1 /* hci_core.c - HCI core Bluetooth handling */
2
3 /*
4 * Copyright (c) 2017-2021 Nordic Semiconductor ASA
5 * Copyright (c) 2015-2016 Intel Corporation
6 *
7 * SPDX-License-Identifier: Apache-2.0
8 */
9
10 #include <zephyr/kernel.h>
11 #include <string.h>
12 #include <stdio.h>
13 #include <errno.h>
14 #include <zephyr/sys/atomic.h>
15 #include <zephyr/sys/check.h>
16 #include <zephyr/sys/util.h>
17 #include <zephyr/sys/slist.h>
18 #include <zephyr/sys/byteorder.h>
19 #include <zephyr/debug/stack.h>
20 #include <zephyr/sys/__assert.h>
21 #include <soc.h>
22
23 #include <zephyr/settings/settings.h>
24
25 #include <zephyr/bluetooth/bluetooth.h>
26 #include <zephyr/bluetooth/conn.h>
27 #include <zephyr/bluetooth/l2cap.h>
28 #include <zephyr/bluetooth/hci.h>
29 #include <zephyr/bluetooth/hci_vs.h>
30 #include <zephyr/drivers/bluetooth/hci_driver.h>
31
32 #include "common/bt_str.h"
33 #include "common/assert.h"
34
35 #include "common/rpa.h"
36 #include "keys.h"
37 #include "monitor.h"
38 #include "hci_core.h"
39 #include "hci_ecc.h"
40 #include "ecc.h"
41 #include "id.h"
42 #include "adv.h"
43 #include "scan.h"
44
45 #include "addr_internal.h"
46 #include "conn_internal.h"
47 #include "iso_internal.h"
48 #include "l2cap_internal.h"
49 #include "gatt_internal.h"
50 #include "smp.h"
51 #include "crypto.h"
52 #include "settings.h"
53
54 #if defined(CONFIG_BT_BREDR)
55 #include "br.h"
56 #endif
57
58 #if defined(CONFIG_BT_DF)
59 #include "direction_internal.h"
60 #endif /* CONFIG_BT_DF */
61
62 #define LOG_LEVEL CONFIG_BT_HCI_CORE_LOG_LEVEL
63 #include <zephyr/logging/log.h>
64 LOG_MODULE_REGISTER(bt_hci_core);
65
66 #define HCI_CMD_TIMEOUT K_SECONDS(10)
67
68 /* Stacks for the threads */
69 #if !defined(CONFIG_BT_RECV_BLOCKING)
70 static void rx_work_handler(struct k_work *work);
71 static K_WORK_DEFINE(rx_work, rx_work_handler);
72 #if defined(CONFIG_BT_RECV_WORKQ_BT)
73 static struct k_work_q bt_workq;
74 static K_KERNEL_STACK_DEFINE(rx_thread_stack, CONFIG_BT_RX_STACK_SIZE);
75 #endif /* CONFIG_BT_RECV_WORKQ_BT */
76 #endif /* !CONFIG_BT_RECV_BLOCKING */
77 static struct k_thread tx_thread_data;
78 static K_KERNEL_STACK_DEFINE(tx_thread_stack, CONFIG_BT_HCI_TX_STACK_SIZE);
79
80 static void init_work(struct k_work *work);
81
82 struct bt_dev bt_dev = {
83 .init = Z_WORK_INITIALIZER(init_work),
84 #if defined(CONFIG_BT_PRIVACY)
85 .rpa_timeout = CONFIG_BT_RPA_TIMEOUT,
86 #endif
87 #if defined(CONFIG_BT_DEVICE_APPEARANCE_DYNAMIC)
88 .appearance = CONFIG_BT_DEVICE_APPEARANCE,
89 #endif
90 };
91
92 static bt_ready_cb_t ready_cb;
93
94 #if defined(CONFIG_BT_HCI_VS_EVT_USER)
95 static bt_hci_vnd_evt_cb_t *hci_vnd_evt_cb;
96 #endif /* CONFIG_BT_HCI_VS_EVT_USER */
97
98 struct cmd_data {
99 /** HCI status of the command completion */
100 uint8_t status;
101
102 /** The command OpCode that the buffer contains */
103 uint16_t opcode;
104
105 /** The state to update when command completes with success. */
106 struct bt_hci_cmd_state_set *state;
107
108 /** Used by bt_hci_cmd_send_sync. */
109 struct k_sem *sync;
110 };
111
112 static struct cmd_data cmd_data[CONFIG_BT_BUF_CMD_TX_COUNT];
113
114 #define cmd(buf) (&cmd_data[net_buf_id(buf)])
115 #define acl(buf) ((struct acl_data *)net_buf_user_data(buf))
116
bt_hci_cmd_state_set_init(struct net_buf * buf,struct bt_hci_cmd_state_set * state,atomic_t * target,int bit,bool val)117 void bt_hci_cmd_state_set_init(struct net_buf *buf,
118 struct bt_hci_cmd_state_set *state,
119 atomic_t *target, int bit, bool val)
120 {
121 state->target = target;
122 state->bit = bit;
123 state->val = val;
124 cmd(buf)->state = state;
125 }
126
127 /* HCI command buffers. Derive the needed size from both Command and Event
128 * buffer length since the buffer is also used for the response event i.e
129 * command complete or command status.
130 */
131 #define CMD_BUF_SIZE MAX(BT_BUF_EVT_RX_SIZE, BT_BUF_CMD_TX_SIZE)
132 NET_BUF_POOL_FIXED_DEFINE(hci_cmd_pool, CONFIG_BT_BUF_CMD_TX_COUNT,
133 CMD_BUF_SIZE, sizeof(struct bt_buf_data), NULL);
134
135 struct event_handler {
136 uint8_t event;
137 uint8_t min_len;
138 void (*handler)(struct net_buf *buf);
139 };
140
141 #define EVENT_HANDLER(_evt, _handler, _min_len) \
142 { \
143 .event = _evt, \
144 .handler = _handler, \
145 .min_len = _min_len, \
146 }
147
handle_event_common(uint8_t event,struct net_buf * buf,const struct event_handler * handlers,size_t num_handlers)148 static int handle_event_common(uint8_t event, struct net_buf *buf,
149 const struct event_handler *handlers, size_t num_handlers)
150 {
151 size_t i;
152
153 for (i = 0; i < num_handlers; i++) {
154 const struct event_handler *handler = &handlers[i];
155
156 if (handler->event != event) {
157 continue;
158 }
159
160 if (buf->len < handler->min_len) {
161 LOG_ERR("Too small (%u bytes) event 0x%02x", buf->len, event);
162 return -EINVAL;
163 }
164
165 handler->handler(buf);
166 return 0;
167 }
168
169 return -EOPNOTSUPP;
170 }
171
handle_event(uint8_t event,struct net_buf * buf,const struct event_handler * handlers,size_t num_handlers)172 static void handle_event(uint8_t event, struct net_buf *buf, const struct event_handler *handlers,
173 size_t num_handlers)
174 {
175 int err;
176
177 err = handle_event_common(event, buf, handlers, num_handlers);
178 if (err == -EOPNOTSUPP) {
179 LOG_WRN("Unhandled event 0x%02x len %u: %s", event, buf->len,
180 bt_hex(buf->data, buf->len));
181 }
182
183 /* Other possible errors are handled by handle_event_common function */
184 }
185
handle_vs_event(uint8_t event,struct net_buf * buf,const struct event_handler * handlers,size_t num_handlers)186 static void handle_vs_event(uint8_t event, struct net_buf *buf,
187 const struct event_handler *handlers, size_t num_handlers)
188 {
189 int err;
190
191 err = handle_event_common(event, buf, handlers, num_handlers);
192 if (err == -EOPNOTSUPP) {
193 LOG_WRN("Unhandled vendor-specific event: %s", bt_hex(buf->data, buf->len));
194 }
195
196 /* Other possible errors are handled by handle_event_common function */
197 }
198
199 #if defined(CONFIG_BT_HCI_ACL_FLOW_CONTROL)
bt_hci_host_num_completed_packets(struct net_buf * buf)200 void bt_hci_host_num_completed_packets(struct net_buf *buf)
201 {
202
203 struct bt_hci_cp_host_num_completed_packets *cp;
204 uint16_t handle = acl(buf)->handle;
205 struct bt_hci_handle_count *hc;
206 struct bt_conn *conn;
207 uint8_t index = acl(buf)->index;
208
209 net_buf_destroy(buf);
210
211 /* Do nothing if controller to host flow control is not supported */
212 if (!BT_CMD_TEST(bt_dev.supported_commands, 10, 5)) {
213 return;
214 }
215
216 conn = bt_conn_lookup_index(index);
217 if (!conn) {
218 LOG_WRN("Unable to look up conn with index 0x%02x", index);
219 return;
220 }
221
222 if (conn->state != BT_CONN_CONNECTED &&
223 conn->state != BT_CONN_DISCONNECTING) {
224 LOG_WRN("Not reporting packet for non-connected conn");
225 bt_conn_unref(conn);
226 return;
227 }
228
229 bt_conn_unref(conn);
230
231 LOG_DBG("Reporting completed packet for handle %u", handle);
232
233 buf = bt_hci_cmd_create(BT_HCI_OP_HOST_NUM_COMPLETED_PACKETS,
234 sizeof(*cp) + sizeof(*hc));
235 if (!buf) {
236 LOG_ERR("Unable to allocate new HCI command");
237 return;
238 }
239
240 cp = net_buf_add(buf, sizeof(*cp));
241 cp->num_handles = sys_cpu_to_le16(1);
242
243 hc = net_buf_add(buf, sizeof(*hc));
244 hc->handle = sys_cpu_to_le16(handle);
245 hc->count = sys_cpu_to_le16(1);
246
247 bt_hci_cmd_send(BT_HCI_OP_HOST_NUM_COMPLETED_PACKETS, buf);
248 }
249 #endif /* defined(CONFIG_BT_HCI_ACL_FLOW_CONTROL) */
250
bt_hci_cmd_create(uint16_t opcode,uint8_t param_len)251 struct net_buf *bt_hci_cmd_create(uint16_t opcode, uint8_t param_len)
252 {
253 struct bt_hci_cmd_hdr *hdr;
254 struct net_buf *buf;
255
256 LOG_DBG("opcode 0x%04x param_len %u", opcode, param_len);
257
258 buf = net_buf_alloc(&hci_cmd_pool, K_FOREVER);
259 __ASSERT_NO_MSG(buf);
260
261 LOG_DBG("buf %p", buf);
262
263 net_buf_reserve(buf, BT_BUF_RESERVE);
264
265 bt_buf_set_type(buf, BT_BUF_CMD);
266
267 cmd(buf)->opcode = opcode;
268 cmd(buf)->sync = NULL;
269 cmd(buf)->state = NULL;
270
271 hdr = net_buf_add(buf, sizeof(*hdr));
272 hdr->opcode = sys_cpu_to_le16(opcode);
273 hdr->param_len = param_len;
274
275 return buf;
276 }
277
bt_hci_cmd_send(uint16_t opcode,struct net_buf * buf)278 int bt_hci_cmd_send(uint16_t opcode, struct net_buf *buf)
279 {
280 if (!buf) {
281 buf = bt_hci_cmd_create(opcode, 0);
282 if (!buf) {
283 return -ENOBUFS;
284 }
285 }
286
287 LOG_DBG("opcode 0x%04x len %u", opcode, buf->len);
288
289 /* Host Number of Completed Packets can ignore the ncmd value
290 * and does not generate any cmd complete/status events.
291 */
292 if (opcode == BT_HCI_OP_HOST_NUM_COMPLETED_PACKETS) {
293 int err;
294
295 err = bt_send(buf);
296 if (err) {
297 LOG_ERR("Unable to send to driver (err %d)", err);
298 net_buf_unref(buf);
299 }
300
301 return err;
302 }
303
304 net_buf_put(&bt_dev.cmd_tx_queue, buf);
305
306 return 0;
307 }
308
bt_hci_cmd_send_sync(uint16_t opcode,struct net_buf * buf,struct net_buf ** rsp)309 int bt_hci_cmd_send_sync(uint16_t opcode, struct net_buf *buf,
310 struct net_buf **rsp)
311 {
312 struct k_sem sync_sem;
313 uint8_t status;
314 int err;
315
316 if (!buf) {
317 buf = bt_hci_cmd_create(opcode, 0);
318 if (!buf) {
319 return -ENOBUFS;
320 }
321 }
322
323 LOG_DBG("buf %p opcode 0x%04x len %u", buf, opcode, buf->len);
324
325 k_sem_init(&sync_sem, 0, 1);
326 cmd(buf)->sync = &sync_sem;
327
328 net_buf_put(&bt_dev.cmd_tx_queue, net_buf_ref(buf));
329
330 err = k_sem_take(&sync_sem, HCI_CMD_TIMEOUT);
331 BT_ASSERT_MSG(err == 0, "command opcode 0x%04x timeout with err %d", opcode, err);
332
333 status = cmd(buf)->status;
334 if (status) {
335 LOG_WRN("opcode 0x%04x status 0x%02x", opcode, status);
336 net_buf_unref(buf);
337
338 switch (status) {
339 case BT_HCI_ERR_CONN_LIMIT_EXCEEDED:
340 return -ECONNREFUSED;
341 case BT_HCI_ERR_INSUFFICIENT_RESOURCES:
342 return -ENOMEM;
343 case BT_HCI_ERR_INVALID_PARAM:
344 return -EINVAL;
345 default:
346 return -EIO;
347 }
348 }
349
350 LOG_DBG("rsp %p opcode 0x%04x len %u", buf, opcode, buf->len);
351
352 if (rsp) {
353 *rsp = buf;
354 } else {
355 net_buf_unref(buf);
356 }
357
358 return 0;
359 }
360
bt_hci_le_rand(void * buffer,size_t len)361 int bt_hci_le_rand(void *buffer, size_t len)
362 {
363 struct bt_hci_rp_le_rand *rp;
364 struct net_buf *rsp;
365 size_t count;
366 int err;
367
368 /* Check first that HCI_LE_Rand is supported */
369 if (!BT_CMD_TEST(bt_dev.supported_commands, 27, 7)) {
370 return -ENOTSUP;
371 }
372
373 while (len > 0) {
374 /* Number of bytes to fill on this iteration */
375 count = MIN(len, sizeof(rp->rand));
376 /* Request the next 8 bytes over HCI */
377 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_RAND, NULL, &rsp);
378 if (err) {
379 return err;
380 }
381 /* Copy random data into buffer */
382 rp = (void *)rsp->data;
383 memcpy(buffer, rp->rand, count);
384
385 net_buf_unref(rsp);
386 buffer = (uint8_t *)buffer + count;
387 len -= count;
388 }
389
390 return 0;
391 }
392
hci_le_read_max_data_len(uint16_t * tx_octets,uint16_t * tx_time)393 static int hci_le_read_max_data_len(uint16_t *tx_octets, uint16_t *tx_time)
394 {
395 struct bt_hci_rp_le_read_max_data_len *rp;
396 struct net_buf *rsp;
397 int err;
398
399 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_MAX_DATA_LEN, NULL, &rsp);
400 if (err) {
401 LOG_ERR("Failed to read DLE max data len");
402 return err;
403 }
404
405 rp = (void *)rsp->data;
406 *tx_octets = sys_le16_to_cpu(rp->max_tx_octets);
407 *tx_time = sys_le16_to_cpu(rp->max_tx_time);
408 net_buf_unref(rsp);
409
410 return 0;
411 }
412
bt_get_phy(uint8_t hci_phy)413 uint8_t bt_get_phy(uint8_t hci_phy)
414 {
415 switch (hci_phy) {
416 case BT_HCI_LE_PHY_1M:
417 return BT_GAP_LE_PHY_1M;
418 case BT_HCI_LE_PHY_2M:
419 return BT_GAP_LE_PHY_2M;
420 case BT_HCI_LE_PHY_CODED:
421 return BT_GAP_LE_PHY_CODED;
422 default:
423 return 0;
424 }
425 }
426
bt_get_df_cte_type(uint8_t hci_cte_type)427 int bt_get_df_cte_type(uint8_t hci_cte_type)
428 {
429 switch (hci_cte_type) {
430 case BT_HCI_LE_AOA_CTE:
431 return BT_DF_CTE_TYPE_AOA;
432 case BT_HCI_LE_AOD_CTE_1US:
433 return BT_DF_CTE_TYPE_AOD_1US;
434 case BT_HCI_LE_AOD_CTE_2US:
435 return BT_DF_CTE_TYPE_AOD_2US;
436 case BT_HCI_LE_NO_CTE:
437 return BT_DF_CTE_TYPE_NONE;
438 default:
439 return BT_DF_CTE_TYPE_NONE;
440 }
441 }
442
443 #if defined(CONFIG_BT_CONN_TX)
hci_num_completed_packets(struct net_buf * buf)444 static void hci_num_completed_packets(struct net_buf *buf)
445 {
446 struct bt_hci_evt_num_completed_packets *evt = (void *)buf->data;
447 int i;
448
449 if (sizeof(*evt) + sizeof(evt->h[0]) * evt->num_handles > buf->len) {
450 LOG_ERR("evt num_handles (=%u) too large (%u > %u)",
451 evt->num_handles,
452 sizeof(*evt) + sizeof(evt->h[0]) * evt->num_handles,
453 buf->len);
454 return;
455 }
456
457 LOG_DBG("num_handles %u", evt->num_handles);
458
459 for (i = 0; i < evt->num_handles; i++) {
460 uint16_t handle, count;
461 struct bt_conn *conn;
462
463 handle = sys_le16_to_cpu(evt->h[i].handle);
464 count = sys_le16_to_cpu(evt->h[i].count);
465
466 LOG_DBG("handle %u count %u", handle, count);
467
468 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
469 if (!conn) {
470 LOG_ERR("No connection for handle %u", handle);
471 continue;
472 }
473
474 while (count--) {
475 struct bt_conn_tx *tx;
476 sys_snode_t *node;
477 unsigned int key;
478
479 key = irq_lock();
480
481 if (conn->pending_no_cb) {
482 conn->pending_no_cb--;
483 irq_unlock(key);
484 k_sem_give(bt_conn_get_pkts(conn));
485 continue;
486 }
487
488 node = sys_slist_get(&conn->tx_pending);
489 irq_unlock(key);
490
491 if (!node) {
492 LOG_ERR("packets count mismatch");
493 break;
494 }
495
496 tx = CONTAINER_OF(node, struct bt_conn_tx, node);
497
498 key = irq_lock();
499 conn->pending_no_cb = tx->pending_no_cb;
500 tx->pending_no_cb = 0U;
501 sys_slist_append(&conn->tx_complete, &tx->node);
502 irq_unlock(key);
503
504 k_work_submit(&conn->tx_complete_work);
505 k_sem_give(bt_conn_get_pkts(conn));
506 }
507
508 bt_conn_unref(conn);
509 }
510 }
511 #endif /* CONFIG_BT_CONN_TX */
512
513 #if defined(CONFIG_BT_CONN)
hci_acl(struct net_buf * buf)514 static void hci_acl(struct net_buf *buf)
515 {
516 struct bt_hci_acl_hdr *hdr;
517 uint16_t handle, len;
518 struct bt_conn *conn;
519 uint8_t flags;
520
521 LOG_DBG("buf %p", buf);
522 if (buf->len < sizeof(*hdr)) {
523 LOG_ERR("Invalid HCI ACL packet size (%u)", buf->len);
524 net_buf_unref(buf);
525 return;
526 }
527
528 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
529 len = sys_le16_to_cpu(hdr->len);
530 handle = sys_le16_to_cpu(hdr->handle);
531 flags = bt_acl_flags(handle);
532
533 acl(buf)->handle = bt_acl_handle(handle);
534 acl(buf)->index = BT_CONN_INDEX_INVALID;
535
536 LOG_DBG("handle %u len %u flags %u", acl(buf)->handle, len, flags);
537
538 if (buf->len != len) {
539 LOG_ERR("ACL data length mismatch (%u != %u)", buf->len, len);
540 net_buf_unref(buf);
541 return;
542 }
543
544 conn = bt_conn_lookup_handle(acl(buf)->handle, BT_CONN_TYPE_ALL);
545 if (!conn) {
546 LOG_ERR("Unable to find conn for handle %u", acl(buf)->handle);
547 net_buf_unref(buf);
548 return;
549 }
550
551 acl(buf)->index = bt_conn_index(conn);
552
553 bt_conn_recv(conn, buf, flags);
554 bt_conn_unref(conn);
555 }
556
hci_data_buf_overflow(struct net_buf * buf)557 static void hci_data_buf_overflow(struct net_buf *buf)
558 {
559 struct bt_hci_evt_data_buf_overflow *evt = (void *)buf->data;
560
561 LOG_WRN("Data buffer overflow (link type 0x%02x)", evt->link_type);
562 }
563
564 #if defined(CONFIG_BT_CENTRAL)
set_phy_conn_param(const struct bt_conn * conn,struct bt_hci_ext_conn_phy * phy)565 static void set_phy_conn_param(const struct bt_conn *conn,
566 struct bt_hci_ext_conn_phy *phy)
567 {
568 phy->conn_interval_min = sys_cpu_to_le16(conn->le.interval_min);
569 phy->conn_interval_max = sys_cpu_to_le16(conn->le.interval_max);
570 phy->conn_latency = sys_cpu_to_le16(conn->le.latency);
571 phy->supervision_timeout = sys_cpu_to_le16(conn->le.timeout);
572
573 phy->min_ce_len = 0;
574 phy->max_ce_len = 0;
575 }
576
bt_le_create_conn_ext(const struct bt_conn * conn)577 int bt_le_create_conn_ext(const struct bt_conn *conn)
578 {
579 struct bt_hci_cp_le_ext_create_conn *cp;
580 struct bt_hci_ext_conn_phy *phy;
581 struct bt_hci_cmd_state_set state;
582 bool use_filter = false;
583 struct net_buf *buf;
584 uint8_t own_addr_type;
585 uint8_t num_phys;
586 int err;
587
588 if (IS_ENABLED(CONFIG_BT_FILTER_ACCEPT_LIST)) {
589 use_filter = atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT);
590 }
591
592 err = bt_id_set_create_conn_own_addr(use_filter, &own_addr_type);
593 if (err) {
594 return err;
595 }
596
597 num_phys = (!(bt_dev.create_param.options &
598 BT_CONN_LE_OPT_NO_1M) ? 1 : 0) +
599 ((bt_dev.create_param.options &
600 BT_CONN_LE_OPT_CODED) ? 1 : 0);
601
602 buf = bt_hci_cmd_create(BT_HCI_OP_LE_EXT_CREATE_CONN, sizeof(*cp) +
603 num_phys * sizeof(*phy));
604 if (!buf) {
605 return -ENOBUFS;
606 }
607
608 cp = net_buf_add(buf, sizeof(*cp));
609 (void)memset(cp, 0, sizeof(*cp));
610
611 if (use_filter) {
612 /* User Initiated procedure use fast scan parameters. */
613 bt_addr_le_copy(&cp->peer_addr, BT_ADDR_LE_ANY);
614 cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_FILTER;
615 } else {
616 const bt_addr_le_t *peer_addr = &conn->le.dst;
617
618 #if defined(CONFIG_BT_SMP)
619 if (bt_dev.le.rl_entries > bt_dev.le.rl_size) {
620 /* Host resolving is used, use the RPA directly. */
621 peer_addr = &conn->le.resp_addr;
622 }
623 #endif
624 bt_addr_le_copy(&cp->peer_addr, peer_addr);
625 cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_NO_FILTER;
626 }
627
628 cp->own_addr_type = own_addr_type;
629 cp->phys = 0;
630
631 if (!(bt_dev.create_param.options & BT_CONN_LE_OPT_NO_1M)) {
632 cp->phys |= BT_HCI_LE_EXT_SCAN_PHY_1M;
633 phy = net_buf_add(buf, sizeof(*phy));
