23 #include <assert.h> 24 #include <pthread.h> 25 #include <signal.h> 26 #include <string.h> 27 #include <sys/types.h> 28 #include <unistd.h> 29 30 #include "btcore/include/module.h" 31 #include "btsnoop.h" 32 #include "buffer_allocator.h" 33 #include "hci_hal.h" 34 #include "hci_inject.h" 35 #include "hci_internals.h" 36 #include "hcidefs.h" 37 #include "hcimsgs.h" 38 #include "low_power_manager.h" 39 #include "osi/include/alarm.h" 40 #include "osi/include/list.h" 41 #include "osi/include/log.h" 42 #include "osi/include/properties.h" 43 #include "osi/include/reactor.h" 44 #include "packet_fragmenter.h" 45 #include "vendor.h" 46 47 // TODO(zachoverflow): remove this hack extern 48 #include <hardware/bluetooth.h> 49 bt_bdaddr_t btif_local_bd_addr; 50 51 #define INBOUND_PACKET_TYPE_COUNT 3 52 #define PACKET_TYPE_TO_INBOUND_INDEX(type) ((type) - 2) 53 #define PACKET_TYPE_TO_INDEX(type) ((type) - 1) 54 55 #define PREAMBLE_BUFFER_SIZE 4 // max preamble size, ACL 56 #define RETRIEVE_ACL_LENGTH(preamble) ((((preamble)[3]) << 8) | (preamble)[2]) 57 58 #define BT_HCI_TIMEOUT_TAG_NUM 1010000 59 60 static const uint8_t preamble_sizes[] = { 61 HCI_COMMAND_PREAMBLE_SIZE, 62 HCI_ACL_PREAMBLE_SIZE, 63 HCI_SCO_PREAMBLE_SIZE, 64 HCI_EVENT_PREAMBLE_SIZE 65 }; 66 67 static const uint16_t outbound_event_types[] = 68 { 69 MSG_HC_TO_STACK_HCI_ERR, 70 MSG_HC_TO_STACK_HCI_ACL, 71 MSG_HC_TO_STACK_HCI_SCO, 72 MSG_HC_TO_STACK_HCI_EVT 73 }; 74 75 typedef enum { 76 BRAND_NEW, 77 PREAMBLE, 78 BODY, 79 IGNORE, 80 FINISHED 81 } receive_state_t; 82 83 typedef struct { 84 receive_state_t state; 85 uint16_t bytes_remaining; 86 uint8_t preamble[PREAMBLE_BUFFER_SIZE]; 87 uint16_t index; 88 BT_HDR *buffer; 89 } packet_receive_data_t; 90 91 typedef struct { 92 uint16_t opcode; 93 future_t *complete_future; 94 command_complete_cb complete_callback; 95 command_status_cb status_callback; 96 void *context; 97 BT_HDR *command; 98 } waiting_command_t; 99 100 // Using a define here, because it can be stringified for the property lookup 101 #define DEFAULT_STARTUP_TIMEOUT_MS 8000 102 #define STRING_VALUE_OF(x) #x 103 104 static const uint32_t EPILOG_TIMEOUT_MS = 3000; 105 static const uint32_t COMMAND_PENDING_TIMEOUT_MS = 8000; 106 107 // Our interface 108 static bool interface_created; 109 static hci_t interface; 110 111 // Modules we import and callbacks we export 112 static const allocator_t *buffer_allocator; 113 static const btsnoop_t *btsnoop; 114 static const hci_hal_t *hal; 115 static const hci_hal_callbacks_t hal_callbacks; 116 static const hci_inject_t *hci_inject; 117 static const low_power_manager_t *low_power_manager; 118 static const packet_fragmenter_t *packet_fragmenter; 119 static const packet_fragmenter_callbacks_t packet_fragmenter_callbacks; 120 static const vendor_t *vendor; 121 122 static future_t *startup_future; 123 static thread_t *thread; // We own this 124 125 static volatile bool firmware_is_configured = false; 126 static alarm_t *epilog_timer; 127 static alarm_t *startup_timer; 128 129 // Outbound-related 130 static int command_credits = 1; 131 static fixed_queue_t *command_queue; 132 static fixed_queue_t *packet_queue; 133 134 // Inbound-related 135 static alarm_t *command_response_timer; 136 static list_t *commands_pending_response; 137 static pthread_mutex_t commands_pending_response_lock; 138 static packet_receive_data_t incoming_packets[INBOUND_PACKET_TYPE_COUNT]; 139 140 // The hand-off point for data going to a higher layer, set by the higher layer 141 static fixed_queue_t *upwards_data_queue; 142 143 static future_t *shut_down(); 