zoukankan      html  css  js  c++  java
  • Bluedroid协议栈BTU线程处理HCI数据流程分析

    在蓝牙enable的过程中会进行多个线程的创建以及将线程与队列进行绑定的工作。该篇文章主要分析一下处理hci数据这个 线程。

    void BTU_StartUp(void)
    {
    ...
        btu_bta_msg_queue = fixed_queue_new(SIZE_MAX);
    
        btu_general_alarm_hash_map = hash_map_new(BTU_GENERAL_ALARM_HASH_MAP_SIZE,
                hash_function_pointer, NULL, (data_free_fn)alarm_free, NULL);
    
        btu_general_alarm_queue = fixed_queue_new(SIZE_MAX);
        btu_oneshot_alarm_hash_map = hash_map_new(BTU_ONESHOT_ALARM_HASH_MAP_SIZE,
                hash_function_pointer, NULL, (data_free_fn)alarm_free, NULL);
    
        btu_oneshot_alarm_queue = fixed_queue_new(SIZE_MAX);
    
        btu_l2cap_alarm_hash_map = hash_map_new(BTU_L2CAP_ALARM_HASH_MAP_SIZE,
                hash_function_pointer, NULL, (data_free_fn)alarm_free, NULL);
    
        btu_l2cap_alarm_queue = fixed_queue_new(SIZE_MAX);
    
        bt_workqueue_thread = thread_new(BT_WORKQUEUE_NAME);//该线程为处理各个task 的线程,之后会与多个队列绑定
    // Continue startup on bt workqueue thread. thread_post(bt_workqueue_thread, btu_task_start_up, NULL);//在bt_workqueue_thread中继续startup的工作
    return; 
    }

     剩下的enable 的工作会在这个函数中btu_task_start_up继续做:

    void btu_task_start_up(UNUSED_ATTR void *context) {
    ...
      /* Initialize the mandatory core stack control blocks
         (BTU, BTM, L2CAP, and SDP)
       */
      btu_init_core();
      /* Initialize any optional stack components */
      BTE_InitStack();
      bta_sys_init();
      // Inform the bt jni thread initialization is ok.
      btif_transfer_context(btif_init_ok, 0, NULL, 0, NULL);
    
      fixed_queue_register_dequeue(btu_bta_msg_queue,//绑定btu_bta_msg_queue
          thread_get_reactor(bt_workqueue_thread),
          btu_bta_msg_ready,
          NULL);
    
      fixed_queue_register_dequeue(btu_hci_msg_queue,//绑定btu_hci_msg_queue
          thread_get_reactor(bt_workqueue_thread),
          btu_hci_msg_ready,
          NULL);
    
      fixed_queue_register_dequeue(btu_general_alarm_queue,//绑定btu_general_alarm_queue
          thread_get_reactor(bt_workqueue_thread),
          btu_general_alarm_ready,
          NULL);
    
      fixed_queue_register_dequeue(btu_oneshot_alarm_queue,//绑定btu_oneshot_alarm_queue
          thread_get_reactor(bt_workqueue_thread),
          btu_oneshot_alarm_ready,
          NULL);
    
      fixed_queue_register_dequeue(btu_l2cap_alarm_queue,//绑定btu_l2cap_alarm_queue
          thread_get_reactor(bt_workqueue_thread),
          btu_l2cap_alarm_ready,
          NULL);
    }

    这里绑定的含义就是当被绑定的队列里面有数据可以读写的时候,就会在该线程中处理,处理的函数就是fixed_queue_register_dequeue函数的第三个参数和第四个参数,分别对应于读和写的函数。

    从上面的注册信息来看,都是当队列里面有数据的时候,调用函数来处理这些队列中的消息。

    现在具体分析一下btu_hci_msg_queue 这个队列的处理流程。

    稍微思考一下,可以想到从controller 传上来的消息都会塞到这个队列里面。现在具体的分析,controller传上来的数据 都是通过bt driver来上传的,上传上来的数据有event以及acl data,这两者应该都是放置到这个队列进行处理的。

    在协议栈中,当底层有数据的时候,会调用该函数:

    hci_layer.c中:

    static void hal_says_data_ready(serial_data_type_t type) {
      packet_receive_data_t *incoming = &incoming_packets[PACKET_TYPE_TO_INBOUND_INDEX(type)];
    
      uint8_t byte;
      while (hal->read_data(type, &byte, 1, false) != 0) {
        switch (incoming->state) {
          case BRAND_NEW:
            // Initialize and prepare to jump to the preamble reading state
            incoming->bytes_remaining = preamble_sizes[PACKET_TYPE_TO_INDEX(type)];
            memset(incoming->preamble, 0, PREAMBLE_BUFFER_SIZE);
            incoming->index = 0;
            incoming->state = PREAMBLE;
            // INTENTIONAL FALLTHROUGH
          case PREAMBLE:
            incoming->preamble[incoming->index] = byte;
            incoming->index++;
            incoming->bytes_remaining--;
    
            if (incoming->bytes_remaining == 0) {
              // For event and sco preambles, the last byte we read is the length
              incoming->bytes_remaining = (type == DATA_TYPE_ACL) ? RETRIEVE_ACL_LENGTH(incoming->preamble) : byte;
    
              size_t buffer_size = BT_HDR_SIZE + incoming->index + incoming->bytes_remaining;
              incoming->buffer = (BT_HDR *)buffer_allocator->alloc(buffer_size);
    
              if (!incoming->buffer) {
                LOG_ERROR("%s error getting buffer for incoming packet of type %d and size %zd", __func__, type, buffer_size);
                // Can't read any more of this current packet, so jump out
                incoming->state = incoming->bytes_remaining == 0 ? BRAND_NEW : IGNORE;
                break;
              }
    