634 phy->scan_interval = sys_cpu_to_le16(
635 bt_dev.create_param.interval);
636 phy->scan_window = sys_cpu_to_le16(
637 bt_dev.create_param.window);
638 set_phy_conn_param(conn, phy);
639 }
640
641 if (bt_dev.create_param.options & BT_CONN_LE_OPT_CODED) {
642 cp->phys |= BT_HCI_LE_EXT_SCAN_PHY_CODED;
643 phy = net_buf_add(buf, sizeof(*phy));
644 phy->scan_interval = sys_cpu_to_le16(
645 bt_dev.create_param.interval_coded);
646 phy->scan_window = sys_cpu_to_le16(
647 bt_dev.create_param.window_coded);
648 set_phy_conn_param(conn, phy);
649 }
650
651 bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags,
652 BT_DEV_INITIATING, true);
653
654 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_EXT_CREATE_CONN, buf, NULL);
655 }
656
bt_le_create_conn_synced(const struct bt_conn * conn,const struct bt_le_ext_adv * adv,uint8_t subevent)657 int bt_le_create_conn_synced(const struct bt_conn *conn, const struct bt_le_ext_adv *adv,
658 uint8_t subevent)
659 {
660 struct bt_hci_cp_le_ext_create_conn_v2 *cp;
661 struct bt_hci_ext_conn_phy *phy;
662 struct bt_hci_cmd_state_set state;
663 struct net_buf *buf;
664 uint8_t own_addr_type;
665 int err;
666
667 err = bt_id_set_create_conn_own_addr(false, &own_addr_type);
668 if (err) {
669 return err;
670 }
671
672 /* There shall only be one Initiating_PHYs */
673 buf = bt_hci_cmd_create(BT_HCI_OP_LE_EXT_CREATE_CONN_V2, sizeof(*cp) + sizeof(*phy));
674 if (!buf) {
675 return -ENOBUFS;
676 }
677
678 cp = net_buf_add(buf, sizeof(*cp));
679 (void)memset(cp, 0, sizeof(*cp));
680
681 cp->subevent = subevent;
682 cp->adv_handle = adv->handle;
683 bt_addr_le_copy(&cp->peer_addr, &conn->le.dst);
684 cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_NO_FILTER;
685 cp->own_addr_type = own_addr_type;
686
687 /* The Initiating_PHY is the secondary phy of the corresponding ext adv set */
688 if (adv->options & BT_LE_ADV_OPT_CODED) {
689 cp->phys = BT_HCI_LE_EXT_SCAN_PHY_CODED;
690 } else if (adv->options & BT_LE_ADV_OPT_NO_2M) {
691 cp->phys = BT_HCI_LE_EXT_SCAN_PHY_1M;
692 } else {
693 cp->phys = BT_HCI_LE_EXT_SCAN_PHY_2M;
694 }
695
696 phy = net_buf_add(buf, sizeof(*phy));
697 (void)memset(phy, 0, sizeof(*phy));
698 set_phy_conn_param(conn, phy);
699
700 bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags, BT_DEV_INITIATING, true);
701
702 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_EXT_CREATE_CONN_V2, buf, NULL);
703 }
704
bt_le_create_conn_legacy(const struct bt_conn * conn)705 static int bt_le_create_conn_legacy(const struct bt_conn *conn)
706 {
707 struct bt_hci_cp_le_create_conn *cp;
708 struct bt_hci_cmd_state_set state;
709 bool use_filter = false;
710 struct net_buf *buf;
711 uint8_t own_addr_type;
712 int err;
713
714 if (IS_ENABLED(CONFIG_BT_FILTER_ACCEPT_LIST)) {
715 use_filter = atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT);
716 }
717
718 err = bt_id_set_create_conn_own_addr(use_filter, &own_addr_type);
719 if (err) {
720 return err;
721 }
722
723 buf = bt_hci_cmd_create(BT_HCI_OP_LE_CREATE_CONN, sizeof(*cp));
724 if (!buf) {
725 return -ENOBUFS;
726 }
727
728 cp = net_buf_add(buf, sizeof(*cp));
729 memset(cp, 0, sizeof(*cp));
730 cp->own_addr_type = own_addr_type;
731
732 if (use_filter) {
733 /* User Initiated procedure use fast scan parameters. */
734 bt_addr_le_copy(&cp->peer_addr, BT_ADDR_LE_ANY);
735 cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_FILTER;
736 } else {
737 const bt_addr_le_t *peer_addr = &conn->le.dst;
738
739 #if defined(CONFIG_BT_SMP)
740 if (bt_dev.le.rl_entries > bt_dev.le.rl_size) {
741 /* Host resolving is used, use the RPA directly. */
742 peer_addr = &conn->le.resp_addr;
743 }
744 #endif
745 bt_addr_le_copy(&cp->peer_addr, peer_addr);
746 cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_NO_FILTER;
747 }
748
749 cp->scan_interval = sys_cpu_to_le16(bt_dev.create_param.interval);
750 cp->scan_window = sys_cpu_to_le16(bt_dev.create_param.window);
751
752 cp->conn_interval_min = sys_cpu_to_le16(conn->le.interval_min);
753 cp->conn_interval_max = sys_cpu_to_le16(conn->le.interval_max);
754 cp->conn_latency = sys_cpu_to_le16(conn->le.latency);
755 cp->supervision_timeout = sys_cpu_to_le16(conn->le.timeout);
756
757 bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags,
758 BT_DEV_INITIATING, true);
759
760 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_CREATE_CONN, buf, NULL);
761 }
762
bt_le_create_conn(const struct bt_conn * conn)763 int bt_le_create_conn(const struct bt_conn *conn)
764 {
765 if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
766 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
767 return bt_le_create_conn_ext(conn);
768 }
769
770 return bt_le_create_conn_legacy(conn);
771 }
772
bt_le_create_conn_cancel(void)773 int bt_le_create_conn_cancel(void)
774 {
775 struct net_buf *buf;
776 struct bt_hci_cmd_state_set state;
777
778 buf = bt_hci_cmd_create(BT_HCI_OP_LE_CREATE_CONN_CANCEL, 0);
779
780 bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags,
781 BT_DEV_INITIATING, false);
782
783 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_CREATE_CONN_CANCEL, buf, NULL);
784 }
785 #endif /* CONFIG_BT_CENTRAL */
786
bt_hci_disconnect(uint16_t handle,uint8_t reason)787 int bt_hci_disconnect(uint16_t handle, uint8_t reason)
788 {
789 struct net_buf *buf;
790 struct bt_hci_cp_disconnect *disconn;
791
792 buf = bt_hci_cmd_create(BT_HCI_OP_DISCONNECT, sizeof(*disconn));
793 if (!buf) {
794 return -ENOBUFS;
795 }
796
797 disconn = net_buf_add(buf, sizeof(*disconn));
798 disconn->handle = sys_cpu_to_le16(handle);
799 disconn->reason = reason;
800
801 return bt_hci_cmd_send_sync(BT_HCI_OP_DISCONNECT, buf, NULL);
802 }
803
804 static uint16_t disconnected_handles[CONFIG_BT_MAX_CONN];
disconnected_handles_reset(void)805 static void disconnected_handles_reset(void)
806 {
807 (void)memset(disconnected_handles, 0, sizeof(disconnected_handles));
808 }
809
conn_handle_disconnected(uint16_t handle)810 static void conn_handle_disconnected(uint16_t handle)
811 {
812 for (int i = 0; i < ARRAY_SIZE(disconnected_handles); i++) {
813 if (!disconnected_handles[i]) {
814 /* Use invalid connection handle bits so that connection
815 * handle 0 can be used as a valid non-zero handle.
816 */
817 disconnected_handles[i] = ~BT_ACL_HANDLE_MASK | handle;
818 }
819 }
820 }
821
conn_handle_is_disconnected(uint16_t handle)822 static bool conn_handle_is_disconnected(uint16_t handle)
823 {
824 handle |= ~BT_ACL_HANDLE_MASK;
825
826 for (int i = 0; i < ARRAY_SIZE(disconnected_handles); i++) {
827 if (disconnected_handles[i] == handle) {
828 disconnected_handles[i] = 0;
829 return true;
830 }
831 }
832
833 return false;
834 }
835
hci_disconn_complete_prio(struct net_buf * buf)836 static void hci_disconn_complete_prio(struct net_buf *buf)
837 {
838 struct bt_hci_evt_disconn_complete *evt = (void *)buf->data;
839 uint16_t handle = sys_le16_to_cpu(evt->handle);
840 struct bt_conn *conn;
841
842 LOG_DBG("status 0x%02x handle %u reason 0x%02x", evt->status, handle, evt->reason);
843
844 if (evt->status) {
845 return;
846 }
847
848 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
849 if (!conn) {
850 /* Priority disconnect complete event received before normal
851 * connection complete event.
852 */
853 conn_handle_disconnected(handle);
854 return;
855 }
856
857 bt_conn_set_state(conn, BT_CONN_DISCONNECT_COMPLETE);
858 bt_conn_unref(conn);
859 }
860
hci_disconn_complete(struct net_buf * buf)861 static void hci_disconn_complete(struct net_buf *buf)
862 {
863 struct bt_hci_evt_disconn_complete *evt = (void *)buf->data;
864 uint16_t handle = sys_le16_to_cpu(evt->handle);
865 struct bt_conn *conn;
866
867 LOG_DBG("status 0x%02x handle %u reason 0x%02x", evt->status, handle, evt->reason);
868
869 if (evt->status) {
870 return;
871 }
872
873 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
874 if (!conn) {
875 LOG_ERR("Unable to look up conn with handle %u", handle);
876 return;
877 }
878
879 conn->err = evt->reason;
880
881 bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
882
883 if (conn->type != BT_CONN_TYPE_LE) {
884 #if defined(CONFIG_BT_BREDR)
885 if (conn->type == BT_CONN_TYPE_SCO) {
886 bt_sco_cleanup(conn);
887 return;
888 }
889 /*
890 * If only for one connection session bond was set, clear keys
891 * database row for this connection.
892 */
893 if (conn->type == BT_CONN_TYPE_BR &&
894 atomic_test_and_clear_bit(conn->flags, BT_CONN_BR_NOBOND)) {
895 bt_keys_link_key_clear(conn->br.link_key);
896 }
897 #endif
898 bt_conn_unref(conn);
899 return;
900 }
901
902 #if defined(CONFIG_BT_CENTRAL) && !defined(CONFIG_BT_FILTER_ACCEPT_LIST)
903 if (atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT)) {
904 bt_conn_set_state(conn, BT_CONN_CONNECTING_SCAN);
905 bt_le_scan_update(false);
906 }
907 #endif /* defined(CONFIG_BT_CENTRAL) && !defined(CONFIG_BT_FILTER_ACCEPT_LIST) */
908
909 bt_conn_unref(conn);
910 }
911
hci_le_read_remote_features(struct bt_conn * conn)912 static int hci_le_read_remote_features(struct bt_conn *conn)
913 {
914 struct bt_hci_cp_le_read_remote_features *cp;
915 struct net_buf *buf;
916
917 buf = bt_hci_cmd_create(BT_HCI_OP_LE_READ_REMOTE_FEATURES,
918 sizeof(*cp));
919 if (!buf) {
920 return -ENOBUFS;
921 }
922
923 cp = net_buf_add(buf, sizeof(*cp));
924 cp->handle = sys_cpu_to_le16(conn->handle);
925 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_REMOTE_FEATURES, buf, NULL);
926 }
927
hci_read_remote_version(struct bt_conn * conn)928 static int hci_read_remote_version(struct bt_conn *conn)
929 {
930 struct bt_hci_cp_read_remote_version_info *cp;
931 struct net_buf *buf;
932
933 if (conn->state != BT_CONN_CONNECTED) {
934 return -ENOTCONN;
935 }
936
937 /* Remote version cannot change. */
938 if (atomic_test_bit(conn->flags, BT_CONN_AUTO_VERSION_INFO)) {
939 return 0;
940 }
941
942 buf = bt_hci_cmd_create(BT_HCI_OP_READ_REMOTE_VERSION_INFO,
943 sizeof(*cp));
944 if (!buf) {
945 return -ENOBUFS;
946 }
947
948 cp = net_buf_add(buf, sizeof(*cp));
949 cp->handle = sys_cpu_to_le16(conn->handle);
950
951 return bt_hci_cmd_send_sync(BT_HCI_OP_READ_REMOTE_VERSION_INFO, buf,
952 NULL);
953 }
954
955 /* LE Data Length Change Event is optional so this function just ignore
956 * error and stack will continue to use default values.
957 */
bt_le_set_data_len(struct bt_conn * conn,uint16_t tx_octets,uint16_t tx_time)958 int bt_le_set_data_len(struct bt_conn *conn, uint16_t tx_octets, uint16_t tx_time)
959 {
960 struct bt_hci_cp_le_set_data_len *cp;
961 struct net_buf *buf;
962
963 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_DATA_LEN, sizeof(*cp));
964 if (!buf) {
965 return -ENOBUFS;
966 }
967
968 cp = net_buf_add(buf, sizeof(*cp));
969 cp->handle = sys_cpu_to_le16(conn->handle);
970 cp->tx_octets = sys_cpu_to_le16(tx_octets);
971 cp->tx_time = sys_cpu_to_le16(tx_time);
972
973 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_DATA_LEN, buf, NULL);
974 }
975
976 #if defined(CONFIG_BT_USER_PHY_UPDATE)
hci_le_read_phy(struct bt_conn * conn)977 static int hci_le_read_phy(struct bt_conn *conn)
978 {
979 struct bt_hci_cp_le_read_phy *cp;
980 struct bt_hci_rp_le_read_phy *rp;
981 struct net_buf *buf, *rsp;
982 int err;
983
984 buf = bt_hci_cmd_create(BT_HCI_OP_LE_READ_PHY, sizeof(*cp));
985 if (!buf) {
986 return -ENOBUFS;
987 }
988
989 cp = net_buf_add(buf, sizeof(*cp));
990 cp->handle = sys_cpu_to_le16(conn->handle);
991
992 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_PHY, buf, &rsp);
993 if (err) {
994 return err;
995 }
996
997 rp = (void *)rsp->data;
998 conn->le.phy.tx_phy = bt_get_phy(rp->tx_phy);
999 conn->le.phy.rx_phy = bt_get_phy(rp->rx_phy);
1000 net_buf_unref(rsp);
1001
1002 return 0;
1003 }
1004 #endif /* defined(CONFIG_BT_USER_PHY_UPDATE) */
1005
bt_le_set_phy(struct bt_conn * conn,uint8_t all_phys,uint8_t pref_tx_phy,uint8_t pref_rx_phy,uint8_t phy_opts)1006 int bt_le_set_phy(struct bt_conn *conn, uint8_t all_phys,
1007 uint8_t pref_tx_phy, uint8_t pref_rx_phy, uint8_t phy_opts)
1008 {
1009 struct bt_hci_cp_le_set_phy *cp;
1010 struct net_buf *buf;
1011
1012 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_PHY, sizeof(*cp));
1013 if (!buf) {
1014 return -ENOBUFS;
1015 }
1016
1017 cp = net_buf_add(buf, sizeof(*cp));
1018 cp->handle = sys_cpu_to_le16(conn->handle);
1019 cp->all_phys = all_phys;
1020 cp->tx_phys = pref_tx_phy;
1021 cp->rx_phys = pref_rx_phy;
1022 cp->phy_opts = phy_opts;
1023
1024 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_PHY, buf, NULL);
1025 }
1026
find_pending_connect(uint8_t role,bt_addr_le_t * peer_addr)1027 static struct bt_conn *find_pending_connect(uint8_t role, bt_addr_le_t *peer_addr)
1028 {
1029 struct bt_conn *conn;
1030
1031 /*
1032 * Make lookup to check if there's a connection object in
1033 * CONNECT or CONNECT_AUTO state associated with passed peer LE address.
1034 */
1035 if (IS_ENABLED(CONFIG_BT_CENTRAL) && role == BT_HCI_ROLE_CENTRAL) {
1036 conn = bt_conn_lookup_state_le(BT_ID_DEFAULT, peer_addr,
1037 BT_CONN_CONNECTING);
1038 if (IS_ENABLED(CONFIG_BT_FILTER_ACCEPT_LIST) && !conn) {
1039 conn = bt_conn_lookup_state_le(BT_ID_DEFAULT,
1040 BT_ADDR_LE_NONE,
1041 BT_CONN_CONNECTING_AUTO);
1042 }
1043
1044 return conn;
1045 }
1046
1047 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) && role == BT_HCI_ROLE_PERIPHERAL) {
1048 conn = bt_conn_lookup_state_le(bt_dev.adv_conn_id, peer_addr,
1049 BT_CONN_CONNECTING_DIR_ADV);
1050 if (!conn) {
1051 conn = bt_conn_lookup_state_le(bt_dev.adv_conn_id,
1052 BT_ADDR_LE_NONE,
1053 BT_CONN_CONNECTING_ADV);
1054 }
1055
1056 return conn;
1057 }
1058
1059 return NULL;
1060 }
1061
1062 /* We don't want the application to get a PHY update callback upon connection
1063 * establishment on 2M PHY. Therefore we must prevent issuing LE Set PHY
1064 * in this scenario.
1065 */
skip_auto_phy_update_on_conn_establishment(struct bt_conn * conn)1066 static bool skip_auto_phy_update_on_conn_establishment(struct bt_conn *conn)
1067 {
1068 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1069 if (IS_ENABLED(CONFIG_BT_AUTO_PHY_UPDATE) &&
1070 IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1071 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
1072 if (conn->le.phy.tx_phy == BT_HCI_LE_PHY_2M &&
1073 conn->le.phy.rx_phy == BT_HCI_LE_PHY_2M) {
1074 return true;
1075 }
1076 }
1077 #else
1078 ARG_UNUSED(conn);
1079 #endif /* defined(CONFIG_BT_USER_PHY_UPDATE) */
1080
1081 return false;
1082 }
1083
conn_auto_initiate(struct bt_conn * conn)1084 static void conn_auto_initiate(struct bt_conn *conn)
1085 {
1086 int err;
1087
1088 if (conn->state != BT_CONN_CONNECTED) {
1089 /* It is possible that connection was disconnected directly from
1090 * connected callback so we must check state before doing
1091 * connection parameters update.
1092 */
1093 return;
1094 }
1095
1096 if (!atomic_test_bit(conn->flags, BT_CONN_AUTO_FEATURE_EXCH) &&
1097 ((conn->role == BT_HCI_ROLE_CENTRAL) ||
1098 BT_FEAT_LE_PER_INIT_FEAT_XCHG(bt_dev.le.features))) {
1099 err = hci_le_read_remote_features(conn);
1100 if (err) {
1101 LOG_ERR("Failed read remote features (%d)", err);
1102 }
1103 }
1104
1105 if (IS_ENABLED(CONFIG_BT_REMOTE_VERSION) &&
1106 !atomic_test_bit(conn->flags, BT_CONN_AUTO_VERSION_INFO)) {
1107 err = hci_read_remote_version(conn);
1108 if (err) {
1109 LOG_ERR("Failed read remote version (%d)", err);
1110 }
1111 }
1112
1113 if (IS_ENABLED(CONFIG_BT_AUTO_PHY_UPDATE) &&
1114 BT_FEAT_LE_PHY_2M(bt_dev.le.features) &&
1115 !skip_auto_phy_update_on_conn_establishment(conn)) {
1116 err = bt_le_set_phy(conn, 0U, BT_HCI_LE_PHY_PREFER_2M,
1117 BT_HCI_LE_PHY_PREFER_2M,
1118 BT_HCI_LE_PHY_CODED_ANY);
1119 if (err) {
1120 LOG_ERR("Failed LE Set PHY (%d)", err);
1121 }
1122 }
1123
1124 if (IS_ENABLED(CONFIG_BT_AUTO_DATA_LEN_UPDATE) &&
1125 BT_FEAT_LE_DLE(bt_dev.le.features)) {
1126 if (IS_BT_QUIRK_NO_AUTO_DLE(&bt_dev)) {
1127 uint16_t tx_octets, tx_time;
1128
1129 err = hci_le_read_max_data_len(&tx_octets, &tx_time);
1130 if (!err) {
1131 err = bt_le_set_data_len(conn,
1132 tx_octets, tx_time);
1133 if (err) {
1134 LOG_ERR("Failed to set data len (%d)", err);
1135 }
1136 }
1137 } else {
1138 /* No need to auto-initiate DLE procedure.
1139 * It is done by the controller.
1140 */
1141 }
1142 }
1143 }
1144
le_conn_complete_cancel(uint8_t err)1145 static void le_conn_complete_cancel(uint8_t err)
1146 {
1147 struct bt_conn *conn;
1148
1149 /* Handle create connection cancel.
1150 *
1151 * There is no need to check ID address as only one
1152 * connection in central role can be in pending state.
1153 */
1154 conn = find_pending_connect(BT_HCI_ROLE_CENTRAL, NULL);
1155 if (!conn) {
1156 LOG_ERR("No pending central connection");
1157 return;
1158 }
1159
1160 conn->err = err;
1161
1162 /* Handle cancellation of outgoing connection attempt. */
1163 if (!IS_ENABLED(CONFIG_BT_FILTER_ACCEPT_LIST)) {
1164 /* We notify before checking autoconnect flag
1165 * as application may choose to change it from
1166 * callback.
1167 */
1168 bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
1169 /* Check if device is marked for autoconnect. */
1170 if (atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT)) {
1171 /* Restart passive scanner for device */
1172 bt_conn_set_state(conn, BT_CONN_CONNECTING_SCAN);
1173 }
1174 } else {
1175 if (atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT)) {
1176 /* Restart FAL initiator after RPA timeout. */
1177 bt_le_create_conn(conn);
1178 } else {
1179 /* Create connection canceled by timeout */
1180 bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
1181 }
1182 }
1183
1184 bt_conn_unref(conn);
1185 }
1186
le_conn_complete_adv_timeout(void)1187 static void le_conn_complete_adv_timeout(void)
1188 {
1189 if (!(IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1190 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
1191 struct bt_le_ext_adv *adv = bt_le_adv_lookup_legacy();
1192 struct bt_conn *conn;
1193
1194 /* Handle advertising timeout after high duty cycle directed
1195 * advertising.
