tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Bluetooth: compute LE flow credits based on recvbuf space

Previously LE flow credits were returned to the
sender even if the socket's receive buffer was
full. This meant that no back-pressure
was applied to the sender, thus it continued to
send data, resulting in data loss without any
error being reported. Furthermore, the amount
of credits was essentially fixed to a small
amount, leading to reduced performance.

This is fixed by computing the number of returned
LE flow credits based on the estimated available
space in the receive buffer of an L2CAP socket.
Consequently, if the receive buffer is full, no
credits are returned until the buffer is read and
thus cleared by user-space.

Since the computation of available receive buffer
space can only be performed approximately (due to
sk_buff overhead) and the receive buffer size may
be changed by user-space after flow credits have
been sent, superfluous received data is temporary
stored within l2cap_pinfo. This is necessary
because Bluetooth LE provides no retransmission
mechanism once the data has been acked by the
physical layer.

If receive buffer space estimation is not possible
at the moment, we fall back to providing credits
for one full packet as before. This is currently
the case during connection setup, when MPS is not
yet available.

Fixes: b1c325c23d75 ("Bluetooth: Implement returning of LE L2CAP credits")
Signed-off-by: Sebastian Urban <surban@surban.net>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

authored by

Sebastian Urban and committed by
Luiz Augusto von Dentz ce60b923 73b2652c

+132 -26
+10 -1
include/net/bluetooth/l2cap.h
··· 554 554 __u16 tx_credits; 555 555 __u16 rx_credits; 556 556 557 + /* estimated available receive buffer space or -1 if unknown */ 558 + ssize_t rx_avail; 559 + 557 560 __u8 tx_state; 558 561 __u8 rx_state; 559 562 ··· 691 688 /* ----- L2CAP socket info ----- */ 692 689 #define l2cap_pi(sk) ((struct l2cap_pinfo *) sk) 693 690 691 + struct l2cap_rx_busy { 692 + struct list_head list; 693 + struct sk_buff *skb; 694 + }; 695 + 694 696 struct l2cap_pinfo { 695 697 struct bt_sock bt; 696 698 struct l2cap_chan *chan; 697 - struct sk_buff *rx_busy_skb; 699 + struct list_head rx_busy; 698 700 }; 699 701 700 702 enum { ··· 957 949 int l2cap_chan_reconfigure(struct l2cap_chan *chan, __u16 mtu); 958 950 int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len); 959 951 void l2cap_chan_busy(struct l2cap_chan *chan, int busy); 952 + void l2cap_chan_rx_avail(struct l2cap_chan *chan, ssize_t rx_avail); 960 953 int l2cap_chan_check_security(struct l2cap_chan *chan, bool initiator); 961 954 void l2cap_chan_set_defaults(struct l2cap_chan *chan); 962 955 int l2cap_ertm_init(struct l2cap_chan *chan);
+49 -7
net/bluetooth/l2cap_core.c
··· 457 457 /* Set default lock nesting level */ 458 458 atomic_set(&chan->nesting, L2CAP_NESTING_NORMAL); 459 459 460 + /* Available receive buffer space is initially unknown */ 461 + chan->rx_avail = -1; 462 + 460 463 write_lock(&chan_list_lock); 461 464 list_add(&chan->global_l, &chan_list); 462 465 write_unlock(&chan_list_lock); ··· 541 538 } 542 539 EXPORT_SYMBOL_GPL(l2cap_chan_set_defaults); 543 540 541 + static __u16 l2cap_le_rx_credits(struct l2cap_chan *chan) 542 + { 543 + size_t sdu_len = chan->sdu ? chan->sdu->len : 0; 544 + 545 + if (chan->mps == 0) 546 + return 0; 547 + 548 + /* If we don't know the available space in the receiver buffer, give 549 + * enough credits for a full packet. 550 + */ 551 + if (chan->rx_avail == -1) 552 + return (chan->imtu / chan->mps) + 1; 553 + 554 + /* If we know how much space is available in the receive buffer, give 555 + * out as many credits as would fill the buffer. 