144 145 static void event_finish_startup(void *context); 146 static void firmware_config_callback(bool success); 147 static void startup_timer_expired(void *context); 148 149 static void event_postload(void *context); 150 static void sco_config_callback(bool success); 151 152 static void event_epilog(void *context); 153 static void epilog_finished_callback(bool success); 154 static void epilog_timer_expired(void *context); 155 156 static void event_command_ready(fixed_queue_t *queue, void *context); 157 static void event_packet_ready(fixed_queue_t *queue, void *context); 158 static void command_timed_out(void *context); 159 160 static void hal_says_data_ready(serial_data_type_t type); 161 static bool filter_incoming_event(BT_HDR *packet); 162 163 static serial_data_type_t event_to_data_type(uint16_t event); 164 static waiting_command_t *get_waiting_command(command_opcode_t opcode); 165 static void update_command_response_timer(void); 166 167 // Module lifecycle functions 168 169 static future_t *start_up(void) { 170 LOG_INFO(LOG_TAG, "%s", __func__); 171 172 // The host is only allowed to send at most one command initially, 173 // as per the Bluetooth spec, Volume 2, Part E, 4.4 (Command Flow Control) 174 // This value can change when you get a command complete or command status event. 175 command_credits = 1; 176 firmware_is_configured = false; 177 178 pthread_mutex_init(&commands_pending_response_lock, NULL); 179 180 // TODO(armansito): cutils/properties.h is only being used to pull-in runtime 181 // settings on Android. Remove this conditional include once we have a generic 182 // way to obtain system properties. For now, always use the default timeout on 183 // non-Android builds. 184 period_ms_t startup_timeout_ms = DEFAULT_STARTUP_TIMEOUT_MS; 185 186 // Grab the override startup timeout ms, if present. 187 char timeout_prop[PROPERTY_VALUE_MAX]; 188 if (!osi_property_get("bluetooth.enable_timeout_ms", timeout_prop, STRING_VALUE_OF(DEFAULT_STARTUP_TIMEOUT_MS)) 189 || (startup_timeout_ms = atoi(timeout_prop)) < 100) 190 startup_timeout_ms = DEFAULT_STARTUP_TIMEOUT_MS; 191 192 startup_timer = alarm_new("hci.startup_timer"); 193 if (!startup_timer) { 194 LOG_ERROR(LOG_TAG, "%s unable to create startup timer.", __func__); 195 goto error; 196 } 197 198 epilog_timer = alarm_new("hci.epilog_timer"); 199 if (!epilog_timer) { 200 LOG_ERROR(LOG_TAG, "%s unable to create epilog timer.", __func__); 201 goto error; 202 } 203 204 command_response_timer = alarm_new("hci.command_response_timer"); 205 if (!command_response_timer) { 206 LOG_ERROR(LOG_TAG, "%s unable to create command response timer.", __func__); 207 goto error; 208 } 209 210 command_queue = fixed_queue_new(SIZE_MAX); 211 if (!command_queue) { 212 LOG_ERROR(LOG_TAG, "%s unable to create pending command queue.", __func__); 213 goto error; 214 } 215 216 packet_queue = fixed_queue_new(SIZE_MAX); 217 if (!packet_queue) { 218 LOG_ERROR(LOG_TAG, "%s unable to create pending packet queue.", __func__); 219 goto error; 220 } 221 222 thread = thread_new("hci_thread"); 223 if (!thread) { 224 LOG_ERROR(LOG_TAG, "%s unable to create thread.", __func__); 225 goto error; 226 } 227 228 commands_pending_response = list_new(NULL); 229 if (!commands_pending_response) { 230 LOG_ERROR(LOG_TAG, "%s unable to create list for commands pending response.", __func__); 231 goto error; 232 } 233 234 memset(incoming_packets, 0, sizeof(incoming_packets)); 235 236 // Make sure we run in a bounded amount of time 237 future_t *local_startup_future = future_new(); 238 startup_future = local_startup_future; 