1196 */
1197
1198 atomic_clear_bit(adv->flags, BT_ADV_ENABLED);
1199
1200 if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1201 !BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
1202 /* No advertising set terminated event, must be a
1203 * legacy advertiser set.
1204 */
1205 bt_le_adv_delete_legacy();
1206 }
1207
1208 /* There is no need to check ID address as only one
1209 * connection in peripheral role can be in pending state.
1210 */
1211 conn = find_pending_connect(BT_HCI_ROLE_PERIPHERAL, NULL);
1212 if (!conn) {
1213 LOG_ERR("No pending peripheral connection");
1214 return;
1215 }
1216
1217 conn->err = BT_HCI_ERR_ADV_TIMEOUT;
1218 bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
1219
1220 bt_conn_unref(conn);
1221 }
1222 }
1223
enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete * evt)1224 static void enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete *evt)
1225 {
1226 #if defined(CONFIG_BT_CONN) && (CONFIG_BT_EXT_ADV_MAX_ADV_SET > 1)
1227 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
1228 evt->role == BT_HCI_ROLE_PERIPHERAL &&
1229 evt->status == BT_HCI_ERR_SUCCESS &&
1230 (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1231 BT_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
1232
1233 /* Cache the connection complete event. Process it later.
1234 * See bt_dev.cached_conn_complete.
1235 */
1236 for (int i = 0; i < ARRAY_SIZE(bt_dev.cached_conn_complete); i++) {
1237 if (!bt_dev.cached_conn_complete[i].valid) {
1238 (void)memcpy(&bt_dev.cached_conn_complete[i].evt,
1239 evt,
1240 sizeof(struct bt_hci_evt_le_enh_conn_complete));
1241 bt_dev.cached_conn_complete[i].valid = true;
1242 return;
1243 }
1244 }
1245
1246 __ASSERT(false, "No more cache entries available."
1247 "This should not happen by design");
1248
1249 return;
1250 }
1251 #endif
1252 bt_hci_le_enh_conn_complete(evt);
1253 }
1254
translate_addrs(bt_addr_le_t * peer_addr,bt_addr_le_t * id_addr,const struct bt_hci_evt_le_enh_conn_complete * evt,uint8_t id)1255 static void translate_addrs(bt_addr_le_t *peer_addr, bt_addr_le_t *id_addr,
1256 const struct bt_hci_evt_le_enh_conn_complete *evt, uint8_t id)
1257 {
1258 if (bt_addr_le_is_resolved(&evt->peer_addr)) {
1259 bt_addr_le_copy_resolved(id_addr, &evt->peer_addr);
1260
1261 bt_addr_copy(&peer_addr->a, &evt->peer_rpa);
1262 peer_addr->type = BT_ADDR_LE_RANDOM;
1263 } else {
1264 bt_addr_le_copy(id_addr, bt_lookup_id_addr(id, &evt->peer_addr));
1265 bt_addr_le_copy(peer_addr, &evt->peer_addr);
1266 }
1267 }
1268
update_conn(struct bt_conn * conn,const bt_addr_le_t * id_addr,const struct bt_hci_evt_le_enh_conn_complete * evt)1269 static void update_conn(struct bt_conn *conn, const bt_addr_le_t *id_addr,
1270 const struct bt_hci_evt_le_enh_conn_complete *evt)
1271 {
1272 conn->handle = sys_le16_to_cpu(evt->handle);
1273 bt_addr_le_copy(&conn->le.dst, id_addr);
1274 conn->le.interval = sys_le16_to_cpu(evt->interval);
1275 conn->le.latency = sys_le16_to_cpu(evt->latency);
1276 conn->le.timeout = sys_le16_to_cpu(evt->supv_timeout);
1277 conn->role = evt->role;
1278 conn->err = 0U;
1279
1280 #if defined(CONFIG_BT_USER_DATA_LEN_UPDATE)
1281 conn->le.data_len.tx_max_len = BT_GAP_DATA_LEN_DEFAULT;
1282 conn->le.data_len.tx_max_time = BT_GAP_DATA_TIME_DEFAULT;
1283 conn->le.data_len.rx_max_len = BT_GAP_DATA_LEN_DEFAULT;
1284 conn->le.data_len.rx_max_time = BT_GAP_DATA_TIME_DEFAULT;
1285 #endif
1286 }
1287
bt_hci_le_enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete * evt)1288 void bt_hci_le_enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete *evt)
1289 {
1290 uint16_t handle = sys_le16_to_cpu(evt->handle);
1291 bool is_disconnected = conn_handle_is_disconnected(handle);
1292 bt_addr_le_t peer_addr, id_addr;
1293 struct bt_conn *conn;
1294 uint8_t id;
1295
1296 LOG_DBG("status 0x%02x handle %u role %u peer %s peer RPA %s", evt->status, handle,
1297 evt->role, bt_addr_le_str(&evt->peer_addr), bt_addr_str(&evt->peer_rpa));
1298 LOG_DBG("local RPA %s", bt_addr_str(&evt->local_rpa));
1299
1300 #if defined(CONFIG_BT_SMP)
1301 bt_id_pending_keys_update();
1302 #endif
1303
1304 if (evt->status) {
1305 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
1306 evt->status == BT_HCI_ERR_ADV_TIMEOUT) {
1307 le_conn_complete_adv_timeout();
1308 return;
1309 }
1310
1311 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
1312 evt->status == BT_HCI_ERR_UNKNOWN_CONN_ID) {
1313 le_conn_complete_cancel(evt->status);
1314 bt_le_scan_update(false);
1315 return;
1316 }
1317
1318 if (IS_ENABLED(CONFIG_BT_CENTRAL) && IS_ENABLED(CONFIG_BT_PER_ADV_RSP) &&
1319 evt->status == BT_HCI_ERR_CONN_FAIL_TO_ESTAB) {
1320 le_conn_complete_cancel(evt->status);
1321
1322 atomic_clear_bit(bt_dev.flags, BT_DEV_INITIATING);
1323
1324 return;
1325 }
1326
1327 LOG_WRN("Unexpected status 0x%02x", evt->status);
1328
1329 return;
1330 }
1331
1332 id = evt->role == BT_HCI_ROLE_PERIPHERAL ? bt_dev.adv_conn_id : BT_ID_DEFAULT;
1333 translate_addrs(&peer_addr, &id_addr, evt, id);
1334
1335 conn = find_pending_connect(evt->role, &id_addr);
1336
1337 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
1338 evt->role == BT_HCI_ROLE_PERIPHERAL &&
1339 !(IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1340 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
1341 struct bt_le_ext_adv *adv = bt_le_adv_lookup_legacy();
1342 /* Clear advertising even if we are not able to add connection
1343 * object to keep host in sync with controller state.
1344 */
1345 atomic_clear_bit(adv->flags, BT_ADV_ENABLED);
1346 (void)bt_le_lim_adv_cancel_timeout(adv);
1347 }
1348
1349 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
1350 evt->role == BT_HCI_ROLE_CENTRAL) {
1351 /* Clear initiating even if we are not able to add connection
1352 * object to keep the host in sync with controller state.
1353 */
1354 atomic_clear_bit(bt_dev.flags, BT_DEV_INITIATING);
1355 }
1356
1357 if (!conn) {
1358 LOG_ERR("No pending conn for peer %s", bt_addr_le_str(&evt->peer_addr));
1359 bt_hci_disconnect(handle, BT_HCI_ERR_REMOTE_USER_TERM_CONN);
1360 return;
1361 }
1362
1363 update_conn(conn, &id_addr, evt);
1364
1365 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1366 conn->le.phy.tx_phy = BT_GAP_LE_PHY_1M;
1367 conn->le.phy.rx_phy = BT_GAP_LE_PHY_1M;
1368 #endif
1369 /*
1370 * Use connection address (instead of identity address) as initiator
1371 * or responder address. Only peripheral needs to be updated. For central all
1372 * was set during outgoing connection creation.
1373 */
1374 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
1375 conn->role == BT_HCI_ROLE_PERIPHERAL) {
1376 bt_addr_le_copy(&conn->le.init_addr, &peer_addr);
1377
1378 if (!(IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1379 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
1380 struct bt_le_ext_adv *adv = bt_le_adv_lookup_legacy();
1381
1382 if (IS_ENABLED(CONFIG_BT_PRIVACY) &&
1383 !atomic_test_bit(adv->flags, BT_ADV_USE_IDENTITY)) {
1384 conn->le.resp_addr.type = BT_ADDR_LE_RANDOM;
1385 if (!bt_addr_eq(&evt->local_rpa, BT_ADDR_ANY)) {
1386 bt_addr_copy(&conn->le.resp_addr.a,
1387 &evt->local_rpa);
1388 } else {
1389 bt_addr_copy(&conn->le.resp_addr.a,
1390 &bt_dev.random_addr.a);
1391 }
1392 } else {
1393 bt_addr_le_copy(&conn->le.resp_addr,
1394 &bt_dev.id_addr[conn->id]);
1395 }
1396 } else {
1397 /* Copy the local RPA and handle this in advertising set
1398 * terminated event.
1399 */
1400 bt_addr_copy(&conn->le.resp_addr.a, &evt->local_rpa);
1401 }
1402
1403 /* if the controller supports, lets advertise for another
1404 * peripheral connection.
1405 * check for connectable advertising state is sufficient as
1406 * this is how this le connection complete for peripheral occurred.
1407 */
1408 if (BT_LE_STATES_PER_CONN_ADV(bt_dev.le.states)) {
1409 bt_le_adv_resume();
1410 }
1411
1412 if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1413 !BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
1414 struct bt_le_ext_adv *adv = bt_le_adv_lookup_legacy();
1415 /* No advertising set terminated event, must be a
1416 * legacy advertiser set.
1417 */
1418 if (!atomic_test_bit(adv->flags, BT_ADV_PERSIST)) {
1419 bt_le_adv_delete_legacy();
1420 }
1421 }
1422 }
1423
1424 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
1425 conn->role == BT_HCI_ROLE_CENTRAL) {
1426 bt_addr_le_copy(&conn->le.resp_addr, &peer_addr);
1427
1428 if (IS_ENABLED(CONFIG_BT_PRIVACY)) {
1429 conn->le.init_addr.type = BT_ADDR_LE_RANDOM;
1430 if (!bt_addr_eq(&evt->local_rpa, BT_ADDR_ANY)) {
1431 bt_addr_copy(&conn->le.init_addr.a,
1432 &evt->local_rpa);
1433 } else {
1434 bt_addr_copy(&conn->le.init_addr.a,
1435 &bt_dev.random_addr.a);
1436 }
1437 } else {
1438 bt_addr_le_copy(&conn->le.init_addr,
1439 &bt_dev.id_addr[conn->id]);
1440 }
1441 }
1442
1443 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1444 if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1445 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
1446 int err;
1447
1448 err = hci_le_read_phy(conn);
1449 if (err) {
1450 LOG_WRN("Failed to read PHY (%d)", err);
1451 }
1452 }
1453 #endif /* defined(CONFIG_BT_USER_PHY_UPDATE) */
1454
1455 bt_conn_set_state(conn, BT_CONN_CONNECTED);
1456
1457 if (is_disconnected) {
1458 /* Mark the connection as already disconnected before calling
1459 * the connected callback, so that the application cannot
1460 * start sending packets
1461 */
1462 bt_conn_set_state(conn, BT_CONN_DISCONNECT_COMPLETE);
1463 }
1464
1465 bt_conn_connected(conn);
1466
1467 /* Start auto-initiated procedures */
1468 conn_auto_initiate(conn);
1469
1470 bt_conn_unref(conn);
1471
1472 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
1473 conn->role == BT_HCI_ROLE_CENTRAL) {
1474 bt_le_scan_update(false);
1475 }
1476 }
1477
1478 #if defined(CONFIG_BT_PER_ADV_SYNC_RSP)
bt_hci_le_enh_conn_complete_sync(struct bt_hci_evt_le_enh_conn_complete_v2 * evt,struct bt_le_per_adv_sync * sync)1479 void bt_hci_le_enh_conn_complete_sync(struct bt_hci_evt_le_enh_conn_complete_v2 *evt,
1480 struct bt_le_per_adv_sync *sync)
1481 {
1482 uint16_t handle = sys_le16_to_cpu(evt->handle);
1483 bool is_disconnected = conn_handle_is_disconnected(handle);
1484 bt_addr_le_t peer_addr, id_addr;
1485 struct bt_conn *conn;
1486
1487 if (!sync->num_subevents) {
1488 LOG_ERR("Unexpected connection complete event");
1489
1490 return;
1491 }
1492
1493 conn = bt_conn_add_le(BT_ID_DEFAULT, BT_ADDR_LE_ANY);
1494 if (!conn) {
1495 LOG_ERR("Unable to allocate connection");
1496 /* Tell the controller to disconnect to keep it in sync with
1497 * the host state and avoid a "rogue" connection.
1498 */
1499 bt_hci_disconnect(handle, BT_HCI_ERR_REMOTE_USER_TERM_CONN);
1500
1501 return;
1502 }
1503
1504 LOG_DBG("status 0x%02x handle %u role %u peer %s peer RPA %s", evt->status, handle,
1505 evt->role, bt_addr_le_str(&evt->peer_addr), bt_addr_str(&evt->peer_rpa));
1506 LOG_DBG("local RPA %s", bt_addr_str(&evt->local_rpa));
1507
1508 if (evt->role != BT_HCI_ROLE_PERIPHERAL) {
1509 LOG_ERR("PAwR sync always becomes peripheral");
1510
1511 return;
1512 }
1513
1514 #if defined(CONFIG_BT_SMP)
1515 bt_id_pending_keys_update();
1516 #endif
1517
1518 if (evt->status) {
1519 LOG_ERR("Unexpected status 0x%02x", evt->status);
1520
1521 return;
1522 }
1523
1524 translate_addrs(&peer_addr, &id_addr, (const struct bt_hci_evt_le_enh_conn_complete *)evt,
1525 BT_ID_DEFAULT);
1526 update_conn(conn, &id_addr, (const struct bt_hci_evt_le_enh_conn_complete *)evt);
1527
1528 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1529 /* The connection is always initated on the same phy as the PAwR advertiser */
1530 conn->le.phy.tx_phy = sync->phy;
1531 conn->le.phy.rx_phy = sync->phy;
1532 #endif
1533
1534 bt_addr_le_copy(&conn->le.init_addr, &peer_addr);
1535
1536 if (IS_ENABLED(CONFIG_BT_PRIVACY)) {
1537 conn->le.resp_addr.type = BT_ADDR_LE_RANDOM;
1538 bt_addr_copy(&conn->le.resp_addr.a, &evt->local_rpa);
1539 } else {
1540 bt_addr_le_copy(&conn->le.resp_addr, &bt_dev.id_addr[conn->id]);
1541 }
1542
1543 bt_conn_set_state(conn, BT_CONN_CONNECTED);
1544
1545 if (is_disconnected) {
1546 /* Mark the connection as already disconnected before calling
1547 * the connected callback, so that the application cannot
1548 * start sending packets
1549 */
1550 bt_conn_set_state(conn, BT_CONN_DISCONNECT_COMPLETE);
1551 }
1552
1553 bt_conn_connected(conn);
1554
1555 /* Since we don't give the application a reference to manage
1556 * for peripheral connections, we need to release this reference here.
1557 */
1558 bt_conn_unref(conn);
1559
1560 /* Start auto-initiated procedures */
1561 conn_auto_initiate(conn);
1562 }
1563 #endif /* CONFIG_BT_PER_ADV_SYNC_RSP */
1564
le_enh_conn_complete(struct net_buf * buf)1565 static void le_enh_conn_complete(struct net_buf *buf)
1566 {
1567 enh_conn_complete((void *)buf->data);
1568 }
1569
1570 #if defined(CONFIG_BT_PER_ADV_RSP) || defined(CONFIG_BT_PER_ADV_SYNC_RSP)
le_enh_conn_complete_v2(struct net_buf * buf)1571 static void le_enh_conn_complete_v2(struct net_buf *buf)
1572 {
1573 struct bt_hci_evt_le_enh_conn_complete_v2 *evt =
1574 (struct bt_hci_evt_le_enh_conn_complete_v2 *)buf->data;
1575
1576 if (evt->adv_handle == BT_HCI_ADV_HANDLE_INVALID &&
1577 evt->sync_handle == BT_HCI_SYNC_HANDLE_INVALID) {
1578 /* The connection was not created via PAwR, handle the event like v1 */
1579 enh_conn_complete((struct bt_hci_evt_le_enh_conn_complete *)evt);
1580 }
1581 #if defined(CONFIG_BT_PER_ADV_RSP)
1582 else if (evt->adv_handle != BT_HCI_ADV_HANDLE_INVALID &&
1583 evt->sync_handle == BT_HCI_SYNC_HANDLE_INVALID) {
1584 /* The connection was created via PAwR advertiser, it can be handled like v1 */
1585 enh_conn_complete((struct bt_hci_evt_le_enh_conn_complete *)evt);
1586 }
1587 #endif /* CONFIG_BT_PER_ADV_RSP */
1588 #if defined(CONFIG_BT_PER_ADV_SYNC_RSP)
1589 else if (evt->adv_handle == BT_HCI_ADV_HANDLE_INVALID &&
1590 evt->sync_handle != BT_HCI_SYNC_HANDLE_INVALID) {
1591 /* Created via PAwR sync, no adv set terminated event, needs separate handling */
1592 struct bt_le_per_adv_sync *sync;
1593
1594 sync = bt_hci_get_per_adv_sync(evt->sync_handle);
1595 if (!sync) {
1596 LOG_ERR("Unknown sync handle %d", evt->sync_handle);
1597
1598 return;
1599 }
1600
1601 bt_hci_le_enh_conn_complete_sync(evt, sync);
1602 }
1603 #endif /* CONFIG_BT_PER_ADV_SYNC_RSP */
1604 else {
1605 LOG_ERR("Invalid connection complete event");
1606 }
1607 }
1608 #endif /* CONFIG_BT_PER_ADV_RSP || CONFIG_BT_PER_ADV_SYNC_RSP */
1609
le_legacy_conn_complete(struct net_buf * buf)1610 static void le_legacy_conn_complete(struct net_buf *buf)
1611 {
1612 struct bt_hci_evt_le_conn_complete *evt = (void *)buf->data;
1613 struct bt_hci_evt_le_enh_conn_complete enh;
1614
1615 LOG_DBG("status 0x%02x role %u %s", evt->status, evt->role,
1616 bt_addr_le_str(&evt->peer_addr));
1617
1618 enh.status = evt->status;
1619 enh.handle = evt->handle;
1620 enh.role = evt->role;
1621 enh.interval = evt->interval;
1622 enh.latency = evt->latency;
1623 enh.supv_timeout = evt->supv_timeout;
1624 enh.clock_accuracy = evt->clock_accuracy;
1625
1626 bt_addr_le_copy(&enh.peer_addr, &evt->peer_addr);
1627
1628 if (IS_ENABLED(CONFIG_BT_PRIVACY)) {
1629 bt_addr_copy(&enh.local_rpa, &bt_dev.random_addr.a);
1630 } else {
1631 bt_addr_copy(&enh.local_rpa, BT_ADDR_ANY);
1632 }
1633
1634 bt_addr_copy(&enh.peer_rpa, BT_ADDR_ANY);
1635
1636 enh_conn_complete(&enh);
1637 }
1638
le_remote_feat_complete(struct net_buf * buf)1639 static void le_remote_feat_complete(struct net_buf *buf)
1640 {
1641 struct bt_hci_evt_le_remote_feat_complete *evt = (void *)buf->data;
1642 uint16_t handle = sys_le16_to_cpu(evt->handle);
1643 struct bt_conn *conn;
1644
1645 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1646 if (!conn) {
1647 LOG_ERR("Unable to lookup conn for handle %u", handle);
1648 return;
1649 }
1650
1651 if (!evt->status) {
1652 memcpy(conn->le.features, evt->features,
1653 sizeof(conn->le.features));
1654 }
1655
1656 atomic_set_bit(conn->flags, BT_CONN_AUTO_FEATURE_EXCH);
1657
1658 if (IS_ENABLED(CONFIG_BT_REMOTE_INFO) &&
1659 !IS_ENABLED(CONFIG_BT_REMOTE_VERSION)) {
1660 notify_remote_info(conn);
1661 }
1662
1663 bt_conn_unref(conn);
1664 }
1665
1666 #if defined(CONFIG_BT_DATA_LEN_UPDATE)
le_data_len_change(struct net_buf * buf)1667 static void le_data_len_change(struct net_buf *buf)
1668 {
1669 struct bt_hci_evt_le_data_len_change *evt = (void *)buf->data;
1670 uint16_t handle = sys_le16_to_cpu(evt->handle);
1671 struct bt_conn *conn;
1672
1673 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1674 if (!conn) {
1675 LOG_ERR("Unable to lookup conn for handle %u", handle);
1676 return;
1677 }
1678
1679 #if defined(CONFIG_BT_USER_DATA_LEN_UPDATE)
1680 uint16_t max_tx_octets = sys_le16_to_cpu(evt->max_tx_octets);
1681 uint16_t max_rx_octets = sys_le16_to_cpu(evt->max_rx_octets);
1682 uint16_t max_tx_time = sys_le16_to_cpu(evt->max_tx_time);
1683 uint16_t max_rx_time = sys_le16_to_cpu(evt->max_rx_time);
1684
1685 LOG_DBG("max. tx: %u (%uus), max. rx: %u (%uus)", max_tx_octets, max_tx_time, max_rx_octets,
1686 max_rx_time);
1687
1688 conn->le.data_len.tx_max_len = max_tx_octets;
1689 conn->le.data_len.tx_max_time = max_tx_time;
1690 conn->le.data_len.rx_max_len = max_rx_octets;
1691 conn->le.data_len.rx_max_time = max_rx_time;
1692 notify_le_data_len_updated(conn);
1693 #endif
1694
1695 bt_conn_unref(conn);
1696 }
1697 #endif /* CONFIG_BT_DATA_LEN_UPDATE */
1698
1699 #if defined(CONFIG_BT_PHY_UPDATE)
le_phy_update_complete(struct net_buf * buf)1700 static void le_phy_update_complete(struct net_buf *buf)
1701 {
1702 struct bt_hci_evt_le_phy_update_complete *evt = (void *)buf->data;
1703 uint16_t handle = sys_le16_to_cpu(evt->handle);
1704 struct bt_conn *conn;
1705
1706 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1707 if (!conn) {
1708 LOG_ERR("Unable to lookup conn for handle %u", handle);
1709 return;
1710 }
1711
1712 LOG_DBG("PHY updated: status: 0x%02x, tx: %u, rx: %u", evt->status, evt->tx_phy,
1713 evt->rx_phy);
1714
1715 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1716 conn->le.phy.tx_phy = bt_get_phy(evt->tx_phy);