556 + */ 557 + if (chan->rx_avail <= sdu_len) 558 + return 0; 559 + 560 + return DIV_ROUND_UP(chan->rx_avail - sdu_len, chan->mps); 561 + } 562 + 544 563 static void l2cap_le_flowctl_init(struct l2cap_chan *chan, u16 tx_credits) 545 564 { 546 565 chan->sdu = NULL; ··· 571 546 chan->tx_credits = tx_credits; 572 547 /* Derive MPS from connection MTU to stop HCI fragmentation */ 573 548 chan->mps = min_t(u16, chan->imtu, chan->conn->mtu - L2CAP_HDR_SIZE); 574 - /* Give enough credits for a full packet */ 575 - chan->rx_credits = (chan->imtu / chan->mps) + 1; 549 + chan->rx_credits = l2cap_le_rx_credits(chan); 576 550 577 551 skb_queue_head_init(&chan->tx_q); 578 552 } ··· 583 559 /* L2CAP implementations shall support a minimum MPS of 64 octets */ 584 560 if (chan->mps < L2CAP_ECRED_MIN_MPS) { 585 561 chan->mps = L2CAP_ECRED_MIN_MPS; 586 - chan->rx_credits = (chan->imtu / chan->mps) + 1; 562 + chan->rx_credits = l2cap_le_rx_credits(chan); 587 563 } 588 564 } 589 565 ··· 6536 6512 { 6537 6513 struct l2cap_conn *conn = chan->conn; 6538 6514 struct l2cap_le_credits pkt; 6539 - u16 return_credits; 6540 - 6541 - return_credits = (chan->imtu / chan->mps) + 1; 6515 + u16 return_credits = l2cap_le_rx_credits(chan); 6542 6516 6543 6517 if (chan->rx_credits >= return_credits) 6544 6518 return; ··· 6555 6533 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CREDITS, sizeof(pkt), &pkt); 6556 6534 } 6557 6535 6536 + void l2cap_chan_rx_avail(struct l2cap_chan *chan, ssize_t rx_avail) 6537 + { 6538 + if (chan->rx_avail == rx_avail) 6539 + return; 6540 + 6541 + BT_DBG("chan %p has %zd bytes avail for rx", chan, rx_avail); 6542 + 6543 + chan->rx_avail = rx_avail; 6544 + 6545 + if (chan->state == BT_CONNECTED) 6546 + l2cap_chan_le_send_credits(chan); 6547 + } 6548 + 6558 6549 static int l2cap_ecred_recv(struct l2cap_chan *chan, struct sk_buff *skb) 6559 6550 { 6560 6551 int err; ··· 6576 6541 6577 6542 /* Wait recv to confirm reception before updating the credits */ 6578 6543 err = chan->ops->recv(chan, skb); 6544 + 6545 + if (err < 0 && chan->rx_avail != -1) { 6546 + BT_ERR("Queueing received LE L2CAP data failed"); 6547 + l2cap_send_disconn_req(chan, ECONNRESET); 6548 + return err; 6549 + } 6579 6550 6580 6551 /* Update credits whenever an SDU is received */ 6581 6552 l2cap_chan_le_send_credits(chan); ··· 6605 6564 } 6606 6565 6607 6566 chan->rx_credits--; 6608 - BT_DBG("rx_credits %u -> %u", chan->rx_credits + 1, chan->rx_credits); 6567 + BT_DBG("chan %p: rx_credits %u -> %u", 6568 + chan, chan->rx_credits + 1, chan->rx_credits); 6609 6569 6610 6570 /* Update if remote had run out of credits, this should only happens 6611 6571 * if the remote is not using the entire MPS.
+73 -18
net/bluetooth/l2cap_sock.c
··· 1131 1131 return err; 1132 1132 } 1133 1133 1134 + static void l2cap_publish_rx_avail(struct l2cap_chan *chan) 1135 + { 1136 + struct sock *sk = chan->data; 1137 + ssize_t avail = sk->sk_rcvbuf - atomic_read(&sk->sk_rmem_alloc); 1138 + int expected_skbs, skb_overhead; 1139 + 1140 + if (avail <= 0) { 1141 + l2cap_chan_rx_avail(chan, 0); 1142 + return; 1143 + } 1144 + 1145 + if (!chan->mps) { 1146 + l2cap_chan_rx_avail(chan, -1); 1147 + return; 1148 + } 1149 + 1150 + /* Correct available memory by estimated sk_buff overhead. 1151 + * This is significant due to small transfer sizes. However, accept 1152 + * at least one full packet if receive space is non-zero. 1153 + */ 1154 + expected_skbs = DIV_ROUND_UP(avail, chan->mps); 1155 + skb_overhead = expected_skbs * sizeof(struct sk_buff); 1156 + if (skb_overhead < avail) 1157 + l2cap_chan_rx_avail(chan, avail - skb_overhead); 1158 + else 1159 + l2cap_chan_rx_avail(chan, -1); 1160 + } 1161 + 1134 1162 static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1135 1163 size_t len, int flags) 1136 1164 { ··· 1195 1167 else 1196 1168 err = bt_sock_recvmsg(sock, msg, len, flags); 1197 1169 1198 - if (pi->chan->mode != L2CAP_MODE_ERTM) 1170 + if (pi->chan->mode != L2CAP_MODE_ERTM && 1171 + pi->chan->mode != L2CAP_MODE_LE_FLOWCTL && 1172 + pi->chan->mode != L2CAP_MODE_EXT_FLOWCTL) 1199 1173 return err; 1200 - 1201 - /* Attempt to put pending rx data in the socket buffer */ 1202 1174 1203 1175 lock_sock(sk); 1204 1176 1205 - if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 1206 - goto done; 1177 + l2cap_publish_rx_avail(pi->chan); 1207 1178 1208 - if (pi->rx_busy_skb) { 1209 - if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 1210 - pi->rx_busy_skb = NULL; 1211 - else 1179 + /* Attempt to put pending rx data in the socket buffer */ 1180 + while (!list_empty(&pi->rx_busy)) { 1181 + struct l2cap_rx_busy *rx_busy = 1182 + list_first_entry(&pi->rx_busy, 1183 + struct l2cap_rx_busy, 1184 + list); 1185 + if (__sock_queue_rcv_skb(sk, rx_busy->skb) < 0) 1212 1186 goto done; 1187 + list_del(&rx_busy->list); 1188 + kfree(rx_busy); 1213 1189 } 1214 1190 1215 1191 /* Restore data flow when half of the receive buffer is 1216 1192 * available. This avoids resending large numbers of 1217 1193 * frames. 1218 1194 */ 1219 - if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 1195 + if (test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state) && 1196 + atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 1220 1197 l2cap_chan_busy(pi->chan, 0); 1221 1198 1222 1199 done: ··· 1482 1449 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 1483 1450 { 1484 1451 struct sock *sk = chan->data; 1452 + struct l2cap_pinfo *pi = l2cap_pi(sk); 1485 1453 int err; 1486 1454 1487 1455 lock_sock(sk); 1488 1456 1489 - if (l2cap_pi(sk)->rx_busy_skb) { 1457 + if (chan->mode == L2CAP_MODE_ERTM && !list_empty(&pi->rx_busy)) { 1490 1458 err = -ENOMEM; 1491 1459 goto done; 1492 1460 } 1493 1461 1494 1462 if (chan->mode != L2CAP_MODE_ERTM && 1495 - chan->mode != L2CAP_MODE_STREAMING) { 1463 + chan->mode != L2CAP_MODE_STREAMING && 1464 + chan->mode != L2CAP_MODE_LE_FLOWCTL && 1465 + chan->mode != L2CAP_MODE_EXT_FLOWCTL) { 1496 1466 /* Even if no filter is attached, we could potentially 1497 1467 * get errors from security modules, etc. 1498 1468 */ ··· 1506 1470 1507 1471 err = __sock_queue_rcv_skb(sk, skb); 1508 1472 1509 - /* For ERTM, handle one skb that doesn't fit into the recv 1473 + l2cap_publish_rx_avail(chan); 1474 + 1475 + /* For ERTM and LE, handle a skb that doesn't fit into the recv 1510 1476 * buffer. This is important to do because the data frames 1511 1477 * have already been acked, so the skb cannot be discarded. 1512 1478 * ··· 1517 1479 * acked and reassembled until there is buffer space 1518 1480 * available. 1519 1481 */ 1520 - if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1521 - l2cap_pi(sk)->rx_busy_skb = skb; 1482 + if (err < 0 && 1483 + (chan->mode == L2CAP_MODE_ERTM || 1484 + chan->mode == L2CAP_MODE_LE_FLOWCTL || 1485 + chan->mode == L2CAP_MODE_EXT_FLOWCTL)) { 1486 + struct l2cap_rx_busy *rx_busy = 1487 + kmalloc(sizeof(*rx_busy), GFP_KERNEL); 1488 + if (!rx_busy) { 1489 + err = -ENOMEM; 1490 + goto done; 1491 + } 1492 + rx_busy->skb = skb; 1493 + list_add_tail(&rx_busy->list, &pi->rx_busy); 1522 1494 l2cap_chan_busy(chan, 1); 1523 1495 err = 0; 1524 1496 } ··· 1754 1706 1755 1707 static void l2cap_sock_destruct(struct sock *sk) 1756 1708 { 1709 + struct l2cap_rx_busy *rx_busy, *next; 1710 + 1757 1711 BT_DBG("sk %p", sk); 1758 1712 1759 1713 if (l2cap_pi(sk)->chan) { ··· 1763 1713 l2cap_chan_put(l2cap_pi(sk)->chan); 1764 1714 } 1765 1715 1766 - if (l2cap_pi(sk)->rx_busy_skb) { 1767 - kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1768 - l2cap_pi(sk)->rx_busy_skb = NULL; 1716 + list_for_each_entry_safe(rx_busy, next, &l2cap_pi(sk)->rx_busy, list) { 1717 + kfree_skb(rx_busy->skb); 1718 + list_del(&rx_busy->list); 1719 + kfree(rx_busy); 1769 1720 } 1770 1721 1771 1722 skb_queue_purge(&sk->sk_receive_queue); ··· 1850 1799 1851 1800 chan->data = sk; 1852 1801 chan->ops = &l2cap_chan_ops; 1802 + 1803 + l2cap_publish_rx_avail(chan); 1853 1804 } 1854 1805 1855 1806 static struct proto l2cap_proto = { ··· 1872 1819 1873 1820 sk->sk_destruct = l2cap_sock_destruct; 1874 1821 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1822 + 1823 + INIT_LIST_HEAD(&l2cap_pi(sk)->rx_busy); 1875 1824 1876 1825 chan = l2cap_chan_create(); 1877 1826 if (!chan) {