239 alarm_set(startup_timer, startup_timeout_ms, startup_timer_expired, NULL); 240 241 packet_fragmenter->init(&packet_fragmenter_callbacks); 242 243 fixed_queue_register_dequeue(command_queue, thread_get_reactor(thread), event_command_ready, NULL); 244 fixed_queue_register_dequeue(packet_queue, thread_get_reactor(thread), event_packet_ready, NULL); 245 246 vendor->open(btif_local_bd_addr.address, &interface); 247 hal->init(&hal_callbacks, thread); 248 low_power_manager->init(thread); 249 250 vendor->set_callback(VENDOR_CONFIGURE_FIRMWARE, firmware_config_callback); 251 vendor->set_callback(VENDOR_CONFIGURE_SCO, sco_config_callback); 252 vendor->set_callback(VENDOR_DO_EPILOG, epilog_finished_callback); 253 254 if (!hci_inject->open(&interface)) { 255 // TODO(sharvil): gracefully propagate failures from this layer. 256 } 257 258 int power_state = BT_VND_PWR_OFF; 259 #if (defined (BT_CLEAN_TURN_ON_DISABLED) && BT_CLEAN_TURN_ON_DISABLED == TRUE) 260 LOG_WARN(LOG_TAG, "%s not turning off the chip before turning on.", __func__); 261 // So apparently this hack was needed in the past because a Wingray kernel driver 262 // didn't handle power off commands in a powered off state correctly. 263 264 // The comment in the old code said the workaround should be removed when the 265 // problem was fixed. Sadly, I have no idea if said bug was fixed or if said 266 // kernel is still in use, so we must leave this here for posterity. #sadpanda 267 #else 268 // cycle power on the chip to ensure it has been reset 269 vendor->send_command(VENDOR_CHIP_POWER_CONTROL, &power_state); 270 #endif 271 power_state = BT_VND_PWR_ON; 272 vendor->send_command(VENDOR_CHIP_POWER_CONTROL, &power_state); 273 274 LOG_DEBUG(LOG_TAG, "%s starting async portion", __func__); 275 thread_post(thread, event_finish_startup, NULL); 276 return local_startup_future; 277 278 error: 279 shut_down(); // returns NULL so no need to wait for it 280 return future_new_immediate(FUTURE_FAIL); 281 } 282 283 static future_t *shut_down() { 284 LOG_INFO(LOG_TAG, "%s", __func__); 285 286 hci_inject->close(); 287 288 if (thread) { 289 if (firmware_is_configured) { 290 alarm_set(epilog_timer, EPILOG_TIMEOUT_MS, epilog_timer_expired, NULL); 291 thread_post(thread, event_epilog, NULL); 292 } else { 293 thread_stop(thread); 294 } 295 296 thread_join(thread); 297 } 298 299 fixed_queue_free(command_queue, osi_free); 300 command_queue = NULL; 301 fixed_queue_free(packet_queue, buffer_allocator->free); 302 packet_queue = NULL; 303 list_free(commands_pending_response); 304 commands_pending_response = NULL; 305 306 pthread_mutex_destroy(&commands_pending_response_lock); 307 308 packet_fragmenter->cleanup(); 309 310 // Free the timers 311 alarm_free(epilog_timer); 312 epilog_timer = NULL; 313 alarm_free(command_response_timer); 314 command_response_timer = NULL; 315 alarm_free(startup_timer); 316 startup_timer = NULL; 317 318 low_power_manager->cleanup(); 319 hal->close(); 320 321 // Turn off the chip 322 int power_state = BT_VND_PWR_OFF; 323 vendor->send_command(VENDOR_CHIP_POWER_CONTROL, &power_state); 324 vendor->close(); 325 326 thread_free(thread); 327 thread = NULL; 328 firmware_is_configured = false; 329 330 return NULL; 331 } 332 333 EXPORT_SYMBOL const module_t hci_module = { 334 .name = HCI_MODULE, 335 .init = NULL, 336 .start_up = start_up, 337 .shut_down = shut_down, 338 .clean_up = NULL, 339 .dependencies = { 340 BTSNOOP_MODULE, 341 NULL 342 } 343 }; 344 345 // Interface functions 346 347 static void do_postload() { 348 LOG_DEBUG(LOG_TAG, "%s posting postload work item", __func__); 