              // Initialize the buffer
              incoming->buffer->offset = 0;
              incoming->buffer->layer_specific = 0;
              incoming->buffer->event = outbound_event_types[PACKET_TYPE_TO_INDEX(type)];
              memcpy(incoming->buffer->data, incoming->preamble, incoming->index);
    
              incoming->state = incoming->bytes_remaining > 0 ? BODY : FINISHED;
            }
    
            break;
          case BODY:
            incoming->buffer->data[incoming->index] = byte;
            incoming->index++;
            incoming->bytes_remaining--;
    
            size_t bytes_read = hal->read_data(type, (incoming->buffer->data + incoming->index), incoming->bytes_remaining, false);
            incoming->index += bytes_read;
            incoming->bytes_remaining -= bytes_read;
    
            incoming->state = incoming->bytes_remaining == 0 ? FINISHED : incoming->state;
            break;
          case IGNORE:
            incoming->bytes_remaining--;
            if (incoming->bytes_remaining == 0) {
              incoming->state = BRAND_NEW;
              // Don't forget to let the hal know we finished the packet we were ignoring.
              // Otherwise we'll get out of sync with hals that embed extra information
              // in the uart stream (like H4). #badnewsbears
              hal->packet_finished(type);
              return;
            }
    
            break;
          case FINISHED:
            LOG_ERROR("%s the state machine should not have been left in the finished state.", __func__);
            break;
        }
    
        if (incoming->state == FINISHED) {
          incoming->buffer->len = incoming->index;
          btsnoop->capture(incoming->buffer, true);//capture btsnoop
    
          if (type != DATA_TYPE_EVENT) {
            packet_fragmenter->reassemble_and_dispatch(incoming->buffer);//acl data的处理
          } else if (!filter_incoming_event(incoming->buffer)) {//event 的处理
            // Dispatch the event by event code
            uint8_t *stream = incoming->buffer->data;
            uint8_t event_code;
            STREAM_TO_UINT8(event_code, stream);
    
            data_dispatcher_dispatch(
              interface.event_dispatcher,
              event_code,
              incoming->buffer
            );
          }
    
          // We don't control the buffer anymore
          incoming->buffer = NULL;
          incoming->state = BRAND_NEW;
          hal->packet_finished(type);
    
          // We return after a packet is finished for two reasons:
          // 1. The type of the next packet could be different.
          // 2. We don't want to hog cpu time.
          return;
        }
      }
    }

    从上面的函数可以看出,如果封包接收没有结束会继续接收,直到incoming->state == FINISHED ,这个时候说明封包完整的接收到了。对于封包的处理,做了如下的事情:

    1. 录制btsnoop
    2. 根据不同数据类型分别路由到不同的处理函数,acl data 以及其他的封包由packet_fragmenter->reassemble_and_dispatch(incoming->buffer) 来处理。event事件由

      data_dispatcher_dispatch(interface.event_dispatcher,event_code,incoming->buffer) 

    这里分别看看两个函数的具体处理流程:

    packet_fragmenter->reassemble_and_dispatch


    先看看这个packet_fragmenter_t结构:

    static const packet_fragmenter_t interface = {
      init,
      cleanup,
      fragment_and_dispatch,
      reassemble_and_dispatch
    };

    其中的具体实现,我这里

    static void reassemble_and_dispatch(UNUSED_ATTR BT_HDR *packet) {
      if ((packet->event & MSG_EVT_MASK) == MSG_HC_TO_STACK_HCI_ACL) {
    ...
        STREAM_TO_UINT16(handle, stream);
        STREAM_TO_UINT16(acl_length, stream);
        STREAM_TO_UINT16(l2cap_length, stream);
    
        BT_HDR *partial_packet = (BT_HDR *)hash_map_get(partial_packets, (void *)(uintptr_t)handle);
          memcpy(partial_packet->data, packet->data, packet->len);
    ...
          packet->offset = HCI_ACL_PREAMBLE_SIZE;
    ...
          memcpy(
            partial_packet->data + partial_packet->offset,
            packet->data + packet->offset,
            packet->len - packet->offset
          );
    ...
          if (partial_packet->offset == partial_packet->len) {
            hash_map_erase(partial_packets, (void *)(uintptr_t)handle);
            partial_packet->offset = 0;
            callbacks->reassembled(partial_packet);//最终调用hci_hal_callbacks_t的
          }
        }
      } else {
        callbacks->reassembled(packet);
      }
    }