1717 conn->le.phy.rx_phy = bt_get_phy(evt->rx_phy);
1718 notify_le_phy_updated(conn);
1719 #endif
1720
1721 bt_conn_unref(conn);
1722 }
1723 #endif /* CONFIG_BT_PHY_UPDATE */
1724
bt_le_conn_params_valid(const struct bt_le_conn_param * param)1725 bool bt_le_conn_params_valid(const struct bt_le_conn_param *param)
1726 {
1727 if (IS_ENABLED(CONFIG_BT_CONN_PARAM_ANY)) {
1728 return true;
1729 }
1730
1731 /* All limits according to BT Core spec 5.0 [Vol 2, Part E, 7.8.12] */
1732
1733 if (param->interval_min > param->interval_max ||
1734 param->interval_min < 6 || param->interval_max > 3200) {
1735 return false;
1736 }
1737
1738 if (param->latency > 499) {
1739 return false;
1740 }
1741
1742 if (param->timeout < 10 || param->timeout > 3200 ||
1743 ((param->timeout * 4U) <=
1744 ((1U + param->latency) * param->interval_max))) {
1745 return false;
1746 }
1747
1748 return true;
1749 }
1750
le_conn_param_neg_reply(uint16_t handle,uint8_t reason)1751 static void le_conn_param_neg_reply(uint16_t handle, uint8_t reason)
1752 {
1753 struct bt_hci_cp_le_conn_param_req_neg_reply *cp;
1754 struct net_buf *buf;
1755
1756 buf = bt_hci_cmd_create(BT_HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY,
1757 sizeof(*cp));
1758 if (!buf) {
1759 LOG_ERR("Unable to allocate buffer");
1760 return;
1761 }
1762
1763 cp = net_buf_add(buf, sizeof(*cp));
1764 cp->handle = sys_cpu_to_le16(handle);
1765 cp->reason = sys_cpu_to_le16(reason);
1766
1767 bt_hci_cmd_send(BT_HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, buf);
1768 }
1769
le_conn_param_req_reply(uint16_t handle,const struct bt_le_conn_param * param)1770 static int le_conn_param_req_reply(uint16_t handle,
1771 const struct bt_le_conn_param *param)
1772 {
1773 struct bt_hci_cp_le_conn_param_req_reply *cp;
1774 struct net_buf *buf;
1775
1776 buf = bt_hci_cmd_create(BT_HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(*cp));
1777 if (!buf) {
1778 return -ENOBUFS;
1779 }
1780
1781 cp = net_buf_add(buf, sizeof(*cp));
1782 (void)memset(cp, 0, sizeof(*cp));
1783
1784 cp->handle = sys_cpu_to_le16(handle);
1785 cp->interval_min = sys_cpu_to_le16(param->interval_min);
1786 cp->interval_max = sys_cpu_to_le16(param->interval_max);
1787 cp->latency = sys_cpu_to_le16(param->latency);
1788 cp->timeout = sys_cpu_to_le16(param->timeout);
1789
1790 return bt_hci_cmd_send(BT_HCI_OP_LE_CONN_PARAM_REQ_REPLY, buf);
1791 }
1792
le_conn_param_req(struct net_buf * buf)1793 static void le_conn_param_req(struct net_buf *buf)
1794 {
1795 struct bt_hci_evt_le_conn_param_req *evt = (void *)buf->data;
1796 struct bt_le_conn_param param;
1797 struct bt_conn *conn;
1798 uint16_t handle;
1799
1800 handle = sys_le16_to_cpu(evt->handle);
1801 param.interval_min = sys_le16_to_cpu(evt->interval_min);
1802 param.interval_max = sys_le16_to_cpu(evt->interval_max);
1803 param.latency = sys_le16_to_cpu(evt->latency);
1804 param.timeout = sys_le16_to_cpu(evt->timeout);
1805
1806 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1807 if (!conn) {
1808 LOG_ERR("Unable to lookup conn for handle %u", handle);
1809 le_conn_param_neg_reply(handle, BT_HCI_ERR_UNKNOWN_CONN_ID);
1810 return;
1811 }
1812
1813 if (!le_param_req(conn, ¶m)) {
1814 le_conn_param_neg_reply(handle, BT_HCI_ERR_INVALID_LL_PARAM);
1815 } else {
1816 le_conn_param_req_reply(handle, ¶m);
1817 }
1818
1819 bt_conn_unref(conn);
1820 }
1821
le_conn_update_complete(struct net_buf * buf)1822 static void le_conn_update_complete(struct net_buf *buf)
1823 {
1824 struct bt_hci_evt_le_conn_update_complete *evt = (void *)buf->data;
1825 struct bt_conn *conn;
1826 uint16_t handle;
1827
1828 handle = sys_le16_to_cpu(evt->handle);
1829
1830 LOG_DBG("status 0x%02x, handle %u", evt->status, handle);
1831
1832 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1833 if (!conn) {
1834 LOG_ERR("Unable to lookup conn for handle %u", handle);
1835 return;
1836 }
1837
1838 if (evt->status == BT_HCI_ERR_UNSUPP_REMOTE_FEATURE &&
1839 conn->role == BT_HCI_ROLE_PERIPHERAL &&
1840 !atomic_test_and_set_bit(conn->flags,
1841 BT_CONN_PERIPHERAL_PARAM_L2CAP)) {
1842 /* CPR not supported, let's try L2CAP CPUP instead */
1843 struct bt_le_conn_param param;
1844
1845 param.interval_min = conn->le.interval_min;
1846 param.interval_max = conn->le.interval_max;
1847 param.latency = conn->le.pending_latency;
1848 param.timeout = conn->le.pending_timeout;
1849
1850 bt_l2cap_update_conn_param(conn, ¶m);
1851 } else {
1852 if (!evt->status) {
1853 conn->le.interval = sys_le16_to_cpu(evt->interval);
1854 conn->le.latency = sys_le16_to_cpu(evt->latency);
1855 conn->le.timeout = sys_le16_to_cpu(evt->supv_timeout);
1856
1857 #if defined(CONFIG_BT_GAP_AUTO_UPDATE_CONN_PARAMS)
1858 atomic_clear_bit(conn->flags,
1859 BT_CONN_PERIPHERAL_PARAM_AUTO_UPDATE);
1860 } else if (atomic_test_bit(conn->flags,
1861 BT_CONN_PERIPHERAL_PARAM_AUTO_UPDATE) &&
1862 evt->status == BT_HCI_ERR_UNSUPP_LL_PARAM_VAL &&
1863 conn->le.conn_param_retry_countdown) {
1864 conn->le.conn_param_retry_countdown--;
1865 k_work_schedule(&conn->deferred_work,
1866 K_MSEC(CONFIG_BT_CONN_PARAM_RETRY_TIMEOUT));
1867 } else {
1868 atomic_clear_bit(conn->flags,
1869 BT_CONN_PERIPHERAL_PARAM_AUTO_UPDATE);
1870 #endif /* CONFIG_BT_GAP_AUTO_UPDATE_CONN_PARAMS */
1871
1872 }
1873
1874 notify_le_param_updated(conn);
1875 }
1876
1877 bt_conn_unref(conn);
1878 }
1879
1880 #if defined(CONFIG_BT_HCI_ACL_FLOW_CONTROL)
set_flow_control(void)1881 static int set_flow_control(void)
1882 {
1883 struct bt_hci_cp_host_buffer_size *hbs;
1884 struct net_buf *buf;
1885 int err;
1886
1887 /* Check if host flow control is actually supported */
1888 if (!BT_CMD_TEST(bt_dev.supported_commands, 10, 5)) {
1889 LOG_WRN("Controller to host flow control not supported");
1890 return 0;
1891 }
1892
1893 buf = bt_hci_cmd_create(BT_HCI_OP_HOST_BUFFER_SIZE,
1894 sizeof(*hbs));
1895 if (!buf) {
1896 return -ENOBUFS;
1897 }
1898
1899 hbs = net_buf_add(buf, sizeof(*hbs));
1900 (void)memset(hbs, 0, sizeof(*hbs));
1901 hbs->acl_mtu = sys_cpu_to_le16(CONFIG_BT_BUF_ACL_RX_SIZE);
1902 hbs->acl_pkts = sys_cpu_to_le16(CONFIG_BT_BUF_ACL_RX_COUNT);
1903
1904 err = bt_hci_cmd_send_sync(BT_HCI_OP_HOST_BUFFER_SIZE, buf, NULL);
1905 if (err) {
1906 return err;
1907 }
1908
1909 buf = bt_hci_cmd_create(BT_HCI_OP_SET_CTL_TO_HOST_FLOW, 1);
1910 if (!buf) {
1911 return -ENOBUFS;
1912 }
1913
1914 net_buf_add_u8(buf, BT_HCI_CTL_TO_HOST_FLOW_ENABLE);
1915 return bt_hci_cmd_send_sync(BT_HCI_OP_SET_CTL_TO_HOST_FLOW, buf, NULL);
1916 }
1917 #endif /* CONFIG_BT_HCI_ACL_FLOW_CONTROL */
1918
unpair(uint8_t id,const bt_addr_le_t * addr)1919 static void unpair(uint8_t id, const bt_addr_le_t *addr)
1920 {
1921 struct bt_keys *keys = NULL;
1922 struct bt_conn *conn = bt_conn_lookup_addr_le(id, addr);
1923
1924 if (conn) {
1925 /* Clear the conn->le.keys pointer since we'll invalidate it,
1926 * and don't want any subsequent code (like disconnected
1927 * callbacks) accessing it.
1928 */
1929 if (conn->type == BT_CONN_TYPE_LE) {
1930 keys = conn->le.keys;
1931 conn->le.keys = NULL;
1932 }
1933
1934 bt_conn_disconnect(conn, BT_HCI_ERR_REMOTE_USER_TERM_CONN);
1935 bt_conn_unref(conn);
1936 }
1937
1938 if (IS_ENABLED(CONFIG_BT_BREDR)) {
1939 /* LE Public may indicate BR/EDR as well */
1940 if (addr->type == BT_ADDR_LE_PUBLIC) {
1941 bt_keys_link_key_clear_addr(&addr->a);
1942 }
1943 }
1944
1945 if (IS_ENABLED(CONFIG_BT_SMP)) {
1946 if (!keys) {
1947 keys = bt_keys_find_addr(id, addr);
1948 }
1949
1950 if (keys) {
1951 bt_keys_clear(keys);
1952 }
1953 }
1954
1955 bt_gatt_clear(id, addr);
1956
1957 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_BREDR)
1958 struct bt_conn_auth_info_cb *listener, *next;
1959
1960 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs, listener,
1961 next, node) {
1962 if (listener->bond_deleted) {
1963 listener->bond_deleted(id, addr);
1964 }
1965 }
1966 #endif /* defined(CONFIG_BT_SMP) || defined(CONFIG_BT_BREDR) */
1967 }
1968
unpair_remote(const struct bt_bond_info * info,void * data)1969 static void unpair_remote(const struct bt_bond_info *info, void *data)
1970 {
1971 uint8_t *id = (uint8_t *) data;
1972
1973 unpair(*id, &info->addr);
1974 }
1975
bt_unpair(uint8_t id,const bt_addr_le_t * addr)1976 int bt_unpair(uint8_t id, const bt_addr_le_t *addr)
1977 {
1978 if (id >= CONFIG_BT_ID_MAX) {
1979 return -EINVAL;
1980 }
1981
1982 if (IS_ENABLED(CONFIG_BT_SMP)) {
1983 if (!addr || bt_addr_le_eq(addr, BT_ADDR_LE_ANY)) {
1984 bt_foreach_bond(id, unpair_remote, &id);
1985 } else {
1986 unpair(id, addr);
1987 }
1988 } else {
1989 CHECKIF(addr == NULL) {
1990 LOG_DBG("addr is NULL");
1991 return -EINVAL;
1992 }
1993
1994 unpair(id, addr);
1995 }
1996
1997 return 0;
1998 }
1999
2000 #endif /* CONFIG_BT_CONN */
2001
2002 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_BREDR)
bt_security_err_get(uint8_t hci_err)2003 enum bt_security_err bt_security_err_get(uint8_t hci_err)
2004 {
2005 switch (hci_err) {
2006 case BT_HCI_ERR_SUCCESS:
2007 return BT_SECURITY_ERR_SUCCESS;
2008 case BT_HCI_ERR_AUTH_FAIL:
2009 return BT_SECURITY_ERR_AUTH_FAIL;
2010 case BT_HCI_ERR_PIN_OR_KEY_MISSING:
2011 return BT_SECURITY_ERR_PIN_OR_KEY_MISSING;
2012 case BT_HCI_ERR_PAIRING_NOT_SUPPORTED:
2013 return BT_SECURITY_ERR_PAIR_NOT_SUPPORTED;
2014 case BT_HCI_ERR_PAIRING_NOT_ALLOWED:
2015 return BT_SECURITY_ERR_PAIR_NOT_ALLOWED;
2016 case BT_HCI_ERR_INVALID_PARAM:
2017 return BT_SECURITY_ERR_INVALID_PARAM;
2018 default:
2019 return BT_SECURITY_ERR_UNSPECIFIED;
2020 }
2021 }
2022 #endif /* defined(CONFIG_BT_SMP) || defined(CONFIG_BT_BREDR) */
2023
2024 #if defined(CONFIG_BT_SMP)
update_sec_level(struct bt_conn * conn)2025 static bool update_sec_level(struct bt_conn *conn)
2026 {
2027 if (conn->le.keys && (conn->le.keys->flags & BT_KEYS_AUTHENTICATED)) {
2028 if (conn->le.keys->flags & BT_KEYS_SC &&
2029 conn->le.keys->enc_size == BT_SMP_MAX_ENC_KEY_SIZE) {
2030 conn->sec_level = BT_SECURITY_L4;
2031 } else {
2032 conn->sec_level = BT_SECURITY_L3;
2033 }
2034 } else {
2035 conn->sec_level = BT_SECURITY_L2;
2036 }
2037
2038 return !(conn->required_sec_level > conn->sec_level);
2039 }
2040 #endif /* CONFIG_BT_SMP */
2041
2042 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_BREDR)
hci_encrypt_change(struct net_buf * buf)2043 static void hci_encrypt_change(struct net_buf *buf)
2044 {
2045 struct bt_hci_evt_encrypt_change *evt = (void *)buf->data;
2046 uint16_t handle = sys_le16_to_cpu(evt->handle);
2047 uint8_t status = evt->status;
2048 struct bt_conn *conn;
2049
2050 LOG_DBG("status 0x%02x handle %u encrypt 0x%02x", evt->status, handle, evt->encrypt);
2051
2052 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
2053 if (!conn) {
2054 LOG_ERR("Unable to look up conn with handle %u", handle);
2055 return;
2056 }
2057
2058 if (status) {
2059 bt_conn_security_changed(conn, status,
2060 bt_security_err_get(status));
2061 bt_conn_unref(conn);
2062 return;
2063 }
2064
2065 conn->encrypt = evt->encrypt;
2066
2067 #if defined(CONFIG_BT_SMP)
2068 if (conn->type == BT_CONN_TYPE_LE) {
2069 /*
2070 * we update keys properties only on successful encryption to
2071 * avoid losing valid keys if encryption was not successful.
2072 *
2073 * Update keys with last pairing info for proper sec level
2074 * update. This is done only for LE transport, for BR/EDR keys
2075 * are updated on HCI 'Link Key Notification Event'
2076 */
2077 if (conn->encrypt) {
2078 bt_smp_update_keys(conn);
2079 }
2080
2081 if (!update_sec_level(conn)) {
2082 status = BT_HCI_ERR_AUTH_FAIL;
2083 }
2084 }
2085 #endif /* CONFIG_BT_SMP */
2086 #if defined(CONFIG_BT_BREDR)
2087 if (conn->type == BT_CONN_TYPE_BR) {
2088 if (!bt_br_update_sec_level(conn)) {
2089 bt_conn_unref(conn);
2090 return;
2091 }
2092
2093 if (IS_ENABLED(CONFIG_BT_SMP)) {
2094 /*
2095 * Start SMP over BR/EDR if we are pairing and are
2096 * central on the link
2097 */
2098 if (atomic_test_bit(conn->flags, BT_CONN_BR_PAIRING) &&
2099 conn->role == BT_CONN_ROLE_CENTRAL) {
2100 bt_smp_br_send_pairing_req(conn);
2101 }
2102 }
2103 }
2104 #endif /* CONFIG_BT_BREDR */
2105
2106 bt_conn_security_changed(conn, status, bt_security_err_get(status));
2107
2108 if (status) {
2109 LOG_ERR("Failed to set required security level");
2110 bt_conn_disconnect(conn, status);
2111 }
2112
2113 bt_conn_unref(conn);
2114 }
2115
hci_encrypt_key_refresh_complete(struct net_buf * buf)2116 static void hci_encrypt_key_refresh_complete(struct net_buf *buf)
2117 {
2118 struct bt_hci_evt_encrypt_key_refresh_complete *evt = (void *)buf->data;
2119 uint8_t status = evt->status;
2120 struct bt_conn *conn;
2121 uint16_t handle;
2122
2123 handle = sys_le16_to_cpu(evt->handle);
2124
2125 LOG_DBG("status 0x%02x handle %u", evt->status, handle);
2126
2127 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
2128 if (!conn) {
2129 LOG_ERR("Unable to look up conn with handle %u", handle);
2130 return;
2131 }
2132
2133 if (status) {
2134 bt_conn_security_changed(conn, status,
2135 bt_security_err_get(status));
2136 bt_conn_unref(conn);
2137 return;
2138 }
2139
2140 /*
2141 * Update keys with last pairing info for proper sec level update.
2142 * This is done only for LE transport. For BR/EDR transport keys are
2143 * updated on HCI 'Link Key Notification Event', therefore update here
2144 * only security level based on available keys and encryption state.
2145 */
2146 #if defined(CONFIG_BT_SMP)
2147 if (conn->type == BT_CONN_TYPE_LE) {
2148 bt_smp_update_keys(conn);
2149
2150 if (!update_sec_level(conn)) {
2151 status = BT_HCI_ERR_AUTH_FAIL;
2152 }
2153 }
2154 #endif /* CONFIG_BT_SMP */
2155 #if defined(CONFIG_BT_BREDR)
2156 if (conn->type == BT_CONN_TYPE_BR) {
2157 if (!bt_br_update_sec_level(conn)) {
2158 bt_conn_unref(conn);
2159 return;
2160 }
2161 }
2162 #endif /* CONFIG_BT_BREDR */
2163
2164 bt_conn_security_changed(conn, status, bt_security_err_get(status));
2165 if (status) {
2166 LOG_ERR("Failed to set required security level");
2167 bt_conn_disconnect(conn, status);
2168 }
2169
2170 bt_conn_unref(conn);
2171 }
2172 #endif /* CONFIG_BT_SMP || CONFIG_BT_BREDR */
2173
2174 #if defined(CONFIG_BT_REMOTE_VERSION)
bt_hci_evt_read_remote_version_complete(struct net_buf * buf)2175 static void bt_hci_evt_read_remote_version_complete(struct net_buf *buf)
2176 {
2177 struct bt_hci_evt_remote_version_info *evt;
2178 struct bt_conn *conn;
2179 uint16_t handle;
2180
2181 evt = net_buf_pull_mem(buf, sizeof(*evt));
2182 handle = sys_le16_to_cpu(evt->handle);
2183 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
2184 if (!conn) {
2185 LOG_ERR("No connection for handle %u", handle);
2186 return;
2187 }
2188
2189 if (!evt->status) {
2190 conn->rv.version = evt->version;
2191 conn->rv.manufacturer = sys_le16_to_cpu(evt->manufacturer);
2192 conn->rv.subversion = sys_le16_to_cpu(evt->subversion);
2193 }
2194
2195 atomic_set_bit(conn->flags, BT_CONN_AUTO_VERSION_INFO);
2196
2197 if (IS_ENABLED(CONFIG_BT_REMOTE_INFO)) {
2198 /* Remote features is already present */
2199 notify_remote_info(conn);
2200 }
2201
2202 bt_conn_unref(conn);
2203 }
2204 #endif /* CONFIG_BT_REMOTE_VERSION */
2205
hci_hardware_error(struct net_buf * buf)2206 static void hci_hardware_error(struct net_buf *buf)
2207 {
2208 struct bt_hci_evt_hardware_error *evt;
2209
2210 evt = net_buf_pull_mem(buf, sizeof(*evt));
2211
2212 LOG_ERR("Hardware error, hardware code: %d", evt->hardware_code);
2213 }
2214
2215 #if defined(CONFIG_BT_SMP)
le_ltk_neg_reply(uint16_t handle)2216 static void le_ltk_neg_reply(uint16_t handle)
2217 {
2218 struct bt_hci_cp_le_ltk_req_neg_reply *cp;
2219 struct net_buf *buf;
2220
2221 buf = bt_hci_cmd_create(BT_HCI_OP_LE_LTK_REQ_NEG_REPLY, sizeof(*cp));
2222 if (!buf) {
2223 LOG_ERR("Out of command buffers");
2224
2225 return;
2226 }
2227
2228 cp = net_buf_add(buf, sizeof(*cp));
2229 cp->handle = sys_cpu_to_le16(handle);
2230
2231 bt_hci_cmd_send(BT_HCI_OP_LE_LTK_REQ_NEG_REPLY, buf);
2232 }
2233
le_ltk_reply(uint16_t handle,uint8_t * ltk)2234 static void le_ltk_reply(uint16_t handle, uint8_t *ltk)
2235 {
2236 struct bt_hci_cp_le_ltk_req_reply *cp;
2237 struct net_buf *buf;
2238
2239 buf = bt_hci_cmd_create(BT_HCI_OP_LE_LTK_REQ_REPLY,
2240 sizeof(*cp));
2241 if (!buf) {
2242 LOG_ERR("Out of command buffers");
2243 return;
2244 }
2245
2246 cp = net_buf_add(buf, sizeof(*cp));
2247 cp->handle = sys_cpu_to_le16(handle);
2248 memcpy(cp->ltk, ltk, sizeof(cp->ltk));
2249
2250 bt_hci_cmd_send(BT_HCI_OP_LE_LTK_REQ_REPLY, buf);
2251 }
2252
le_ltk_request(struct net_buf * buf)2253 static void le_ltk_request(struct net_buf *buf)
2254 {
2255 struct bt_hci_evt_le_ltk_request *evt = (void *)buf->data;
2256 struct bt_conn *conn;
2257 uint16_t handle;
2258 uint8_t ltk[16];
2259
2260 handle = sys_le16_to_cpu(evt->handle);
2261
2262 LOG_DBG("handle %u", handle);
2263
2264 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
2265 if (!conn) {
2266 LOG_ERR("Unable to lookup conn for handle %u", handle);
2267 return;
2268 }
2269
2270 if (bt_smp_request_ltk(conn, evt->rand, evt->ediv, ltk)) {
2271 le_ltk_reply(handle, ltk);
2272 } else {
2273 le_ltk_neg_reply(handle);
2274 }
2275
2276 bt_conn_unref(conn);
2277 }
2278 #endif /* CONFIG_BT_SMP */
2279
hci_reset_complete(struct net_buf * buf)2280 static void hci_reset_complete(struct net_buf *buf)
2281 {
2282 uint8_t status = buf->data[0];
2283 atomic_t flags;
2284
2285 LOG_DBG("status 0x%02x", status);
2286
2287 if (status) {
2288 return;
2289 }
2290
2291 if (IS_ENABLED(CONFIG_BT_OBSERVER)) {
2292 bt_scan_reset();
2293 }
2294
2295 #if defined(CONFIG_BT_BREDR)
2296 bt_br_discovery_reset();
2297 #endif /* CONFIG_BT_BREDR */
2298
2299 flags = (atomic_get(bt_dev.flags) & BT_DEV_PERSISTENT_FLAGS);
2300 atomic_set(bt_dev.flags, flags);
2301 }
2302
hci_cmd_done(uint16_t opcode,uint8_t status,struct net_buf * evt_buf)2303 static void hci_cmd_done(uint16_t opcode, uint8_t status, struct net_buf *evt_buf)
2304 {
2305 /* Original command buffer. */
2306 struct net_buf *buf = NULL;
2307
2308 LOG_DBG("opcode 0x%04x status 0x%02x buf %p", opcode, status, evt_buf);
2309
2310 /* Unsolicited cmd complete. This does not complete a command.