349 thread_post(thread, event_postload, NULL); 350 } 351 352 static void set_data_queue(fixed_queue_t *queue) { 353 upwards_data_queue = queue; 354 } 355 356 static void transmit_command( 357 BT_HDR *command, 358 command_complete_cb complete_callback, 359 command_status_cb status_callback, 360 void *context) { 361 waiting_command_t *wait_entry = osi_calloc(sizeof(waiting_command_t)); 362 363 uint8_t *stream = command->data + command->offset; 364 STREAM_TO_UINT16(wait_entry->opcode, stream); 365 wait_entry->complete_callback = complete_callback; 366 wait_entry->status_callback = status_callback; 367 wait_entry->command = command; 368 wait_entry->context = context; 369 370 // Store the command message type in the event field 371 // in case the upper layer didn't already 372 command->event = MSG_STACK_TO_HC_HCI_CMD; 373 374 fixed_queue_enqueue(command_queue, wait_entry); 375 } 376 377 static future_t *transmit_command_futured(BT_HDR *command) { 378 waiting_command_t *wait_entry = osi_calloc(sizeof(waiting_command_t)); 379 future_t *future = future_new(); 380 381 uint8_t *stream = command->data + command->offset; 382 STREAM_TO_UINT16(wait_entry->opcode, stream); 383 wait_entry->complete_future = future; 384 wait_entry->command = command; 385 386 // Store the command message type in the event field 387 // in case the upper layer didn't already 388 command->event = MSG_STACK_TO_HC_HCI_CMD; 389 390 fixed_queue_enqueue(command_queue, wait_entry); 391 return future; 392 } 393 394 static void transmit_downward(data_dispatcher_type_t type, void *data) { 395 if (type == MSG_STACK_TO_HC_HCI_CMD) { 396 // TODO(zachoverflow): eliminate this call 397 transmit_command((BT_HDR *)data, NULL, NULL, NULL); 398 LOG_WARN(LOG_TAG, "%s legacy transmit of command. Use transmit_command instead.", __func__); 399 } else { 400 fixed_queue_enqueue(packet_queue, data); 401 } 402 } 403 404 // Start up functions 405 406 static void event_finish_startup(UNUSED_ATTR void *context) { 407 LOG_INFO(LOG_TAG, "%s", __func__); 408 hal->open(); 409 vendor->send_async_command(VENDOR_CONFIGURE_FIRMWARE, NULL); 410 } 411 412 static void firmware_config_callback(UNUSED_ATTR bool success) { 413 LOG_INFO(LOG_TAG, "%s", __func__); 414 415 alarm_cancel(startup_timer); 416 417 pthread_mutex_lock(&commands_pending_response_lock); 418 419 if (startup_future == NULL) { 420 // The firmware configuration took too long - ignore the callback 421 pthread_mutex_unlock(&commands_pending_response_lock); 422 return; 423 } 424 425 firmware_is_configured = true; 426 future_ready(startup_future, FUTURE_SUCCESS); 427 startup_future = NULL; 428 429 pthread_mutex_unlock(&commands_pending_response_lock); 430 } 431 432 static void startup_timer_expired(UNUSED_ATTR void *context) { 433 LOG_ERROR(LOG_TAG, "%s", __func__); 434 435 pthread_mutex_lock(&commands_pending_response_lock); 436 future_ready(startup_future, FUTURE_FAIL); 437 startup_future = NULL; 438 pthread_mutex_unlock(&commands_pending_response_lock); 439 } 440 441 // Postload functions 442 443 static void event_postload(UNUSED_ATTR void *context) { 444 LOG_INFO(LOG_TAG, "%s", __func__); 445 if(vendor->send_async_command(VENDOR_CONFIGURE_SCO, NULL) == -1) { 446 // If couldn't configure sco, we won't get the sco configuration callback 447 // so go pretend to do it now 448 sco_config_callback(false); 449 450 } 451 } 452 453 static void sco_config_callback(UNUSED_ATTR bool success) { 454 LOG_INFO(LOG_TAG, "%s postload finished.", __func__); 455 } 456 457 // Epilog functions 458 459 static void event_epilog(UNUSED_ATTR void *context) { 460 vendor->send_async_command(VENDOR_DO_EPILOG, NULL); 461 } 462 463 static void epilog_finished_callback(UNUSED_ATTR bool success) { 464 LOG_INFO(LOG_TAG, "%s", __func__); 465 alarm_cancel(epilog_timer); 466 thread_stop(thread); 467 } 468 469 static void epilog_timer_expired(UNUSED_ATTR void *context) { 470 LOG_INFO(LOG_TAG, "%s", __func__); 471 thread_stop(thread); 472 } 473 474 // Command/packet transmitting functions 475 476 static void event_command_ready(fixed_queue_t *queue, UNUSED_ATTR void *context) { 477 if (command_credits > 0) { 478 waiting_command_t *wait_entry = fixed_queue_dequeue(queue); 479 command_credits--; 480 481 // Move it to the list of commands awaiting response 482 pthread_mutex_lock(&commands_pending_response_lock); 483 list_append(commands_pending_response, wait_entry); 484 pthread_mutex_unlock(&commands_pending_response_lock); 485 486 // Send it off 487 low_power_manager->wake_assert(); 488 packet_fragmenter->fragment_and_dispatch(wait_entry->command); 489 low_power_manager->transmit_done(); 490 491 update_command_response_timer(); 492 } 493 } 494 495 static void event_packet_ready(fixed_queue_t *queue, UNUSED_ATTR void *context) { 496 // The queue may be the command queue or the packet queue, we don't care 497 BT_HDR *packet = (BT_HDR *)fixed_queue_dequeue(queue); 498 499 low_power_manager->wake_assert(); 500 packet_fragmenter->fragment_and_dispatch(packet); 501 low_power_manager->transmit_done(); 502 } 503 504 // Callback for the fragmenter to send a fragment 505 static void transmit_fragment(BT_HDR *packet, bool send_transmit_finished) { 506 uint16_t event = packet->event & MSG_EVT_MASK; 507 serial_data_type_t type = event_to_data_type(event); 508 509 btsnoop->capture(packet, false); 510 hal->transmit_data(type, packet->data + packet->offset, packet->len); 511 512 if (event != MSG_STACK_TO_HC_HCI_CMD && send_transmit_finished) 513 buffer_allocator->free(packet); 514 } 515 516 static void fragmenter_transmit_finished(BT_HDR *packet, bool all_fragments_sent) { 517 if (all_fragments_sent) { 518 buffer_allocator->free(packet); 519 } else { 520 // This is kind of a weird case, since we're dispatching a partially sent packet 521 // up to a higher layer. 522 // TODO(zachoverflow): rework upper layer so this isn't necessary. 523 data_dispatcher_dispatch(interface.event_dispatcher, packet->event & MSG_EVT_MASK, packet); 524 } 525 } 526 527 static void command_timed_out(UNUSED_ATTR void *context) { 528 pthread_mutex_lock(&commands_pending_response_lock); 529 530 if (list_is_empty(commands_pending_response)) { 531 LOG_ERROR(LOG_TAG, "%s with no commands pending response", __func__); 532 } else { 533 waiting_command_t *wait_entry = list_front(commands_pending_response); 534 pthread_mutex_unlock(&commands_pending_response_lock); 535 536 // We shouldn't try to recover the stack from this command timeout. 537 // If it's caused by a software bug, fix it. If it's a hardware bug, fix it. 538 LOG_ERROR(LOG_TAG, "%s hci layer timeout waiting for response to a command. opcode: 0x%x", __func__, wait_entry->opcode); 539 LOG_EVENT_INT(BT_HCI_TIMEOUT_TAG_NUM, wait_entry->opcode); 540 } 541 542 LOG_ERROR(LOG_TAG, "%s restarting the bluetooth process.", __func__); 543 usleep(10000); 544 kill(getpid(), SIGKILL); 545 } 546 547 // Event/packet receiving functions 548 549 // This function is not required to read all of a packet in one go, so 550 // be wary of reentry. But this function must return after finishing a packet. 