     上面看到最终调用callbacks->reassembled(partial_packet);来处理,实现在hci_layer.c

    static const packet_fragmenter_callbacks_t packet_fragmenter_callbacks = {
      transmit_fragment,
      dispatch_reassembled,//实际调用的是这个函数
      fragmenter_transmit_finished,
      filter_incoming_event
      fragmenter_transmit_finished
    #endif
    };

     看具体实现:

    // Callback for the fragmenter to dispatch up a completely reassembled packet
    static void dispatch_reassembled(BT_HDR *packet) {
      // Events should already have been dispatched before this point
      assert(upwards_data_queue != NULL);
    
      if (upwards_data_queue) {//放置都这个queue
        fixed_queue_enqueue(upwards_data_queue, packet);
      } else {
        LOG_ERROR("%s had no queue to place upwards data packet in. Dropping it on the floor.", __func__);
        buffer_allocator->free(packet);
      }
    }
    static void set_data_queue(fixed_queue_t *queue) { //这个函数对该队列赋值
      upwards_data_queue = queue;
    }
    static void init_layer_interface() {
      if (!interface_created) {
        interface.send_low_power_command = low_power_manager->post_command;
        interface.do_postload = do_postload;
        interface.event_dispatcher = data_dispatcher_new("hci_layer");
    
        interface.set_data_queue = set_data_queue;//肯定是别的地方调用hci 的interface来设置这个队列的
    
        interface.transmit_command = transmit_command;
        interface.transmit_command_futured = transmit_command_futured;
        interface.transmit_downward = transmit_downward;
        interface_created = true;
      }
    }

    这里其实是在蓝牙初始化的时候就已经做了,

    void bte_main_boot_entry(void)
    {
        module_init(get_module(GKI_MODULE));
        module_init(get_module(COUNTER_MODULE));
    
        hci = hci_layer_get_interface();//获取hci的interface
    
        btu_hci_msg_queue = fixed_queue_new(SIZE_MAX);
        if (btu_hci_msg_queue == NULL) {
          LOG_ERROR("%s unable to allocate hci message queue.", __func__);
          return;
        }
        data_dispatcher_register_default(hci->event_dispatcher, btu_hci_msg_queue);
        hci->set_data_queue(btu_hci_msg_queue);//将btu_hci_msg_queue传入,也就是后来的upwards_data_queue
    ...
    }

    到这里,我们知道了,其实acl的数据都最终会放置到这个btu_hci_msg_queue 队列来处理。


    现在我们看看

    data_dispatcher_dispatch(interface.event_dispatcher,event_code,incoming->buffer) 的处理流程:

    我们先看看data_dispatcher_dispatch的实现:

    bool data_dispatcher_dispatch(data_dispatcher_t *dispatcher, data_dispatcher_type_t type, void *data) {
      fixed_queue_t *queue = hash_map_get(dispatcher->dispatch_table, (void *)type);
      if (!queue)
        queue = dispatcher->default_queue;//如果没有获取到专用的队列,就用默认的队列
    
      if (queue)
        fixed_queue_enqueue(queue, data);//将数据加入到队列里面
      return queue != NULL;
    }

    当前不清楚 dispatcher->dispatch_table 的队列的情况,在init_layer_interface中:

     interface.event_dispatcher = data_dispatcher_new("hci_layer");

    这里没有设置专用的队列,那在哪里有设置呢?其实还是在上面的蓝牙init的时候:

    void bte_main_boot_entry(void)
    {
        module_init(get_module(GKI_MODULE));
        module_init(get_module(COUNTER_MODULE));
    
        hci = hci_layer_get_interface();//获取hci的interface
    
        btu_hci_msg_queue = fixed_queue_new(SIZE_MAX);
        if (btu_hci_msg_queue == NULL) {
          LOG_ERROR("%s unable to allocate hci message queue.", __func__);
          return;
        }
        data_dispatcher_register_default(hci->event_dispatcher, btu_hci_msg_queue);//将btu_hci_msg_queue 注册给hci的event_dispatcher,
        hci->set_data_queue(btu_hci_msg_queue);//将btu_hci_msg_queue传入,也就是后来的upwards_data_queue
    ...
    }
    void data_dispatcher_register_default(data_dispatcher_t *dispatcher, fixed_queue_t *queue) {
      assert(dispatcher != NULL);
      dispatcher->default_queue = queue;
    }

    到这里,我们发现,的确是所有的controller上来的数据都是放置到btu_hci_msg_queue来等待处理,

    后续的具体的处理流程很简单,根据不同的数据类型,发配给不同的函数来处理。

  • 相关阅读:
    了解Android_09之GridView(网格视图)
    了解Android_08之ListView(列表视图)
    了解Android_07之ImageView与使用glide第三方库加载网络图片
    了解Android_06之CheckBox
    了解Android_05之RadioButton
    了解Android_04之EditText标签
    了解Android_03之Button标签
    了解Android_02之TextView标签
    了解Android_01之HelloWorld
    02_vue本地应用(v-text,v-html,v-on,v-show,v-if,v-bind,v-for,v-model)
  • 原文地址:https://www.cnblogs.com/libs-liu/p/9211278.html
Copyright © 2011-2022 走看看