2311 * The controller can send these for effect of the `ncmd` field.
2312 */
2313 if (opcode == 0) {
2314 goto exit;
2315 }
2316
2317 /* Take the original command buffer reference. */
2318 buf = atomic_ptr_clear((atomic_ptr_t *)&bt_dev.sent_cmd);
2319
2320 if (!buf) {
2321 LOG_ERR("No command sent for cmd complete 0x%04x", opcode);
2322 goto exit;
2323 }
2324
2325 if (cmd(buf)->opcode != opcode) {
2326 LOG_ERR("OpCode 0x%04x completed instead of expected 0x%04x", opcode,
2327 cmd(buf)->opcode);
2328 buf = atomic_ptr_set((atomic_ptr_t *)&bt_dev.sent_cmd, buf);
2329 __ASSERT_NO_MSG(!buf);
2330 goto exit;
2331 }
2332
2333 /* Response data is to be delivered in the original command
2334 * buffer.
2335 */
2336 if (evt_buf != buf) {
2337 net_buf_reset(buf);
2338 bt_buf_set_type(buf, BT_BUF_EVT);
2339 net_buf_reserve(buf, BT_BUF_RESERVE);
2340 net_buf_add_mem(buf, evt_buf->data, evt_buf->len);
2341 }
2342
2343 if (cmd(buf)->state && !status) {
2344 struct bt_hci_cmd_state_set *update = cmd(buf)->state;
2345
2346 atomic_set_bit_to(update->target, update->bit, update->val);
2347 }
2348
2349 /* If the command was synchronous wake up bt_hci_cmd_send_sync() */
2350 if (cmd(buf)->sync) {
2351 cmd(buf)->status = status;
2352 k_sem_give(cmd(buf)->sync);
2353 }
2354
2355 exit:
2356 if (buf) {
2357 net_buf_unref(buf);
2358 }
2359 }
2360
hci_cmd_complete(struct net_buf * buf)2361 static void hci_cmd_complete(struct net_buf *buf)
2362 {
2363 struct bt_hci_evt_cmd_complete *evt;
2364 uint8_t status, ncmd;
2365 uint16_t opcode;
2366
2367 evt = net_buf_pull_mem(buf, sizeof(*evt));
2368 ncmd = evt->ncmd;
2369 opcode = sys_le16_to_cpu(evt->opcode);
2370
2371 LOG_DBG("opcode 0x%04x", opcode);
2372
2373 /* All command return parameters have a 1-byte status in the
2374 * beginning, so we can safely make this generalization.
2375 */
2376 status = buf->data[0];
2377
2378 /* HOST_NUM_COMPLETED_PACKETS should not generate a response under normal operation.
2379 * The generation of this command ignores `ncmd_sem`, so should not be given here.
2380 */
2381 if (opcode == BT_HCI_OP_HOST_NUM_COMPLETED_PACKETS) {
2382 LOG_WRN("Unexpected HOST_NUM_COMPLETED_PACKETS (status 0x%02x)", status);
2383 return;
2384 }
2385
2386 hci_cmd_done(opcode, status, buf);
2387
2388 /* Allow next command to be sent */
2389 if (ncmd) {
2390 k_sem_give(&bt_dev.ncmd_sem);
2391 }
2392 }
2393
hci_cmd_status(struct net_buf * buf)2394 static void hci_cmd_status(struct net_buf *buf)
2395 {
2396 struct bt_hci_evt_cmd_status *evt;
2397 uint16_t opcode;
2398 uint8_t ncmd;
2399
2400 evt = net_buf_pull_mem(buf, sizeof(*evt));
2401 opcode = sys_le16_to_cpu(evt->opcode);
2402 ncmd = evt->ncmd;
2403
2404 LOG_DBG("opcode 0x%04x", opcode);
2405
2406 hci_cmd_done(opcode, evt->status, buf);
2407
2408 /* Allow next command to be sent */
2409 if (ncmd) {
2410 k_sem_give(&bt_dev.ncmd_sem);
2411 }
2412 }
2413
bt_hci_get_conn_handle(const struct bt_conn * conn,uint16_t * conn_handle)2414 int bt_hci_get_conn_handle(const struct bt_conn *conn, uint16_t *conn_handle)
2415 {
2416 if (conn->state != BT_CONN_CONNECTED) {
2417 return -ENOTCONN;
2418 }
2419
2420 *conn_handle = conn->handle;
2421 return 0;
2422 }
2423
2424 #if defined(CONFIG_BT_EXT_ADV)
bt_hci_get_adv_handle(const struct bt_le_ext_adv * adv,uint8_t * adv_handle)2425 int bt_hci_get_adv_handle(const struct bt_le_ext_adv *adv, uint8_t *adv_handle)
2426 {
2427 if (!atomic_test_bit(adv->flags, BT_ADV_CREATED)) {
2428 return -EINVAL;
2429 }
2430
2431 *adv_handle = adv->handle;
2432 return 0;
2433 }
2434 #endif /* CONFIG_BT_EXT_ADV */
2435
2436 #if defined(CONFIG_BT_HCI_VS_EVT_USER)
bt_hci_register_vnd_evt_cb(bt_hci_vnd_evt_cb_t cb)2437 int bt_hci_register_vnd_evt_cb(bt_hci_vnd_evt_cb_t cb)
2438 {
2439 hci_vnd_evt_cb = cb;
2440 return 0;
2441 }
2442 #endif /* CONFIG_BT_HCI_VS_EVT_USER */
2443
2444 #if defined(CONFIG_BT_TRANSMIT_POWER_CONTROL)
bt_hci_le_transmit_power_report(struct net_buf * buf)2445 void bt_hci_le_transmit_power_report(struct net_buf *buf)
2446 {
2447 struct bt_hci_evt_le_transmit_power_report *evt;
2448 struct bt_conn_le_tx_power_report report;
2449 struct bt_conn *conn;
2450
2451 evt = net_buf_pull_mem(buf, sizeof(*evt));
2452 conn = bt_conn_lookup_handle(sys_le16_to_cpu(evt->handle), BT_CONN_TYPE_LE);
2453 if (!conn) {
2454 LOG_ERR("Unknown conn handle 0x%04X for transmit power report",
2455 sys_le16_to_cpu(evt->handle));
2456 return;
2457 }
2458
2459 report.reason = evt->reason;
2460 report.phy = evt->phy;
2461 report.tx_power_level = evt->tx_power_level;
2462 report.tx_power_level_flag = evt->tx_power_level_flag;
2463 report.delta = evt->delta;
2464
2465 notify_tx_power_report(conn, report);
2466
2467 bt_conn_unref(conn);
2468 }
2469 #endif /* CONFIG_BT_TRANSMIT_POWER_CONTROL */
2470
2471 static const struct event_handler vs_events[] = {
2472 #if defined(CONFIG_BT_DF_VS_CL_IQ_REPORT_16_BITS_IQ_SAMPLES)
2473 EVENT_HANDLER(BT_HCI_EVT_VS_LE_CONNECTIONLESS_IQ_REPORT,
2474 bt_hci_le_vs_df_connectionless_iq_report,
2475 sizeof(struct bt_hci_evt_vs_le_connectionless_iq_report)),
2476 #endif /* CONFIG_BT_DF_VS_CL_IQ_REPORT_16_BITS_IQ_SAMPLES */
2477 #if defined(CONFIG_BT_DF_VS_CONN_IQ_REPORT_16_BITS_IQ_SAMPLES)
2478 EVENT_HANDLER(BT_HCI_EVT_VS_LE_CONNECTION_IQ_REPORT, bt_hci_le_vs_df_connection_iq_report,
2479 sizeof(struct bt_hci_evt_vs_le_connection_iq_report)),
2480 #endif /* CONFIG_BT_DF_VS_CONN_IQ_REPORT_16_BITS_IQ_SAMPLES */
2481 };
2482
hci_vendor_event(struct net_buf * buf)2483 static void hci_vendor_event(struct net_buf *buf)
2484 {
2485 bool handled = false;
2486
2487 #if defined(CONFIG_BT_HCI_VS_EVT_USER)
2488 if (hci_vnd_evt_cb) {
2489 struct net_buf_simple_state state;
2490
2491 net_buf_simple_save(&buf->b, &state);
2492
2493 handled = hci_vnd_evt_cb(&buf->b);
2494
2495 net_buf_simple_restore(&buf->b, &state);
2496 }
2497 #endif /* CONFIG_BT_HCI_VS_EVT_USER */
2498
2499 if (IS_ENABLED(CONFIG_BT_HCI_VS_EVT) && !handled) {
2500 struct bt_hci_evt_vs *evt;
2501
2502 evt = net_buf_pull_mem(buf, sizeof(*evt));
2503
2504 LOG_DBG("subevent 0x%02x", evt->subevent);
2505
2506 handle_vs_event(evt->subevent, buf, vs_events, ARRAY_SIZE(vs_events));
2507 }
2508 }
2509
2510 static const struct event_handler meta_events[] = {
2511 #if defined(CONFIG_BT_OBSERVER)
2512 EVENT_HANDLER(BT_HCI_EVT_LE_ADVERTISING_REPORT, bt_hci_le_adv_report,
2513 sizeof(struct bt_hci_evt_le_advertising_report)),
2514 #endif /* CONFIG_BT_OBSERVER */
2515 #if defined(CONFIG_BT_CONN)
2516 EVENT_HANDLER(BT_HCI_EVT_LE_CONN_COMPLETE, le_legacy_conn_complete,
2517 sizeof(struct bt_hci_evt_le_conn_complete)),
2518 EVENT_HANDLER(BT_HCI_EVT_LE_ENH_CONN_COMPLETE, le_enh_conn_complete,
2519 sizeof(struct bt_hci_evt_le_enh_conn_complete)),
2520 EVENT_HANDLER(BT_HCI_EVT_LE_CONN_UPDATE_COMPLETE,
2521 le_conn_update_complete,
2522 sizeof(struct bt_hci_evt_le_conn_update_complete)),
2523 EVENT_HANDLER(BT_HCI_EVT_LE_REMOTE_FEAT_COMPLETE,
2524 le_remote_feat_complete,
2525 sizeof(struct bt_hci_evt_le_remote_feat_complete)),
2526 EVENT_HANDLER(BT_HCI_EVT_LE_CONN_PARAM_REQ, le_conn_param_req,
2527 sizeof(struct bt_hci_evt_le_conn_param_req)),
2528 #if defined(CONFIG_BT_DATA_LEN_UPDATE)
2529 EVENT_HANDLER(BT_HCI_EVT_LE_DATA_LEN_CHANGE, le_data_len_change,
2530 sizeof(struct bt_hci_evt_le_data_len_change)),
2531 #endif /* CONFIG_BT_DATA_LEN_UPDATE */
2532 #if defined(CONFIG_BT_PHY_UPDATE)
2533 EVENT_HANDLER(BT_HCI_EVT_LE_PHY_UPDATE_COMPLETE,
2534 le_phy_update_complete,
2535 sizeof(struct bt_hci_evt_le_phy_update_complete)),
2536 #endif /* CONFIG_BT_PHY_UPDATE */
2537 #endif /* CONFIG_BT_CONN */
2538 #if defined(CONFIG_BT_SMP)
2539 EVENT_HANDLER(BT_HCI_EVT_LE_LTK_REQUEST, le_ltk_request,
2540 sizeof(struct bt_hci_evt_le_ltk_request)),
2541 #endif /* CONFIG_BT_SMP */
2542 #if defined(CONFIG_BT_ECC)
2543 EVENT_HANDLER(BT_HCI_EVT_LE_P256_PUBLIC_KEY_COMPLETE,
2544 bt_hci_evt_le_pkey_complete,
2545 sizeof(struct bt_hci_evt_le_p256_public_key_complete)),
2546 EVENT_HANDLER(BT_HCI_EVT_LE_GENERATE_DHKEY_COMPLETE,
2547 bt_hci_evt_le_dhkey_complete,
2548 sizeof(struct bt_hci_evt_le_generate_dhkey_complete)),
2549 #endif /* CONFIG_BT_SMP */
2550 #if defined(CONFIG_BT_EXT_ADV)
2551 #if defined(CONFIG_BT_BROADCASTER)
2552 EVENT_HANDLER(BT_HCI_EVT_LE_ADV_SET_TERMINATED, bt_hci_le_adv_set_terminated,
2553 sizeof(struct bt_hci_evt_le_adv_set_terminated)),
2554 EVENT_HANDLER(BT_HCI_EVT_LE_SCAN_REQ_RECEIVED, bt_hci_le_scan_req_received,
2555 sizeof(struct bt_hci_evt_le_scan_req_received)),
2556 #endif
2557 #if defined(CONFIG_BT_OBSERVER)
2558 EVENT_HANDLER(BT_HCI_EVT_LE_SCAN_TIMEOUT, bt_hci_le_scan_timeout,
2559 0),
2560 EVENT_HANDLER(BT_HCI_EVT_LE_EXT_ADVERTISING_REPORT, bt_hci_le_adv_ext_report,
2561 sizeof(struct bt_hci_evt_le_ext_advertising_report)),
2562 #endif /* defined(CONFIG_BT_OBSERVER) */
2563 #if defined(CONFIG_BT_PER_ADV_SYNC)
2564 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_SYNC_ESTABLISHED,
2565 bt_hci_le_per_adv_sync_established,
2566 sizeof(struct bt_hci_evt_le_per_adv_sync_established)),
2567 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADVERTISING_REPORT, bt_hci_le_per_adv_report,
2568 sizeof(struct bt_hci_evt_le_per_advertising_report)),
2569 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_SYNC_LOST, bt_hci_le_per_adv_sync_lost,
2570 sizeof(struct bt_hci_evt_le_per_adv_sync_lost)),
2571 #if defined(CONFIG_BT_CONN)
2572 EVENT_HANDLER(BT_HCI_EVT_LE_PAST_RECEIVED, bt_hci_le_past_received,
2573 sizeof(struct bt_hci_evt_le_past_received)),
2574 #endif /* CONFIG_BT_CONN */
2575 #endif /* defined(CONFIG_BT_PER_ADV_SYNC) */
2576 #endif /* defined(CONFIG_BT_EXT_ADV) */
2577 #if defined(CONFIG_BT_ISO_UNICAST)
2578 EVENT_HANDLER(BT_HCI_EVT_LE_CIS_ESTABLISHED, hci_le_cis_established,
2579 sizeof(struct bt_hci_evt_le_cis_established)),
2580 #if defined(CONFIG_BT_ISO_PERIPHERAL)
2581 EVENT_HANDLER(BT_HCI_EVT_LE_CIS_REQ, hci_le_cis_req,
2582 sizeof(struct bt_hci_evt_le_cis_req)),
2583 #endif /* (CONFIG_BT_ISO_PERIPHERAL) */
2584 #endif /* (CONFIG_BT_ISO_UNICAST) */
2585 #if defined(CONFIG_BT_ISO_BROADCASTER)
2586 EVENT_HANDLER(BT_HCI_EVT_LE_BIG_COMPLETE,
2587 hci_le_big_complete,
2588 sizeof(struct bt_hci_evt_le_big_complete)),
2589 EVENT_HANDLER(BT_HCI_EVT_LE_BIG_TERMINATE,
2590 hci_le_big_terminate,
2591 sizeof(struct bt_hci_evt_le_big_terminate)),
2592 #endif /* CONFIG_BT_ISO_BROADCASTER */
2593 #if defined(CONFIG_BT_ISO_SYNC_RECEIVER)
2594 EVENT_HANDLER(BT_HCI_EVT_LE_BIG_SYNC_ESTABLISHED,
2595 hci_le_big_sync_established,
2596 sizeof(struct bt_hci_evt_le_big_sync_established)),
2597 EVENT_HANDLER(BT_HCI_EVT_LE_BIG_SYNC_LOST,
2598 hci_le_big_sync_lost,
2599 sizeof(struct bt_hci_evt_le_big_sync_lost)),
2600 EVENT_HANDLER(BT_HCI_EVT_LE_BIGINFO_ADV_REPORT,
2601 bt_hci_le_biginfo_adv_report,
2602 sizeof(struct bt_hci_evt_le_biginfo_adv_report)),
2603 #endif /* CONFIG_BT_ISO_SYNC_RECEIVER */
2604 #if defined(CONFIG_BT_DF_CONNECTIONLESS_CTE_RX)
2605 EVENT_HANDLER(BT_HCI_EVT_LE_CONNECTIONLESS_IQ_REPORT, bt_hci_le_df_connectionless_iq_report,
2606 sizeof(struct bt_hci_evt_le_connectionless_iq_report)),
2607 #endif /* CONFIG_BT_DF_CONNECTIONLESS_CTE_RX */
2608 #if defined(CONFIG_BT_DF_CONNECTION_CTE_RX)
2609 EVENT_HANDLER(BT_HCI_EVT_LE_CONNECTION_IQ_REPORT, bt_hci_le_df_connection_iq_report,
2610 sizeof(struct bt_hci_evt_le_connection_iq_report)),
2611 #endif /* CONFIG_BT_DF_CONNECTION_CTE_RX */
2612 #if defined(CONFIG_BT_DF_CONNECTION_CTE_REQ)
2613 EVENT_HANDLER(BT_HCI_EVT_LE_CTE_REQUEST_FAILED, bt_hci_le_df_cte_req_failed,
2614 sizeof(struct bt_hci_evt_le_cte_req_failed)),
2615 #endif /* CONFIG_BT_DF_CONNECTION_CTE_REQ */
2616 #if defined(CONFIG_BT_TRANSMIT_POWER_CONTROL)
2617 EVENT_HANDLER(BT_HCI_EVT_LE_TRANSMIT_POWER_REPORT, bt_hci_le_transmit_power_report,
2618 sizeof(struct bt_hci_evt_le_transmit_power_report)),
2619 #endif /* CONFIG_BT_TRANSMIT_POWER_CONTROL */
2620 #if defined(CONFIG_BT_PER_ADV_SYNC_RSP)
2621 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADVERTISING_REPORT_V2, bt_hci_le_per_adv_report_v2,
2622 sizeof(struct bt_hci_evt_le_per_advertising_report_v2)),
2623 EVENT_HANDLER(BT_HCI_EVT_LE_PAST_RECEIVED_V2, bt_hci_le_past_received_v2,
2624 sizeof(struct bt_hci_evt_le_past_received_v2)),
2625 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_SYNC_ESTABLISHED_V2,
2626 bt_hci_le_per_adv_sync_established_v2,
2627 sizeof(struct bt_hci_evt_le_per_adv_sync_established_v2)),
2628 #endif /* CONFIG_BT_PER_ADV_SYNC_RSP */
2629 #if defined(CONFIG_BT_PER_ADV_RSP)
2630 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_SUBEVENT_DATA_REQUEST,
2631 bt_hci_le_per_adv_subevent_data_request,
2632 sizeof(struct bt_hci_evt_le_per_adv_subevent_data_request)),
2633 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_RESPONSE_REPORT, bt_hci_le_per_adv_response_report,
2634 sizeof(struct bt_hci_evt_le_per_adv_response_report)),
2635 #endif /* CONFIG_BT_PER_ADV_RSP */
2636 #if defined(CONFIG_BT_CONN)
2637 #if defined(CONFIG_BT_PER_ADV_RSP) || defined(CONFIG_BT_PER_ADV_SYNC_RSP)
2638 EVENT_HANDLER(BT_HCI_EVT_LE_ENH_CONN_COMPLETE_V2, le_enh_conn_complete_v2,
2639 sizeof(struct bt_hci_evt_le_enh_conn_complete_v2)),
2640 #endif /* CONFIG_BT_PER_ADV_RSP || CONFIG_BT_PER_ADV_SYNC_RSP */
2641 #endif /* CONFIG_BT_CONN */
2642
2643 };
2644
hci_le_meta_event(struct net_buf * buf)2645 static void hci_le_meta_event(struct net_buf *buf)
2646 {
2647 struct bt_hci_evt_le_meta_event *evt;
2648
2649 evt = net_buf_pull_mem(buf, sizeof(*evt));
2650
2651 LOG_DBG("subevent 0x%02x", evt->subevent);
2652
2653 handle_event(evt->subevent, buf, meta_events, ARRAY_SIZE(meta_events));
2654 }
2655
2656 static const struct event_handler normal_events[] = {
2657 EVENT_HANDLER(BT_HCI_EVT_VENDOR, hci_vendor_event,
2658 sizeof(struct bt_hci_evt_vs)),
2659 EVENT_HANDLER(BT_HCI_EVT_LE_META_EVENT, hci_le_meta_event,
2660 sizeof(struct bt_hci_evt_le_meta_event)),
2661 #if defined(CONFIG_BT_BREDR)
2662 EVENT_HANDLER(BT_HCI_EVT_CONN_REQUEST, bt_hci_conn_req,
2663 sizeof(struct bt_hci_evt_conn_request)),
2664 EVENT_HANDLER(BT_HCI_EVT_CONN_COMPLETE, bt_hci_conn_complete,
2665 sizeof(struct bt_hci_evt_conn_complete)),
2666 EVENT_HANDLER(BT_HCI_EVT_PIN_CODE_REQ, bt_hci_pin_code_req,
2667 sizeof(struct bt_hci_evt_pin_code_req)),
2668 EVENT_HANDLER(BT_HCI_EVT_LINK_KEY_NOTIFY, bt_hci_link_key_notify,
2669 sizeof(struct bt_hci_evt_link_key_notify)),
2670 EVENT_HANDLER(BT_HCI_EVT_LINK_KEY_REQ, bt_hci_link_key_req,
2671 sizeof(struct bt_hci_evt_link_key_req)),
2672 EVENT_HANDLER(BT_HCI_EVT_IO_CAPA_RESP, bt_hci_io_capa_resp,
2673 sizeof(struct bt_hci_evt_io_capa_resp)),
2674 EVENT_HANDLER(BT_HCI_EVT_IO_CAPA_REQ, bt_hci_io_capa_req,
2675 sizeof(struct bt_hci_evt_io_capa_req)),
2676 EVENT_HANDLER(BT_HCI_EVT_SSP_COMPLETE, bt_hci_ssp_complete,
2677 sizeof(struct bt_hci_evt_ssp_complete)),
2678 EVENT_HANDLER(BT_HCI_EVT_USER_CONFIRM_REQ, bt_hci_user_confirm_req,
2679 sizeof(struct bt_hci_evt_user_confirm_req)),
2680 EVENT_HANDLER(BT_HCI_EVT_USER_PASSKEY_NOTIFY,
2681 bt_hci_user_passkey_notify,
2682 sizeof(struct bt_hci_evt_user_passkey_notify)),
2683 EVENT_HANDLER(BT_HCI_EVT_USER_PASSKEY_REQ, bt_hci_user_passkey_req,