551 static void hal_says_data_ready(serial_data_type_t type) { 552 packet_receive_data_t *incoming = &incoming_packets[PACKET_TYPE_TO_INBOUND_INDEX(type)]; 553 554 uint8_t byte; 555 while (hal->read_data(type, &byte, 1) != 0) { 556 switch (incoming->state) { 557 case BRAND_NEW: 558 // Initialize and prepare to jump to the preamble reading state 559 incoming->bytes_remaining = preamble_sizes[PACKET_TYPE_TO_INDEX(type)]; 560 memset(incoming->preamble, 0, PREAMBLE_BUFFER_SIZE); 561 incoming->index = 0; 562 incoming->state = PREAMBLE; 563 // INTENTIONAL FALLTHROUGH 564 case PREAMBLE: 565 incoming->preamble[incoming->index] = byte; 566 incoming->index++; 567 incoming->bytes_remaining--; 568 569 if (incoming->bytes_remaining == 0) { 570 // For event and sco preambles, the last byte we read is the length 571 incoming->bytes_remaining = (type == DATA_TYPE_ACL) ? RETRIEVE_ACL_LENGTH(incoming->preamble) : byte; 572 573 size_t buffer_size = BT_HDR_SIZE + incoming->index + incoming->bytes_remaining; 574 incoming->buffer = (BT_HDR *)buffer_allocator->alloc(buffer_size); 575 576 if (!incoming->buffer) { 577 LOG_ERROR(LOG_TAG, "%s error getting buffer for incoming packet of type %d and size %zd", __func__, type, buffer_size); 578 // Can't read any more of this current packet, so jump out 579 incoming->state = incoming->bytes_remaining == 0 ? BRAND_NEW : IGNORE; 580 break; 581 } 582 583 // Initialize the buffer 584 incoming->buffer->offset = 0; 585 incoming->buffer->layer_specific = 0; 586 incoming->buffer->event = outbound_event_types[PACKET_TYPE_TO_INDEX(type)]; 587 memcpy(incoming->buffer->data, incoming->preamble, incoming->index); 588 589 incoming->state = incoming->bytes_remaining > 0 ? BODY : FINISHED; 590 } 591 592 break; 593 case BODY: 594 incoming->buffer->data[incoming->index] = byte; 595 incoming->index++; 596 incoming->bytes_remaining--; 597 598 size_t bytes_read = hal->read_data(type, (incoming->buffer->data + incoming->index), incoming->bytes_remaining); 599 incoming->index += bytes_read; 600 incoming->bytes_remaining -= bytes_read; 601 602 incoming->state = incoming->bytes_remaining == 0 ? FINISHED : incoming->state; 603 break; 604 case IGNORE: 605 incoming->bytes_remaining--; 606 if (incoming->bytes_remaining == 0) { 607 incoming->state = BRAND_NEW; 608 // Don't forget to let the hal know we finished the packet we were ignoring. 609 // Otherwise we'll get out of sync with hals that embed extra information 610 // in the uart stream (like H4). #badnewsbears 611 hal->packet_finished(type); 612 return; 613 } 614 615 break; 616 case FINISHED: 617 LOG_ERROR(LOG_TAG, "%s the state machine should not have been left in the finished state.", __func__); 618 break; 619 } 620 621 if (incoming->state == FINISHED) { 622 incoming->buffer->len = incoming->index; 623 btsnoop->capture(incoming->buffer, true); 624 625 if (type != DATA_TYPE_EVENT) { 626 packet_fragmenter->reassemble_and_dispatch(incoming->buffer); 627 } else if (!filter_incoming_event(incoming->buffer)) { 628 // Dispatch the event by event code 629 uint8_t *stream = incoming->buffer->data; 630 uint8_t event_code; 631 STREAM_TO_UINT8(event_code, stream); 632 633 data_dispatcher_dispatch( 634 interface.event_dispatcher, 635 event_code, 636 incoming->buffer 637 ); 638 } 639 640 // We don't control the buffer anymore 641 incoming->buffer = NULL; 642 incoming->state = BRAND_NEW; 643 hal->packet_finished(type); 644 645 // We return after a packet is finished for two reasons: 646 // 1. The type of the next packet could be different. 