2684 sizeof(struct bt_hci_evt_user_passkey_req)),
2685 EVENT_HANDLER(BT_HCI_EVT_INQUIRY_COMPLETE, bt_hci_inquiry_complete,
2686 sizeof(struct bt_hci_evt_inquiry_complete)),
2687 EVENT_HANDLER(BT_HCI_EVT_INQUIRY_RESULT_WITH_RSSI,
2688 bt_hci_inquiry_result_with_rssi,
2689 sizeof(struct bt_hci_evt_inquiry_result_with_rssi)),
2690 EVENT_HANDLER(BT_HCI_EVT_EXTENDED_INQUIRY_RESULT,
2691 bt_hci_extended_inquiry_result,
2692 sizeof(struct bt_hci_evt_extended_inquiry_result)),
2693 EVENT_HANDLER(BT_HCI_EVT_REMOTE_NAME_REQ_COMPLETE,
2694 bt_hci_remote_name_request_complete,
2695 sizeof(struct bt_hci_evt_remote_name_req_complete)),
2696 EVENT_HANDLER(BT_HCI_EVT_AUTH_COMPLETE, bt_hci_auth_complete,
2697 sizeof(struct bt_hci_evt_auth_complete)),
2698 EVENT_HANDLER(BT_HCI_EVT_REMOTE_FEATURES,
2699 bt_hci_read_remote_features_complete,
2700 sizeof(struct bt_hci_evt_remote_features)),
2701 EVENT_HANDLER(BT_HCI_EVT_REMOTE_EXT_FEATURES,
2702 bt_hci_read_remote_ext_features_complete,
2703 sizeof(struct bt_hci_evt_remote_ext_features)),
2704 EVENT_HANDLER(BT_HCI_EVT_ROLE_CHANGE, bt_hci_role_change,
2705 sizeof(struct bt_hci_evt_role_change)),
2706 EVENT_HANDLER(BT_HCI_EVT_SYNC_CONN_COMPLETE, bt_hci_synchronous_conn_complete,
2707 sizeof(struct bt_hci_evt_sync_conn_complete)),
2708 #endif /* CONFIG_BT_BREDR */
2709 #if defined(CONFIG_BT_CONN)
2710 EVENT_HANDLER(BT_HCI_EVT_DISCONN_COMPLETE, hci_disconn_complete,
2711 sizeof(struct bt_hci_evt_disconn_complete)),
2712 #endif /* CONFIG_BT_CONN */
2713 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_BREDR)
2714 EVENT_HANDLER(BT_HCI_EVT_ENCRYPT_CHANGE, hci_encrypt_change,
2715 sizeof(struct bt_hci_evt_encrypt_change)),
2716 EVENT_HANDLER(BT_HCI_EVT_ENCRYPT_KEY_REFRESH_COMPLETE,
2717 hci_encrypt_key_refresh_complete,
2718 sizeof(struct bt_hci_evt_encrypt_key_refresh_complete)),
2719 #endif /* CONFIG_BT_SMP || CONFIG_BT_BREDR */
2720 #if defined(CONFIG_BT_REMOTE_VERSION)
2721 EVENT_HANDLER(BT_HCI_EVT_REMOTE_VERSION_INFO,
2722 bt_hci_evt_read_remote_version_complete,
2723 sizeof(struct bt_hci_evt_remote_version_info)),
2724 #endif /* CONFIG_BT_REMOTE_VERSION */
2725 EVENT_HANDLER(BT_HCI_EVT_HARDWARE_ERROR, hci_hardware_error,
2726 sizeof(struct bt_hci_evt_hardware_error)),
2727 };
2728
hci_event(struct net_buf * buf)2729 static void hci_event(struct net_buf *buf)
2730 {
2731 struct bt_hci_evt_hdr *hdr;
2732
2733 if (buf->len < sizeof(*hdr)) {
2734 LOG_ERR("Invalid HCI event size (%u)", buf->len);
2735 net_buf_unref(buf);
2736 return;
2737 }
2738
2739 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
2740 LOG_DBG("event 0x%02x", hdr->evt);
2741 BT_ASSERT(bt_hci_evt_get_flags(hdr->evt) & BT_HCI_EVT_FLAG_RECV);
2742
2743 handle_event(hdr->evt, buf, normal_events, ARRAY_SIZE(normal_events));
2744
2745 net_buf_unref(buf);
2746 }
2747
send_cmd(void)2748 static void send_cmd(void)
2749 {
2750 struct net_buf *buf;
2751 int err;
2752
2753 /* Get next command */
2754 LOG_DBG("calling net_buf_get");
2755 buf = net_buf_get(&bt_dev.cmd_tx_queue, K_NO_WAIT);
2756 BT_ASSERT(buf);
2757
2758 /* Wait until ncmd > 0 */
2759 LOG_DBG("calling sem_take_wait");
2760 k_sem_take(&bt_dev.ncmd_sem, K_FOREVER);
2761
2762 /* Clear out any existing sent command */
2763 if (bt_dev.sent_cmd) {
2764 LOG_ERR("Uncleared pending sent_cmd");
2765 net_buf_unref(bt_dev.sent_cmd);
2766 bt_dev.sent_cmd = NULL;
2767 }
2768
2769 bt_dev.sent_cmd = net_buf_ref(buf);
2770
2771 LOG_DBG("Sending command 0x%04x (buf %p) to driver", cmd(buf)->opcode, buf);
2772
2773 err = bt_send(buf);
2774 if (err) {
2775 LOG_ERR("Unable to send to driver (err %d)", err);
2776 k_sem_give(&bt_dev.ncmd_sem);
2777 hci_cmd_done(cmd(buf)->opcode, BT_HCI_ERR_UNSPECIFIED, buf);
2778 net_buf_unref(buf);
2779 }
2780 }
2781
process_events(struct k_poll_event * ev,int count)2782 static void process_events(struct k_poll_event *ev, int count)
2783 {
2784 LOG_DBG("count %d", count);
2785
2786 for (; count; ev++, count--) {
2787 LOG_DBG("ev->state %u", ev->state);
2788
2789 switch (ev->state) {
2790 case K_POLL_STATE_SIGNALED:
2791 break;
2792 case K_POLL_STATE_SEM_AVAILABLE:
2793 /* After this fn is exec'd, `bt_conn_prepare_events()`
2794 * will be called once again, and this time buffers will
2795 * be available, so the FIFO will be added to the poll
2796 * list instead of the ctlr buffers semaphore.
2797 */
2798 break;
2799 case K_POLL_STATE_FIFO_DATA_AVAILABLE:
2800 if (ev->tag == BT_EVENT_CMD_TX) {
2801 send_cmd();
2802 } else if (IS_ENABLED(CONFIG_BT_CONN) ||
2803 IS_ENABLED(CONFIG_BT_ISO)) {
2804 struct bt_conn *conn;
2805
2806 if (ev->tag == BT_EVENT_CONN_TX_QUEUE) {
2807 conn = CONTAINER_OF(ev->fifo,
2808 struct bt_conn,
2809 tx_queue);
2810 bt_conn_process_tx(conn);
2811 }
2812 }
2813 break;
2814 case K_POLL_STATE_NOT_READY:
2815 break;
2816 default:
2817 LOG_WRN("Unexpected k_poll event state %u", ev->state);
2818 break;
2819 }
2820 }
2821 }
2822
2823 #if defined(CONFIG_BT_CONN)
2824 #if defined(CONFIG_BT_ISO)
2825 /* command FIFO + conn_change signal + MAX_CONN + ISO_MAX_CHAN */
2826 #define EV_COUNT (2 + CONFIG_BT_MAX_CONN + CONFIG_BT_ISO_MAX_CHAN)
2827 #else
2828 /* command FIFO + conn_change signal + MAX_CONN */
2829 #define EV_COUNT (2 + CONFIG_BT_MAX_CONN)
2830 #endif /* CONFIG_BT_ISO */
2831 #else
2832 #if defined(CONFIG_BT_ISO)
2833 /* command FIFO + conn_change signal + ISO_MAX_CHAN */
2834 #define EV_COUNT (2 + CONFIG_BT_ISO_MAX_CHAN)
2835 #else
2836 /* command FIFO */
2837 #define EV_COUNT 1
2838 #endif /* CONFIG_BT_ISO */
2839 #endif /* CONFIG_BT_CONN */
2840
hci_tx_thread(void * p1,void * p2,void * p3)2841 static void hci_tx_thread(void *p1, void *p2, void *p3)
2842 {
2843 static struct k_poll_event events[EV_COUNT] = {
2844 K_POLL_EVENT_STATIC_INITIALIZER(K_POLL_TYPE_FIFO_DATA_AVAILABLE,
2845 K_POLL_MODE_NOTIFY_ONLY,
2846 &bt_dev.cmd_tx_queue,
2847 BT_EVENT_CMD_TX),
2848 };
2849
2850 LOG_DBG("Started");
2851
2852 while (1) {
2853 int ev_count, err;
2854
2855 events[0].state = K_POLL_STATE_NOT_READY;
2856 ev_count = 1;
2857
2858 /* This adds the FIFO per-connection */
2859 if (IS_ENABLED(CONFIG_BT_CONN) || IS_ENABLED(CONFIG_BT_ISO)) {
2860 ev_count += bt_conn_prepare_events(&events[1]);
2861 }
2862
2863 LOG_DBG("Calling k_poll with %d events", ev_count);
2864
2865 err = k_poll(events, ev_count, K_FOREVER);
2866 BT_ASSERT(err == 0);
2867
2868 process_events(events, ev_count);
2869
2870 /* Make sure we don't hog the CPU if there's all the time
2871 * some ready events.
2872 */
2873 k_yield();
2874 }
2875 }
2876
2877
read_local_ver_complete(struct net_buf * buf)2878 static void read_local_ver_complete(struct net_buf *buf)
2879 {
2880 struct bt_hci_rp_read_local_version_info *rp = (void *)buf->data;
2881
2882 LOG_DBG("status 0x%02x", rp->status);
2883
2884 bt_dev.hci_version = rp->hci_version;
2885 bt_dev.hci_revision = sys_le16_to_cpu(rp->hci_revision);
2886 bt_dev.lmp_version = rp->lmp_version;
2887 bt_dev.lmp_subversion = sys_le16_to_cpu(rp->lmp_subversion);
2888 bt_dev.manufacturer = sys_le16_to_cpu(rp->manufacturer);
2889 }
2890
read_le_features_complete(struct net_buf * buf)2891 static void read_le_features_complete(struct net_buf *buf)
2892 {
2893 struct bt_hci_rp_le_read_local_features *rp = (void *)buf->data;
2894
2895 LOG_DBG("status 0x%02x", rp->status);
2896
2897 memcpy(bt_dev.le.features, rp->features, sizeof(bt_dev.le.features));
2898 }
2899
2900 #if defined(CONFIG_BT_CONN)
2901 #if !defined(CONFIG_BT_BREDR)
read_buffer_size_complete(struct net_buf * buf)2902 static void read_buffer_size_complete(struct net_buf *buf)
2903 {
2904 struct bt_hci_rp_read_buffer_size *rp = (void *)buf->data;
2905 uint16_t pkts;
2906
2907 LOG_DBG("status 0x%02x", rp->status);
2908
2909 /* If LE-side has buffers we can ignore the BR/EDR values */
2910 if (bt_dev.le.acl_mtu) {
2911 return;
2912 }
2913
2914 bt_dev.le.acl_mtu = sys_le16_to_cpu(rp->acl_max_len);
2915 pkts = sys_le16_to_cpu(rp->acl_max_num);
2916
2917 LOG_DBG("ACL BR/EDR buffers: pkts %u mtu %u", pkts, bt_dev.le.acl_mtu);
2918
2919 k_sem_init(&bt_dev.le.acl_pkts, pkts, pkts);
2920 }
2921 #endif /* !defined(CONFIG_BT_BREDR) */
2922 #endif /* CONFIG_BT_CONN */
2923
le_read_buffer_size_complete(struct net_buf * buf)2924 static void le_read_buffer_size_complete(struct net_buf *buf)
2925 {
2926 struct bt_hci_rp_le_read_buffer_size *rp = (void *)buf->data;
2927
2928 LOG_DBG("status 0x%02x", rp->status);
2929
2930 #if defined(CONFIG_BT_CONN)
2931 uint16_t acl_mtu = sys_le16_to_cpu(rp->le_max_len);
2932
2933 if (!acl_mtu || !rp->le_max_num) {
2934 return;
2935 }
2936
2937 bt_dev.le.acl_mtu = acl_mtu;
2938
2939 LOG_DBG("ACL LE buffers: pkts %u mtu %u", rp->le_max_num, bt_dev.le.acl_mtu);
2940
2941 k_sem_init(&bt_dev.le.acl_pkts, rp->le_max_num, rp->le_max_num);
2942 #endif /* CONFIG_BT_CONN */
2943 }
2944
read_buffer_size_v2_complete(struct net_buf * buf)2945 static void read_buffer_size_v2_complete(struct net_buf *buf)
2946 {
2947 #if defined(CONFIG_BT_ISO)
2948 struct bt_hci_rp_le_read_buffer_size_v2 *rp = (void *)buf->data;
2949
2950 LOG_DBG("status %u", rp->status);
2951
2952 #if defined(CONFIG_BT_CONN)
2953 uint16_t acl_mtu = sys_le16_to_cpu(rp->acl_max_len);
2954
2955 if (acl_mtu && rp->acl_max_num) {
2956 bt_dev.le.acl_mtu = acl_mtu;
2957 LOG_DBG("ACL LE buffers: pkts %u mtu %u", rp->acl_max_num, bt_dev.le.acl_mtu);
2958
2959 k_sem_init(&bt_dev.le.acl_pkts, rp->acl_max_num, rp->acl_max_num);
2960 }
2961 #endif /* CONFIG_BT_CONN */
2962
2963 uint16_t iso_mtu = sys_le16_to_cpu(rp->iso_max_len);
2964
2965 if (!iso_mtu || !rp->iso_max_num) {
2966 LOG_ERR("ISO buffer size not set");
2967 return;
2968 }
2969
2970 bt_dev.le.iso_mtu = iso_mtu;
2971
2972 LOG_DBG("ISO buffers: pkts %u mtu %u", rp->iso_max_num, bt_dev.le.iso_mtu);
2973
2974 k_sem_init(&bt_dev.le.iso_pkts, rp->iso_max_num, rp->iso_max_num);
2975 bt_dev.le.iso_limit = rp->iso_max_num;
2976 #endif /* CONFIG_BT_ISO */
2977 }
2978
le_set_host_feature(uint8_t bit_number,uint8_t bit_value)2979 static int le_set_host_feature(uint8_t bit_number, uint8_t bit_value)
2980 {
2981 struct bt_hci_cp_le_set_host_feature *cp;
2982 struct net_buf *buf;
2983
2984 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_HOST_FEATURE, sizeof(*cp));
2985 if (!buf) {
2986 return -ENOBUFS;
2987 }
2988
2989 cp = net_buf_add(buf, sizeof(*cp));
2990 cp->bit_number = bit_number;
2991 cp->bit_value = bit_value;
2992
2993 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_HOST_FEATURE, buf, NULL);
2994 }
2995
read_supported_commands_complete(struct net_buf * buf)2996 static void read_supported_commands_complete(struct net_buf *buf)
2997 {
2998 struct bt_hci_rp_read_supported_commands *rp = (void *)buf->data;
2999
3000 LOG_DBG("status 0x%02x", rp->status);
3001
3002 memcpy(bt_dev.supported_commands, rp->commands,
3003 sizeof(bt_dev.supported_commands));
3004
3005 /* Report additional HCI commands used for ECDH as
3006 * supported if TinyCrypt ECC is used for emulation.
3007 */
3008 if (IS_ENABLED(CONFIG_BT_TINYCRYPT_ECC)) {
3009 bt_hci_ecc_supported_commands(bt_dev.supported_commands);
3010 }
3011 }
3012
read_local_features_complete(struct net_buf * buf)3013 static void read_local_features_complete(struct net_buf *buf)
3014 {
3015 struct bt_hci_rp_read_local_features *rp = (void *)buf->data;
3016
3017 LOG_DBG("status 0x%02x", rp->status);
3018
3019 memcpy(bt_dev.features[0], rp->features, sizeof(bt_dev.features[0]));
3020 }
3021
le_read_supp_states_complete(struct net_buf * buf)3022 static void le_read_supp_states_complete(struct net_buf *buf)
3023 {
3024 struct bt_hci_rp_le_read_supp_states *rp = (void *)buf->data;
3025
3026 LOG_DBG("status 0x%02x", rp->status);
3027
3028 bt_dev.le.states = sys_get_le64(rp->le_states);
3029 }
3030
3031 #if defined(CONFIG_BT_SMP)
le_read_resolving_list_size_complete(struct net_buf * buf)3032 static void le_read_resolving_list_size_complete(struct net_buf *buf)
3033 {
3034 struct bt_hci_rp_le_read_rl_size *rp = (void *)buf->data;
3035
3036 LOG_DBG("Resolving List size %u", rp->rl_size);
3037
3038 bt_dev.le.rl_size = rp->rl_size;
3039 }
3040 #endif /* defined(CONFIG_BT_SMP) */
3041
common_init(void)3042 static int common_init(void)
3043 {
3044 struct net_buf *rsp;
3045 int err;
3046
3047 if (!(bt_dev.drv->quirks & BT_QUIRK_NO_RESET)) {
3048 /* Send HCI_RESET */
3049 err = bt_hci_cmd_send_sync(BT_HCI_OP_RESET, NULL, &rsp);
3050 if (err) {
3051 return err;
3052 }
3053 hci_reset_complete(rsp);
3054 net_buf_unref(rsp);
3055 }
3056
3057 /* Read Local Supported Features */
3058 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_LOCAL_FEATURES, NULL, &rsp);
3059 if (err) {
3060 return err;
3061 }
3062 read_local_features_complete(rsp);
3063 net_buf_unref(rsp);
3064
3065 /* Read Local Version Information */
3066 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_LOCAL_VERSION_INFO, NULL,
3067 &rsp);
3068 if (err) {
3069 return err;
3070 }
3071 read_local_ver_complete(rsp);
3072 net_buf_unref(rsp);
3073
3074 /* Read Local Supported Commands */
3075 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_SUPPORTED_COMMANDS, NULL,
3076 &rsp);
3077 if (err) {
3078 return err;
3079 }
3080 read_supported_commands_complete(rsp);
3081 net_buf_unref(rsp);
3082
3083 if (IS_ENABLED(CONFIG_BT_HOST_CRYPTO_PRNG)) {
3084 /* Initialize the PRNG so that it is safe to use it later
3085 * on in the initialization process.
3086 */
3087 err = prng_init();
3088 if (err) {
3089 return err;
3090 }
3091 }
3092
3093 #if defined(CONFIG_BT_HCI_ACL_FLOW_CONTROL)
3094 err = set_flow_control();
3095 if (err) {
3096 return err;
3097 }
3098 #endif /* CONFIG_BT_HCI_ACL_FLOW_CONTROL */
3099
3100 return 0;
3101 }
3102
le_set_event_mask(void)3103 static int le_set_event_mask(void)
3104 {
3105 struct bt_hci_cp_le_set_event_mask *cp_mask;
3106 struct net_buf *buf;
3107 uint64_t mask = 0U;
3108
3109 /* Set LE event mask */
3110 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_EVENT_MASK, sizeof(*cp_mask));
3111 if (!buf) {
3112 return -ENOBUFS;
3113 }
3114
3115 cp_mask = net_buf_add(buf, sizeof(*cp_mask));
3116
3117 mask |= BT_EVT_MASK_LE_ADVERTISING_REPORT;
3118
3119 if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
3120 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
3121 mask |= BT_EVT_MASK_LE_ADV_SET_TERMINATED;
3122 mask |= BT_EVT_MASK_LE_SCAN_REQ_RECEIVED;
3123 mask |= BT_EVT_MASK_LE_EXT_ADVERTISING_REPORT;
3124 mask |= BT_EVT_MASK_LE_SCAN_TIMEOUT;
3125 if (IS_ENABLED(CONFIG_BT_PER_ADV_SYNC)) {
3126 mask |= BT_EVT_MASK_LE_PER_ADV_SYNC_ESTABLISHED;
3127 mask |= BT_EVT_MASK_LE_PER_ADVERTISING_REPORT;
3128 mask |= BT_EVT_MASK_LE_PER_ADV_SYNC_LOST;
3129 mask |= BT_EVT_MASK_LE_PAST_RECEIVED;
3130 }
3131 }
3132
3133 if (IS_ENABLED(CONFIG_BT_CONN)) {
3134 if ((IS_ENABLED(CONFIG_BT_SMP) &&
3135 BT_FEAT_LE_PRIVACY(bt_dev.le.features)) ||
3136 (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
3137 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
3138 /* C24:
3139 * Mandatory if the LE Controller supports Connection
3140 * State and either LE Feature (LL Privacy) or
3141 * LE Feature (Extended Advertising) is supported, ...