647 // 2. We don't want to hog cpu time. 648 return; 649 } 650 } 651 } 652 653 // Returns true if the event was intercepted and should not proceed to 654 // higher layers. Also inspects an incoming event for interesting 655 // information, like how many commands are now able to be sent. 656 static bool filter_incoming_event(BT_HDR *packet) { 657 waiting_command_t *wait_entry = NULL; 658 uint8_t *stream = packet->data; 659 uint8_t event_code; 660 command_opcode_t opcode; 661 662 STREAM_TO_UINT8(event_code, stream); 663 STREAM_SKIP_UINT8(stream); // Skip the parameter total length field 664 665 if (event_code == HCI_COMMAND_COMPLETE_EVT) { 666 STREAM_TO_UINT8(command_credits, stream); 667 STREAM_TO_UINT16(opcode, stream); 668 669 wait_entry = get_waiting_command(opcode); 670 if (!wait_entry) { 671 // TODO: Currently command_credits aren't parsed at all; here or in higher layers... 672 if (opcode != HCI_COMMAND_NONE) { 673 LOG_WARN(LOG_TAG, "%s command complete event with no matching command (opcode: 0x%04x).", 674 __func__, opcode); 675 } 676 } else if (wait_entry->complete_callback) { 677 wait_entry->complete_callback(packet, wait_entry->context); 678 } else if (wait_entry->complete_future) { 679 future_ready(wait_entry->complete_future, packet); 680 } 681 682 goto intercepted; 683 } else if (event_code == HCI_COMMAND_STATUS_EVT) { 684 uint8_t status; 685 STREAM_TO_UINT8(status, stream); 686 STREAM_TO_UINT8(command_credits, stream); 687 STREAM_TO_UINT16(opcode, stream); 688 689 // If a command generates a command status event, it won't be getting a command complete event 690 691 wait_entry = get_waiting_command(opcode); 692 if (!wait_entry) 693 LOG_WARN(LOG_TAG, "%s command status event with no matching command. opcode: 0x%x", __func__, opcode); 694 else if (wait_entry->status_callback) 695 wait_entry->status_callback(status, wait_entry->command, wait_entry->context); 696 697 goto intercepted; 698 } 699 700 return false; 701 702 intercepted: 703 update_command_response_timer(); 704 705 if (wait_entry) { 706 // If it has a callback, it's responsible for freeing the packet 707 if (event_code == HCI_COMMAND_STATUS_EVT || (!wait_entry->complete_callback && !wait_entry->complete_future)) 708 buffer_allocator->free(packet); 709 710 // If it has a callback, it's responsible for freeing the command 711 if (event_code == HCI_COMMAND_COMPLETE_EVT || !wait_entry->status_callback) 712 buffer_allocator->free(wait_entry->command); 713 714 osi_free(wait_entry); 715 } else { 716 buffer_allocator->free(packet); 717 } 718 719 return true; 720 } 721 722 // Callback for the fragmenter to dispatch up a completely reassembled packet 723 static void dispatch_reassembled(BT_HDR *packet) { 724 // Events should already have been dispatched before this point 725 assert((packet->event & MSG_EVT_MASK) != MSG_HC_TO_STACK_HCI_EVT); 726 assert(upwards_data_queue != NULL); 727 728 if (upwards_data_queue) { 729 fixed_queue_enqueue(upwards_data_queue, packet); 730 } else { 731 LOG_ERROR(LOG_TAG, "%s had no queue to place upwards data packet in. Dropping it on the floor.", __func__); 732 buffer_allocator->free(packet); 733 } 734 } 735 736 // Misc internal functions 737 738 // TODO(zachoverflow): we seem to do this a couple places, like the HCI inject module. #centralize 739 static serial_data_type_t event_to_data_type(uint16_t event) { 740 if (event == MSG_STACK_TO_HC_HCI_ACL) 741 return DATA_TYPE_ACL; 742 else if (event == MSG_STACK_TO_HC_HCI_SCO) 743 return DATA_TYPE_SCO; 744 else if (event == MSG_STACK_TO_HC_HCI_CMD) 745 return DATA_TYPE_COMMAND; 746 else 747 LOG_ERROR(LOG_TAG, "%s invalid event type, could not translate 0x%x", __func__, event); 748 749 return 0; 750 } 751 752 static