3142 */
3143 mask |= BT_EVT_MASK_LE_ENH_CONN_COMPLETE;
3144 } else {
3145 mask |= BT_EVT_MASK_LE_CONN_COMPLETE;
3146 }
3147
3148 mask |= BT_EVT_MASK_LE_CONN_UPDATE_COMPLETE;
3149 mask |= BT_EVT_MASK_LE_REMOTE_FEAT_COMPLETE;
3150
3151 if (BT_FEAT_LE_CONN_PARAM_REQ_PROC(bt_dev.le.features)) {
3152 mask |= BT_EVT_MASK_LE_CONN_PARAM_REQ;
3153 }
3154
3155 if (IS_ENABLED(CONFIG_BT_DATA_LEN_UPDATE) &&
3156 BT_FEAT_LE_DLE(bt_dev.le.features)) {
3157 mask |= BT_EVT_MASK_LE_DATA_LEN_CHANGE;
3158 }
3159
3160 if (IS_ENABLED(CONFIG_BT_PHY_UPDATE) &&
3161 (BT_FEAT_LE_PHY_2M(bt_dev.le.features) ||
3162 BT_FEAT_LE_PHY_CODED(bt_dev.le.features))) {
3163 mask |= BT_EVT_MASK_LE_PHY_UPDATE_COMPLETE;
3164 }
3165 if (IS_ENABLED(CONFIG_BT_TRANSMIT_POWER_CONTROL)) {
3166 mask |= BT_EVT_MASK_LE_TRANSMIT_POWER_REPORTING;
3167 }
3168 }
3169
3170 if (IS_ENABLED(CONFIG_BT_SMP) &&
3171 BT_FEAT_LE_ENCR(bt_dev.le.features)) {
3172 mask |= BT_EVT_MASK_LE_LTK_REQUEST;
3173 }
3174
3175 /*
3176 * If "LE Read Local P-256 Public Key" and "LE Generate DH Key" are
3177 * supported we need to enable events generated by those commands.
3178 */
3179 if (IS_ENABLED(CONFIG_BT_ECC) &&
3180 (BT_CMD_TEST(bt_dev.supported_commands, 34, 1)) &&
3181 (BT_CMD_TEST(bt_dev.supported_commands, 34, 2))) {
3182 mask |= BT_EVT_MASK_LE_P256_PUBLIC_KEY_COMPLETE;
3183 mask |= BT_EVT_MASK_LE_GENERATE_DHKEY_COMPLETE;
3184 }
3185
3186 /*
3187 * Enable CIS events only if ISO connections are enabled and controller
3188 * support them.
3189 */
3190 if (IS_ENABLED(CONFIG_BT_ISO) &&
3191 BT_FEAT_LE_CIS(bt_dev.le.features)) {
3192 mask |= BT_EVT_MASK_LE_CIS_ESTABLISHED;
3193 if (BT_FEAT_LE_CIS_PERIPHERAL(bt_dev.le.features)) {
3194 mask |= BT_EVT_MASK_LE_CIS_REQ;
3195 }
3196 }
3197
3198 /* Enable BIS events for broadcaster and/or receiver */
3199 if (IS_ENABLED(CONFIG_BT_ISO) && BT_FEAT_LE_BIS(bt_dev.le.features)) {
3200 if (IS_ENABLED(CONFIG_BT_ISO_BROADCASTER) &&
3201 BT_FEAT_LE_ISO_BROADCASTER(bt_dev.le.features)) {
3202 mask |= BT_EVT_MASK_LE_BIG_COMPLETE;
3203 mask |= BT_EVT_MASK_LE_BIG_TERMINATED;
3204 }
3205 if (IS_ENABLED(CONFIG_BT_ISO_SYNC_RECEIVER) &&
3206 BT_FEAT_LE_SYNC_RECEIVER(bt_dev.le.features)) {
3207 mask |= BT_EVT_MASK_LE_BIG_SYNC_ESTABLISHED;
3208 mask |= BT_EVT_MASK_LE_BIG_SYNC_LOST;
3209 mask |= BT_EVT_MASK_LE_BIGINFO_ADV_REPORT;
3210 }
3211 }
3212
3213 /* Enable IQ samples report events receiver */
3214 if (IS_ENABLED(CONFIG_BT_DF_CONNECTIONLESS_CTE_RX)) {
3215 mask |= BT_EVT_MASK_LE_CONNECTIONLESS_IQ_REPORT;
3216 }
3217
3218 if (IS_ENABLED(CONFIG_BT_DF_CONNECTION_CTE_RX)) {
3219 mask |= BT_EVT_MASK_LE_CONNECTION_IQ_REPORT;
3220 mask |= BT_EVT_MASK_LE_CTE_REQUEST_FAILED;
3221 }
3222
3223 if (IS_ENABLED(CONFIG_BT_PER_ADV_RSP)) {
3224 mask |= BT_EVT_MASK_LE_PER_ADV_SUBEVENT_DATA_REQ;
3225 mask |= BT_EVT_MASK_LE_PER_ADV_RESPONSE_REPORT;
3226 }
3227
3228 if (IS_ENABLED(CONFIG_BT_PER_ADV_SYNC_RSP)) {
3229 mask |= BT_EVT_MASK_LE_PER_ADVERTISING_REPORT_V2;
3230 mask |= BT_EVT_MASK_LE_PER_ADV_SYNC_ESTABLISHED_V2;
3231 mask |= BT_EVT_MASK_LE_PAST_RECEIVED_V2;
3232 }
3233
3234 if (IS_ENABLED(CONFIG_BT_CONN) &&
3235 (IS_ENABLED(CONFIG_BT_PER_ADV_RSP) || IS_ENABLED(CONFIG_BT_PER_ADV_SYNC_RSP))) {
3236 mask |= BT_EVT_MASK_LE_ENH_CONN_COMPLETE_V2;
3237 }
3238
3239 sys_put_le64(mask, cp_mask->events);
3240 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_EVENT_MASK, buf, NULL);
3241 }
3242
le_init_iso(void)3243 static int le_init_iso(void)
3244 {
3245 int err;
3246 struct net_buf *rsp;
3247
3248 if (IS_ENABLED(CONFIG_BT_ISO_UNICAST)) {
3249 /* Set Connected Isochronous Streams - Host support */
3250 err = le_set_host_feature(BT_LE_FEAT_BIT_ISO_CHANNELS, 1);
3251 if (err) {
3252 return err;
3253 }
3254 }
3255
3256 /* Octet 41, bit 5 is read buffer size V2 */
3257 if (BT_CMD_TEST(bt_dev.supported_commands, 41, 5)) {
3258 /* Read ISO Buffer Size V2 */
3259 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_BUFFER_SIZE_V2,
3260 NULL, &rsp);
3261 if (err) {
3262 return err;
3263 }
3264
3265 read_buffer_size_v2_complete(rsp);
3266
3267 net_buf_unref(rsp);
3268 } else if (IS_ENABLED(CONFIG_BT_CONN)) {
3269 if (IS_ENABLED(CONFIG_BT_ISO_UNICAST) || IS_ENABLED(CONFIG_BT_ISO_BROADCASTER)) {
3270 LOG_WRN("Read Buffer Size V2 command is not supported. "
3271 "No ISO TX buffers will be available");
3272 }
3273
3274 /* Read LE Buffer Size */
3275 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_BUFFER_SIZE,
3276 NULL, &rsp);
3277 if (err) {
3278 return err;
3279 }
3280
3281 le_read_buffer_size_complete(rsp);
3282
3283 net_buf_unref(rsp);
3284 }
3285
3286 return 0;
3287 }
3288
le_init(void)3289 static int le_init(void)
3290 {
3291 struct bt_hci_cp_write_le_host_supp *cp_le;
3292 struct net_buf *buf, *rsp;
3293 int err;
3294
3295 /* For now we only support LE capable controllers */
3296 if (!BT_FEAT_LE(bt_dev.features)) {
3297 LOG_ERR("Non-LE capable controller detected!");
3298 return -ENODEV;
3299 }
3300
3301 /* Read Low Energy Supported Features */
3302 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_LOCAL_FEATURES, NULL,
3303 &rsp);
3304 if (err) {
3305 return err;
3306 }
3307
3308 read_le_features_complete(rsp);
3309 net_buf_unref(rsp);
3310
3311 if (IS_ENABLED(CONFIG_BT_ISO) &&
3312 BT_FEAT_LE_ISO(bt_dev.le.features)) {
3313 err = le_init_iso();
3314 if (err) {
3315 return err;
3316 }
3317 } else if (IS_ENABLED(CONFIG_BT_CONN)) {
3318 /* Read LE Buffer Size */
3319 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_BUFFER_SIZE,
3320 NULL, &rsp);
3321 if (err) {
3322 return err;
3323 }
3324
3325 le_read_buffer_size_complete(rsp);
3326
3327 net_buf_unref(rsp);
3328 }
3329
3330 if (BT_FEAT_BREDR(bt_dev.features)) {
3331 buf = bt_hci_cmd_create(BT_HCI_OP_LE_WRITE_LE_HOST_SUPP,
3332 sizeof(*cp_le));
3333 if (!buf) {
3334 return -ENOBUFS;
3335 }
3336
3337 cp_le = net_buf_add(buf, sizeof(*cp_le));
3338
3339 /* Explicitly enable LE for dual-mode controllers */
3340 cp_le->le = 0x01;
3341 cp_le->simul = 0x00;
3342 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_WRITE_LE_HOST_SUPP, buf,
3343 NULL);
3344 if (err) {
3345 return err;
3346 }
3347 }
3348
3349 /* Read LE Supported States */
3350 if (BT_CMD_LE_STATES(bt_dev.supported_commands)) {
3351 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_SUPP_STATES, NULL,
3352 &rsp);
3353 if (err) {
3354 return err;
3355 }
3356
3357 le_read_supp_states_complete(rsp);
3358 net_buf_unref(rsp);
3359 }
3360
3361 if (IS_ENABLED(CONFIG_BT_CONN) &&
3362 IS_ENABLED(CONFIG_BT_DATA_LEN_UPDATE) &&
3363 IS_ENABLED(CONFIG_BT_AUTO_DATA_LEN_UPDATE) &&
3364 BT_FEAT_LE_DLE(bt_dev.le.features)) {
3365 struct bt_hci_cp_le_write_default_data_len *cp;
3366 uint16_t tx_octets, tx_time;
3367
3368 err = hci_le_read_max_data_len(&tx_octets, &tx_time);
3369 if (err) {
3370 return err;
3371 }
3372
3373 buf = bt_hci_cmd_create(BT_HCI_OP_LE_WRITE_DEFAULT_DATA_LEN,
3374 sizeof(*cp));
3375 if (!buf) {
3376 return -ENOBUFS;
3377 }
3378
3379 cp = net_buf_add(buf, sizeof(*cp));
3380 cp->max_tx_octets = sys_cpu_to_le16(tx_octets);
3381 cp->max_tx_time = sys_cpu_to_le16(tx_time);
3382
3383 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_WRITE_DEFAULT_DATA_LEN,
3384 buf, NULL);
3385 if (err) {
3386 return err;
3387 }
3388 }
3389
3390 #if defined(CONFIG_BT_SMP)
3391 if (BT_FEAT_LE_PRIVACY(bt_dev.le.features)) {
3392 #if defined(CONFIG_BT_PRIVACY)
3393 struct bt_hci_cp_le_set_rpa_timeout *cp;
3394
3395 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_RPA_TIMEOUT,
3396 sizeof(*cp));
3397 if (!buf) {
3398 return -ENOBUFS;
3399 }
3400
3401 cp = net_buf_add(buf, sizeof(*cp));
3402 cp->rpa_timeout = sys_cpu_to_le16(bt_dev.rpa_timeout);
3403 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_RPA_TIMEOUT, buf,
3404 NULL);
3405 if (err) {
3406 return err;
3407 }
3408 #endif /* defined(CONFIG_BT_PRIVACY) */
3409
3410 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_RL_SIZE, NULL,
3411 &rsp);
3412 if (err) {
3413 return err;
3414 }
3415 le_read_resolving_list_size_complete(rsp);
3416 net_buf_unref(rsp);
3417 }
3418 #endif
3419
3420 #if defined(CONFIG_BT_DF)
3421 if (BT_FEAT_LE_CONNECTIONLESS_CTE_TX(bt_dev.le.features) ||
3422 BT_FEAT_LE_CONNECTIONLESS_CTE_RX(bt_dev.le.features) ||
3423 BT_FEAT_LE_RX_CTE(bt_dev.le.features)) {
3424 err = le_df_init();
3425 if (err) {
3426 return err;
3427 }
3428 }
3429 #endif /* CONFIG_BT_DF */
3430
3431 return le_set_event_mask();
3432 }
3433
3434 #if !defined(CONFIG_BT_BREDR)
bt_br_init(void)3435 static int bt_br_init(void)
3436 {
3437 #if defined(CONFIG_BT_CONN)
3438 struct net_buf *rsp;
3439 int err;
3440
3441 if (bt_dev.le.acl_mtu) {
3442 return 0;
3443 }
3444
3445 /* Use BR/EDR buffer size if LE reports zero buffers */
3446 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_BUFFER_SIZE, NULL, &rsp);
3447 if (err) {
3448 return err;
3449 }
3450
3451 read_buffer_size_complete(rsp);
3452 net_buf_unref(rsp);
3453 #endif /* CONFIG_BT_CONN */
3454
3455 return 0;
3456 }
3457 #endif /* !defined(CONFIG_BT_BREDR) */
3458
set_event_mask(void)3459 static int set_event_mask(void)
3460 {
3461 struct bt_hci_cp_set_event_mask *ev;
3462 struct net_buf *buf;
3463 uint64_t mask = 0U;
3464
3465 buf = bt_hci_cmd_create(BT_HCI_OP_SET_EVENT_MASK, sizeof(*ev));
3466 if (!buf) {
3467 return -ENOBUFS;
3468 }
3469
3470 ev = net_buf_add(buf, sizeof(*ev));
3471
3472 if (IS_ENABLED(CONFIG_BT_BREDR)) {
3473 /* Since we require LE support, we can count on a
3474 * Bluetooth 4.0 feature set
3475 */
3476 mask |= BT_EVT_MASK_INQUIRY_COMPLETE;
3477 mask |= BT_EVT_MASK_CONN_COMPLETE;
3478 mask |= BT_EVT_MASK_CONN_REQUEST;
3479 mask |= BT_EVT_MASK_AUTH_COMPLETE;
3480 mask |= BT_EVT_MASK_REMOTE_NAME_REQ_COMPLETE;
3481 mask |= BT_EVT_MASK_REMOTE_FEATURES;
3482 mask |= BT_EVT_MASK_ROLE_CHANGE;
3483 mask |= BT_EVT_MASK_PIN_CODE_REQ;
3484 mask |= BT_EVT_MASK_LINK_KEY_REQ;
3485 mask |= BT_EVT_MASK_LINK_KEY_NOTIFY;
3486 mask |= BT_EVT_MASK_INQUIRY_RESULT_WITH_RSSI;
3487 mask |= BT_EVT_MASK_REMOTE_EXT_FEATURES;
3488 mask |= BT_EVT_MASK_SYNC_CONN_COMPLETE;
3489 mask |= BT_EVT_MASK_EXTENDED_INQUIRY_RESULT;
3490 mask |= BT_EVT_MASK_IO_CAPA_REQ;
3491 mask |= BT_EVT_MASK_IO_CAPA_RESP;
3492 mask |= BT_EVT_MASK_USER_CONFIRM_REQ;
3493 mask |= BT_EVT_MASK_USER_PASSKEY_REQ;
3494 mask |= BT_EVT_MASK_SSP_COMPLETE;
3495 mask |= BT_EVT_MASK_USER_PASSKEY_NOTIFY;
3496 }
3497
3498 mask |= BT_EVT_MASK_HARDWARE_ERROR;
3499 mask |= BT_EVT_MASK_DATA_BUFFER_OVERFLOW;
3500 mask |= BT_EVT_MASK_LE_META_EVENT;
3501
3502 if (IS_ENABLED(CONFIG_BT_CONN)) {
3503 mask |= BT_EVT_MASK_DISCONN_COMPLETE;
3504 mask |= BT_EVT_MASK_REMOTE_VERSION_INFO;
3505 }
3506
3507 if (IS_ENABLED(CONFIG_BT_SMP) &&
3508 BT_FEAT_LE_ENCR(bt_dev.le.features)) {
3509 mask |= BT_EVT_MASK_ENCRYPT_CHANGE;
3510 mask |= BT_EVT_MASK_ENCRYPT_KEY_REFRESH_COMPLETE;
3511 }
3512
3513 sys_put_le64(mask, ev->events);
3514 return bt_hci_cmd_send_sync(BT_HCI_OP_SET_EVENT_MASK, buf, NULL);
3515 }
3516
bt_hci_get_ver_str(uint8_t core_version)3517 const char *bt_hci_get_ver_str(uint8_t core_version)
3518 {
3519 const char * const str[] = {
3520 "1.0b", "1.1", "1.2", "2.0", "2.1", "3.0", "4.0", "4.1", "4.2",
3521 "5.0", "5.1", "5.2", "5.3", "5.4"
3522 };
3523
3524 if (core_version < ARRAY_SIZE(str)) {
3525 return str[core_version];
3526 }
3527
3528 return "unknown";
3529 }
3530
bt_dev_show_info(void)3531 static void bt_dev_show_info(void)
3532 {
3533 int i;
3534
3535 LOG_INF("Identity%s: %s", bt_dev.id_count > 1 ? "[0]" : "",
3536 bt_addr_le_str(&bt_dev.id_addr[0]));
3537
3538 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
3539 #if defined(CONFIG_BT_PRIVACY)
3540 uint8_t irk[16];
3541
3542 sys_memcpy_swap(irk, bt_dev.irk[0], 16);
3543 LOG_INF("IRK%s: 0x%s", bt_dev.id_count > 1 ? "[0]" : "", bt_hex(irk, 16));
3544 #endif
3545 }
3546
3547 for (i = 1; i < bt_dev.id_count; i++) {
3548 LOG_INF("Identity[%d]: %s", i, bt_addr_le_str(&bt_dev.id_addr[i]));
3549
3550 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
3551 #if defined(CONFIG_BT_PRIVACY)
3552 uint8_t irk[16];
3553
3554 sys_memcpy_swap(irk, bt_dev.irk[i], 16);
3555 LOG_INF("IRK[%d]: 0x%s", i, bt_hex(irk, 16));
3556 #endif
3557 }
3558 }
3559
3560 if (IS_ENABLED(CONFIG_BT_SMP) &&
3561 IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
3562 bt_keys_foreach_type(BT_KEYS_ALL, bt_keys_show_sniffer_info, NULL);
3563 }
3564
3565 LOG_INF("HCI: version %s (0x%02x) revision 0x%04x, manufacturer 0x%04x",
3566 bt_hci_get_ver_str(bt_dev.hci_version), bt_dev.hci_version, bt_dev.hci_revision,
3567 bt_dev.manufacturer);
3568 LOG_INF("LMP: version %s (0x%02x) subver 0x%04x", bt_hci_get_ver_str(bt_dev.lmp_version),
3569 bt_dev.lmp_version, bt_dev.lmp_subversion);
3570 }
3571
3572 #if defined(CONFIG_BT_HCI_VS_EXT)
vs_hw_platform(uint16_t platform)3573 static const char *vs_hw_platform(uint16_t platform)
3574 {
3575 static const char * const plat_str[] = {
3576 "reserved", "Intel Corporation", "Nordic Semiconductor",
3577 "NXP Semiconductors" };
3578
3579 if (platform < ARRAY_SIZE(plat_str)) {
3580 return plat_str[platform];
3581 }
3582
3583 return "unknown";
3584 }
3585
vs_hw_variant(uint16_t platform,uint16_t variant)3586 static const char *vs_hw_variant(uint16_t platform, uint16_t variant)
3587 {
3588 static const char * const nordic_str[] = {
3589 "reserved", "nRF51x", "nRF52x", "nRF53x"
3590 };
3591
3592 if (platform != BT_HCI_VS_HW_PLAT_NORDIC) {
3593 return "unknown";
3594 }
3595
3596 if (variant < ARRAY_SIZE(nordic_str)) {
3597 return nordic_str[variant];
3598 }
3599
3600 return "unknown";
3601 }
3602
vs_fw_variant(uint8_t variant)3603 static const char *vs_fw_variant(uint8_t variant)
3604 {
3605 static const char * const var_str[] = {
3606 "Standard Bluetooth controller",
3607 "Vendor specific controller",
3608 "Firmware loader",
3609 "Rescue image",
3610 };
3611
3612 if (variant < ARRAY_SIZE(var_str)) {
3613 return var_str[variant];
3614 }
3615
3616 return "unknown";
3617 }
3618
hci_vs_init(void)3619 static void hci_vs_init(void)
3620 {
3621 union {
3622 struct bt_hci_rp_vs_read_version_info *info;
3623 struct bt_hci_rp_vs_read_supported_commands *cmds;
3624 struct bt_hci_rp_vs_read_supported_features *feat;
3625 } rp;
3626 struct net_buf *rsp;
3627 int err;
3628
3629 /* If heuristics is enabled, try to guess HCI VS support by looking
3630 * at the HCI version and identity address. We haven't set any addresses
3631 * at this point. So we need to read the public address.