waiting_command_t *get_waiting_command(command_opcode_t opcode) { 753 pthread_mutex_lock(&commands_pending_response_lock); 754 755 for (const list_node_t *node = list_begin(commands_pending_response); 756 node != list_end(commands_pending_response); 757 node = list_next(node)) { 758 waiting_command_t *wait_entry = list_node(node); 759 760 if (!wait_entry || wait_entry->opcode != opcode) 761 continue; 762 763 list_remove(commands_pending_response, wait_entry); 764 765 pthread_mutex_unlock(&commands_pending_response_lock); 766 return wait_entry; 767 } 768 769 pthread_mutex_unlock(&commands_pending_response_lock); 770 return NULL; 771 } 772 773 static void update_command_response_timer(void) { 774 if (list_is_empty(commands_pending_response)) { 775 alarm_cancel(command_response_timer); 776 } else { 777 alarm_set(command_response_timer, COMMAND_PENDING_TIMEOUT_MS, 778 command_timed_out, NULL); 779 } 780 } 781 782 static void init_layer_interface() { 783 if (!interface_created) { 784 interface.send_low_power_command = low_power_manager->post_command; 785 interface.do_postload = do_postload; 786 787 // It's probably ok for this to live forever. It's small and 788 // there's only one instance of the hci interface. 789 interface.event_dispatcher = data_dispatcher_new("hci_layer"); 790 if (!interface.event_dispatcher) { 791 LOG_ERROR(LOG_TAG, "%s could not create upward dispatcher.", __func__); 792 return; 793 } 794 795 interface.set_data_queue = set_data_queue; 796 interface.transmit_command = transmit_command; 797 interface.transmit_command_futured = transmit_command_futured; 798 interface.transmit_downward = transmit_downward; 799 interface_created = true; 800 } 801 } 802 803 void hci_layer_cleanup_interface() { 804 if (interface_created) { 805 interface.send_low_power_command = NULL; 806 interface.do_postload = NULL; 807 808 data_dispatcher_free(interface.event_dispatcher); 809 interface.event_dispatcher = NULL; 810 811 interface.set_data_queue = NULL; 812 interface.transmit_command = NULL; 813 interface.transmit_command_futured = NULL; 814 interface.transmit_downward = NULL; 815 interface_created = false; 816 } 817 } 818 819 static const hci_hal_callbacks_t hal_callbacks = { 820 hal_says_data_ready 821 }; 822 823 static const packet_fragmenter_callbacks_t packet_fragmenter_callbacks = { 824 transmit_fragment, 825 dispatch_reassembled, 826 fragmenter_transmit_finished 827 }; 828 829 const hci_t *hci_layer_get_interface() { 830 buffer_allocator = buffer_allocator_get_interface(); 831 hal = hci_hal_get_interface(); 832 btsnoop = btsnoop_get_interface(); 833 hci_inject = hci_inject_get_interface(); 834 packet_fragmenter = packet_fragmenter_get_interface(); 835 vendor = vendor_get_interface(); 836 low_power_manager = low_power_manager_get_interface(); 837 838 init_layer_interface(); 839 return &interface; 840 } 841 842 const hci_t *hci_layer_get_test_interface( 843 const allocator_t *buffer_allocator_interface, 844 const hci_hal_t *hal_interface, 845 const btsnoop_t *btsnoop_interface, 846 const hci_inject_t *hci_inject_interface, 847 const packet_fragmenter_t *packet_fragmenter_interface, 848 const vendor_t *vendor_interface, 849 const low_power_manager_t *low_power_manager_interface) { 850 851 buffer_allocator = buffer_allocator_interface; 852 hal = hal_interface; 853 btsnoop = btsnoop_interface; 854 hci_inject = hci_inject_interface; 855 packet_fragmenter = packet_fragmenter_interface; 856 vendor = vendor_interface; 857 low_power_manager = low_power_manager_interface; 858 859 init_layer_interface(); 860 return &interface; 861 } 862