3632 */
3633 if (IS_ENABLED(CONFIG_BT_HCI_VS_EXT_DETECT)) {
3634 bt_addr_le_t addr;
3635
3636 if ((bt_dev.hci_version < BT_HCI_VERSION_5_0) ||
3637 bt_id_read_public_addr(&addr)) {
3638 LOG_WRN("Controller doesn't seem to support "
3639 "Zephyr vendor HCI");
3640 return;
3641 }
3642 }
3643
3644 err = bt_hci_cmd_send_sync(BT_HCI_OP_VS_READ_VERSION_INFO, NULL, &rsp);
3645 if (err) {
3646 LOG_WRN("Vendor HCI extensions not available");
3647 return;
3648 }
3649
3650 if (IS_ENABLED(CONFIG_BT_HCI_VS_EXT_DETECT) &&
3651 rsp->len != sizeof(struct bt_hci_rp_vs_read_version_info)) {
3652 LOG_WRN("Invalid Vendor HCI extensions");
3653 net_buf_unref(rsp);
3654 return;
3655 }
3656
3657 rp.info = (void *)rsp->data;
3658 LOG_INF("HW Platform: %s (0x%04x)", vs_hw_platform(sys_le16_to_cpu(rp.info->hw_platform)),
3659 sys_le16_to_cpu(rp.info->hw_platform));
3660 LOG_INF("HW Variant: %s (0x%04x)",
3661 vs_hw_variant(sys_le16_to_cpu(rp.info->hw_platform),
3662 sys_le16_to_cpu(rp.info->hw_variant)),
3663 sys_le16_to_cpu(rp.info->hw_variant));
3664 LOG_INF("Firmware: %s (0x%02x) Version %u.%u Build %u", vs_fw_variant(rp.info->fw_variant),
3665 rp.info->fw_variant, rp.info->fw_version, sys_le16_to_cpu(rp.info->fw_revision),
3666 sys_le32_to_cpu(rp.info->fw_build));
3667
3668 net_buf_unref(rsp);
3669
3670 err = bt_hci_cmd_send_sync(BT_HCI_OP_VS_READ_SUPPORTED_COMMANDS,
3671 NULL, &rsp);
3672 if (err) {
3673 LOG_WRN("Failed to read supported vendor commands");
3674 return;
3675 }
3676
3677 if (IS_ENABLED(CONFIG_BT_HCI_VS_EXT_DETECT) &&
3678 rsp->len != sizeof(struct bt_hci_rp_vs_read_supported_commands)) {
3679 LOG_WRN("Invalid Vendor HCI extensions");
3680 net_buf_unref(rsp);
3681 return;
3682 }
3683
3684 rp.cmds = (void *)rsp->data;
3685 memcpy(bt_dev.vs_commands, rp.cmds->commands, BT_DEV_VS_CMDS_MAX);
3686 net_buf_unref(rsp);
3687
3688 if (BT_VS_CMD_SUP_FEAT(bt_dev.vs_commands)) {
3689 err = bt_hci_cmd_send_sync(BT_HCI_OP_VS_READ_SUPPORTED_FEATURES,
3690 NULL, &rsp);
3691 if (err) {
3692 LOG_WRN("Failed to read supported vendor features");
3693 return;
3694 }
3695
3696 if (IS_ENABLED(CONFIG_BT_HCI_VS_EXT_DETECT) &&
3697 rsp->len !=
3698 sizeof(struct bt_hci_rp_vs_read_supported_features)) {
3699 LOG_WRN("Invalid Vendor HCI extensions");
3700 net_buf_unref(rsp);
3701 return;
3702 }
3703
3704 rp.feat = (void *)rsp->data;
3705 memcpy(bt_dev.vs_features, rp.feat->features,
3706 BT_DEV_VS_FEAT_MAX);
3707 net_buf_unref(rsp);
3708 }
3709 }
3710 #endif /* CONFIG_BT_HCI_VS_EXT */
3711
hci_init(void)3712 static int hci_init(void)
3713 {
3714 int err;
3715
3716 #if defined(CONFIG_BT_HCI_SETUP)
3717 struct bt_hci_setup_params setup_params = { 0 };
3718
3719 bt_addr_copy(&setup_params.public_addr, BT_ADDR_ANY);
3720 #if defined(CONFIG_BT_HCI_SET_PUBLIC_ADDR)
3721 if (bt_dev.id_count > 0 && bt_dev.id_addr[BT_ID_DEFAULT].type == BT_ADDR_LE_PUBLIC) {
3722 bt_addr_copy(&setup_params.public_addr, &bt_dev.id_addr[BT_ID_DEFAULT].a);
3723 }
3724 #endif /* defined(CONFIG_BT_HCI_SET_PUBLIC_ADDR) */
3725
3726 if (bt_dev.drv->setup) {
3727 err = bt_dev.drv->setup(&setup_params);
3728 if (err) {
3729 return err;
3730 }
3731 }
3732 #endif /* defined(CONFIG_BT_HCI_SETUP) */
3733
3734 err = common_init();
3735 if (err) {
3736 return err;
3737 }
3738
3739 err = le_init();
3740 if (err) {
3741 return err;
3742 }
3743
3744 if (BT_FEAT_BREDR(bt_dev.features)) {
3745 err = bt_br_init();
3746 if (err) {
3747 return err;
3748 }
3749 } else if (IS_ENABLED(CONFIG_BT_BREDR)) {
3750 LOG_ERR("Non-BR/EDR controller detected");
3751 return -EIO;
3752 }
3753 #if defined(CONFIG_BT_CONN)
3754 else if (!bt_dev.le.acl_mtu) {
3755 LOG_ERR("ACL BR/EDR buffers not initialized");
3756 return -EIO;
3757 }
3758 #endif
3759
3760 err = set_event_mask();
3761 if (err) {
3762 return err;
3763 }
3764
3765 #if defined(CONFIG_BT_HCI_VS_EXT)
3766 hci_vs_init();
3767 #endif
3768 err = bt_id_init();
3769 if (err) {
3770 return err;
3771 }
3772
3773 return 0;
3774 }
3775
bt_send(struct net_buf * buf)3776 int bt_send(struct net_buf *buf)
3777 {
3778 LOG_DBG("buf %p len %u type %u", buf, buf->len, bt_buf_get_type(buf));
3779
3780 bt_monitor_send(bt_monitor_opcode(buf), buf->data, buf->len);
3781
3782 if (IS_ENABLED(CONFIG_BT_TINYCRYPT_ECC)) {
3783 return bt_hci_ecc_send(buf);
3784 }
3785
3786 return bt_dev.drv->send(buf);
3787 }
3788
3789 static const struct event_handler prio_events[] = {
3790 EVENT_HANDLER(BT_HCI_EVT_CMD_COMPLETE, hci_cmd_complete,
3791 sizeof(struct bt_hci_evt_cmd_complete)),
3792 EVENT_HANDLER(BT_HCI_EVT_CMD_STATUS, hci_cmd_status,
3793 sizeof(struct bt_hci_evt_cmd_status)),
3794 #if defined(CONFIG_BT_CONN)
3795 EVENT_HANDLER(BT_HCI_EVT_DATA_BUF_OVERFLOW,
3796 hci_data_buf_overflow,
3797 sizeof(struct bt_hci_evt_data_buf_overflow)),
3798 EVENT_HANDLER(BT_HCI_EVT_DISCONN_COMPLETE, hci_disconn_complete_prio,
3799 sizeof(struct bt_hci_evt_disconn_complete)),
3800 #endif /* CONFIG_BT_CONN */
3801 #if defined(CONFIG_BT_CONN_TX)
3802 EVENT_HANDLER(BT_HCI_EVT_NUM_COMPLETED_PACKETS,
3803 hci_num_completed_packets,
3804 sizeof(struct bt_hci_evt_num_completed_packets)),
3805 #endif /* CONFIG_BT_CONN_TX */
3806 };
3807
hci_event_prio(struct net_buf * buf)3808 void hci_event_prio(struct net_buf *buf)
3809 {
3810 struct net_buf_simple_state state;
3811 struct bt_hci_evt_hdr *hdr;
3812 uint8_t evt_flags;
3813
3814 net_buf_simple_save(&buf->b, &state);
3815
3816 if (buf->len < sizeof(*hdr)) {
3817 LOG_ERR("Invalid HCI event size (%u)", buf->len);
3818 net_buf_unref(buf);
3819 return;
3820 }
3821
3822 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
3823 evt_flags = bt_hci_evt_get_flags(hdr->evt);
3824 BT_ASSERT(evt_flags & BT_HCI_EVT_FLAG_RECV_PRIO);
3825
3826 handle_event(hdr->evt, buf, prio_events, ARRAY_SIZE(prio_events));
3827
3828 if (evt_flags & BT_HCI_EVT_FLAG_RECV) {
3829 net_buf_simple_restore(&buf->b, &state);
3830 } else {
3831 net_buf_unref(buf);
3832 }
3833 }
3834
3835 #if !defined(CONFIG_BT_RECV_BLOCKING)
rx_queue_put(struct net_buf * buf)3836 static void rx_queue_put(struct net_buf *buf)
3837 {
3838 net_buf_slist_put(&bt_dev.rx_queue, buf);
3839
3840 #if defined(CONFIG_BT_RECV_WORKQ_SYS)
3841 const int err = k_work_submit(&rx_work);
3842 #elif defined(CONFIG_BT_RECV_WORKQ_BT)
3843 const int err = k_work_submit_to_queue(&bt_workq, &rx_work);
3844 #endif /* CONFIG_BT_RECV_WORKQ_SYS */
3845 if (err < 0) {
3846 LOG_ERR("Could not submit rx_work: %d", err);
3847 }
3848 }
3849 #endif /* !CONFIG_BT_RECV_BLOCKING */
3850
bt_recv(struct net_buf * buf)3851 int bt_recv(struct net_buf *buf)
3852 {
3853 bt_monitor_send(bt_monitor_opcode(buf), buf->data, buf->len);
3854
3855 LOG_DBG("buf %p len %u", buf, buf->len);
3856
3857 switch (bt_buf_get_type(buf)) {
3858 #if defined(CONFIG_BT_CONN)
3859 case BT_BUF_ACL_IN:
3860 #if defined(CONFIG_BT_RECV_BLOCKING)
3861 hci_acl(buf);
3862 #else
3863 rx_queue_put(buf);
3864 #endif
3865 return 0;
3866 #endif /* BT_CONN */
3867 case BT_BUF_EVT:
3868 {
3869 #if defined(CONFIG_BT_RECV_BLOCKING)
3870 hci_event(buf);
3871 #else
3872 struct bt_hci_evt_hdr *hdr = (void *)buf->data;
3873 uint8_t evt_flags = bt_hci_evt_get_flags(hdr->evt);
3874
3875 if (evt_flags & BT_HCI_EVT_FLAG_RECV_PRIO) {
3876 hci_event_prio(buf);
3877 }
3878
3879 if (evt_flags & BT_HCI_EVT_FLAG_RECV) {
3880 rx_queue_put(buf);
3881 }
3882 #endif
3883 return 0;
3884
3885 }
3886 #if defined(CONFIG_BT_ISO)
3887 case BT_BUF_ISO_IN:
3888 #if defined(CONFIG_BT_RECV_BLOCKING)
3889 hci_iso(buf);
3890 #else
3891 rx_queue_put(buf);
3892 #endif
3893 return 0;
3894 #endif /* CONFIG_BT_ISO */
3895 default:
3896 LOG_ERR("Invalid buf type %u", bt_buf_get_type(buf));
3897 net_buf_unref(buf);
3898 return -EINVAL;
3899 }
3900 }
3901
bt_recv_prio(struct net_buf * buf)3902 int bt_recv_prio(struct net_buf *buf)
3903 {
3904 bt_monitor_send(bt_monitor_opcode(buf), buf->data, buf->len);
3905
3906 BT_ASSERT(bt_buf_get_type(buf) == BT_BUF_EVT);
3907
3908 hci_event_prio(buf);
3909
3910 return 0;
3911 }
3912
bt_hci_driver_register(const struct bt_hci_driver * drv)3913 int bt_hci_driver_register(const struct bt_hci_driver *drv)
3914 {
3915 if (bt_dev.drv) {
3916 return -EALREADY;
3917 }
3918
3919 if (!drv->open || !drv->send) {
3920 return -EINVAL;
3921 }
3922
3923 bt_dev.drv = drv;
3924
3925 LOG_DBG("Registered %s", drv->name ? drv->name : "");
3926
3927 bt_monitor_new_index(BT_MONITOR_TYPE_PRIMARY, drv->bus,
3928 BT_ADDR_ANY, drv->name ? drv->name : "bt0");
3929
3930 return 0;
3931 }
3932
bt_finalize_init(void)3933 void bt_finalize_init(void)
3934 {
3935 atomic_set_bit(bt_dev.flags, BT_DEV_READY);
3936
3937 if (IS_ENABLED(CONFIG_BT_OBSERVER)) {
3938 bt_le_scan_update(false);
3939 }
3940
3941 bt_dev_show_info();
3942 }
3943
bt_init(void)3944 static int bt_init(void)
3945 {
3946 int err;
3947
3948 err = hci_init();
3949 if (err) {
3950 return err;
3951 }
3952
3953 if (IS_ENABLED(CONFIG_BT_CONN)) {
3954 err = bt_conn_init();
3955 if (err) {
3956 return err;
3957 }
3958 }
3959
3960 if (IS_ENABLED(CONFIG_BT_ISO)) {
3961 err = bt_conn_iso_init();
3962 if (err) {
3963 return err;
3964 }
3965 }
3966
3967 if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
3968 if (!bt_dev.id_count) {
3969 LOG_INF("No ID address. App must call settings_load()");
3970 return 0;
3971 }
3972
3973 atomic_set_bit(bt_dev.flags, BT_DEV_PRESET_ID);
3974 }
3975
3976 bt_finalize_init();
3977 return 0;
3978 }
3979
init_work(struct k_work * work)3980 static void init_work(struct k_work *work)
3981 {
3982 int err;
3983
3984 err = bt_init();
3985 if (ready_cb) {
3986 ready_cb(err);
3987 }
3988 }
3989
3990 #if !defined(CONFIG_BT_RECV_BLOCKING)
rx_work_handler(struct k_work * work)3991 static void rx_work_handler(struct k_work *work)
3992 {
3993 int err;
3994
3995 struct net_buf *buf;
3996
3997 LOG_DBG("Getting net_buf from queue");
3998 buf = net_buf_slist_get(&bt_dev.rx_queue);
3999 if (!buf) {
4000 return;
4001 }
4002
4003 LOG_DBG("buf %p type %u len %u", buf, bt_buf_get_type(buf), buf->len);
4004
4005 switch (bt_buf_get_type(buf)) {
4006 #if defined(CONFIG_BT_CONN)
4007 case BT_BUF_ACL_IN:
4008 hci_acl(buf);
4009 break;
4010 #endif /* CONFIG_BT_CONN */
4011 #if defined(CONFIG_BT_ISO)
4012 case BT_BUF_ISO_IN:
4013 hci_iso(buf);
4014 break;
4015 #endif /* CONFIG_BT_ISO */
4016 case BT_BUF_EVT:
4017 hci_event(buf);
4018 break;
4019 default:
4020 LOG_ERR("Unknown buf type %u", bt_buf_get_type(buf));
4021 net_buf_unref(buf);
4022 break;
4023 }
4024
4025 /* Schedule the work handler to be executed again if there are
4026 * additional items in the queue. This allows for other users of the
4027 * work queue to get a chance at running, which wouldn't be possible if
4028 * we used a while() loop with a k_yield() statement.
4029 */
4030 if (!sys_slist_is_empty(&bt_dev.rx_queue)) {
4031
4032 #if defined(CONFIG_BT_RECV_WORKQ_SYS)
4033 err = k_work_submit(&rx_work);
4034 #elif defined(CONFIG_BT_RECV_WORKQ_BT)
4035 err = k_work_submit_to_queue(&bt_workq, &rx_work);
4036 #endif
4037 if (err < 0) {
4038 LOG_ERR("Could not submit rx_work: %d", err);
4039 }
4040 }
4041 }
4042 #endif /* !CONFIG_BT_RECV_BLOCKING */
4043
4044 #if defined(CONFIG_BT_TESTING)
bt_testing_tx_tid_get(void)4045 k_tid_t bt_testing_tx_tid_get(void)
4046 {
4047 return &tx_thread_data;
4048 }
4049 #endif
4050
bt_enable(bt_ready_cb_t cb)4051 int bt_enable(bt_ready_cb_t cb)
4052 {
4053 int err;
4054
4055 if (!bt_dev.drv) {
4056 LOG_ERR("No HCI driver registered");
4057 return -ENODEV;
4058 }
4059
4060 atomic_clear_bit(bt_dev.flags, BT_DEV_DISABLE);
4061
4062 if (atomic_test_and_set_bit(bt_dev.flags, BT_DEV_ENABLE)) {
4063 return -EALREADY;
4064 }
4065
4066 if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
4067 err = bt_settings_init();
4068 if (err) {
4069 return err;
4070 }
4071 } else if (IS_ENABLED(CONFIG_BT_DEVICE_NAME_DYNAMIC)) {
4072 err = bt_set_name(CONFIG_BT_DEVICE_NAME);
4073 if (err) {
4074 LOG_WRN("Failed to set device name (%d)", err);
4075 }
4076 }
4077
4078 ready_cb = cb;
4079
4080 /* Give cmd_sem allowing to send first HCI_Reset cmd, the only
4081 * exception is if the controller requests to wait for an
4082 * initial Command Complete for NOP.
4083 */
4084 if (!IS_ENABLED(CONFIG_BT_WAIT_NOP)) {
4085 k_sem_init(&bt_dev.ncmd_sem, 1, 1);
4086 } else {
4087 k_sem_init(&bt_dev.ncmd_sem, 0, 1);
4088 }
4089 k_fifo_init(&bt_dev.cmd_tx_queue);
4090 /* TX thread */
4091 k_thread_create(&tx_thread_data, tx_thread_stack,
4092 K_KERNEL_STACK_SIZEOF(tx_thread_stack),
4093 hci_tx_thread, NULL, NULL, NULL,
4094 K_PRIO_COOP(CONFIG_BT_HCI_TX_PRIO),
4095 0, K_NO_WAIT);
4096 k_thread_name_set(&tx_thread_data, "BT TX");
4097
4098 #if defined(CONFIG_BT_RECV_WORKQ_BT)
4099 /* RX thread */
4100 k_work_queue_init(&bt_workq);
4101 k_work_queue_start(&bt_workq, rx_thread_stack,
4102 CONFIG_BT_RX_STACK_SIZE,
4103 K_PRIO_COOP(CONFIG_BT_RX_PRIO), NULL);
4104 k_thread_name_set(&bt_workq.thread, "BT RX");
4105 #endif
4106
4107 err = bt_dev.drv->open();
4108 if (err) {
4109 LOG_ERR("HCI driver open failed (%d)", err);
4110 return err;
4111 }
4112
4113 bt_monitor_send(BT_MONITOR_OPEN_INDEX, NULL, 0);
4114
4115 if (!cb) {
4116 return bt_init();
4117 }
4118
4119 k_work_submit(&bt_dev.init);
4120 return 0;
4121 }
4122
bt_disable(void)4123 int bt_disable(void)
4124 {
4125 int err;
4126
4127 if (!bt_dev.drv) {
4128 LOG_ERR("No HCI driver registered");
4129 return -ENODEV;
4130 }
4131
4132 if (!bt_dev.drv->close) {
4133 return -ENOTSUP;
4134 }
4135
4136 if (atomic_test_and_set_bit(bt_dev.flags, BT_DEV_DISABLE)) {
4137 return -EALREADY;
4138 }
4139
4140 /* Clear BT_DEV_READY before disabling HCI link */
4141 atomic_clear_bit(bt_dev.flags, BT_DEV_READY);
4142
4143 err = bt_dev.drv->close();
4144 if (err) {
4145 LOG_ERR("HCI driver close failed (%d)", err);
4146
4147 /* Re-enable BT_DEV_READY to avoid inconsistent stack state */
4148 atomic_set_bit(bt_dev.flags, BT_DEV_READY);
4149
4150 return err;
4151 }
4152
4153 /* Some functions rely on checking this bitfield */
4154 memset(bt_dev.supported_commands, 0x00, sizeof(bt_dev.supported_commands));
4155
4156 /* If random address was set up - clear it */
4157 bt_addr_le_copy(&bt_dev.random_addr, BT_ADDR_LE_ANY);
4158
4159 #if defined(CONFIG_BT_BROADCASTER)
4160 bt_adv_reset_adv_pool();
4161 #endif /* CONFIG_BT_BROADCASTER */
4162
4163 #if defined(CONFIG_BT_PRIVACY)
4164 k_work_cancel_delayable(&bt_dev.rpa_update);
4165 #endif /* CONFIG_BT_PRIVACY */
4166
4167 #if defined(CONFIG_BT_PER_ADV_SYNC)
4168 bt_periodic_sync_disable();
4169 #endif /* CONFIG_BT_PER_ADV_SYNC */
4170
4171 #if defined(CONFIG_BT_CONN)
4172 if (IS_ENABLED(CONFIG_BT_SMP)) {
4173 bt_pub_key_hci_disrupted();
4174 }
4175 bt_conn_cleanup_all();
4176 disconnected_handles_reset();
4177 #endif /* CONFIG_BT_CONN */
4178
4179 /* Abort TX thread */
4180 k_thread_abort(&tx_thread_data);
4181
4182 #if defined(CONFIG_BT_RECV_WORKQ_BT)
4183 /* Abort RX thread */
4184 k_thread_abort(&bt_workq.thread);
4185 #endif
4186
4187 bt_monitor_send(BT_MONITOR_CLOSE_INDEX, NULL, 0);
4188
4189 /* Clear BT_DEV_ENABLE here to prevent early bt_enable() calls, before disable is
4190 * completed.
4191 */
4192 atomic_clear_bit(bt_dev.flags, BT_DEV_ENABLE);
4193
4194 return 0;
4195 }
4196
bt_is_ready(void)4197 bool bt_is_ready(void)
4198 {
4199 return atomic_test_bit(bt_dev.flags, BT_DEV_READY);
4200 }
4201
4202 #define DEVICE_NAME_LEN (sizeof(CONFIG_BT_DEVICE_NAME) - 1)
4203 #if defined(CONFIG_BT_DEVICE_NAME_DYNAMIC)
4204 BUILD_ASSERT(DEVICE_NAME_LEN < CONFIG_BT_DEVICE_NAME_MAX);
4205 #else
4206 BUILD_ASSERT(DEVICE_NAME_LEN < 248);
4207 #endif
4208
bt_set_name(const char * name)4209 int bt_set_name(const char *name)
4210 {
4211 #if defined(CONFIG_BT_DEVICE_NAME_DYNAMIC)
4212 size_t len = strlen(name);
4213 int err;
4214
4215 if (len > CONFIG_BT_DEVICE_NAME_MAX) {
4216 return -ENOMEM;
4217 }
4218
4219 if (!strcmp(bt_dev.name, name)) {
4220 return 0;
4221 }
4222
4223 memcpy(bt_dev.name, name, len);
4224 bt_dev.name[len] = '\0';
4225
4226 if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
4227 err = bt_settings_store_name(bt_dev.name, len);
4228 if (err) {
4229 LOG_WRN("Unable to store name");
4230 }
4231 }
4232
4233 return 0;
4234 #else
4235 return -ENOMEM;
4236 #endif
4237 }
4238
bt_get_name(void)4239 const char *bt_get_name(void)
4240 {
4241 #if defined(CONFIG_BT_DEVICE_NAME_DYNAMIC)
4242 return bt_dev.name;
4243 #else
4244 return CONFIG_BT_DEVICE_NAME;
4245 #endif
4246 }
4247
bt_get_appearance(void)4248 uint16_t bt_get_appearance(void)
4249 {
4250 #if defined(CONFIG_BT_DEVICE_APPEARANCE_DYNAMIC)
4251 return bt_dev.appearance;
4252 #else
4253 return CONFIG_BT_DEVICE_APPEARANCE;
4254 #endif
4255 }
4256
4257 #if defined(CONFIG_BT_DEVICE_APPEARANCE_DYNAMIC)
bt_set_appearance(uint16_t appearance)4258 int bt_set_appearance(uint16_t appearance)
4259 {
4260 if (bt_dev.appearance != appearance) {
4261 if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
4262 int err = bt_settings_store_appearance(&appearance, sizeof(appearance));
4263 if (err) {
4264 LOG_ERR("Unable to save setting 'bt/appearance' (err %d).", err);
4265 return err;
4266 }
4267 }
4268
4269 bt_dev.appearance = appearance;
4270 }
4271
4272 return 0;
4273 }
4274 #endif
4275
bt_addr_le_is_bonded(uint8_t id,const bt_addr_le_t * addr)4276 bool bt_addr_le_is_bonded(uint8_t id, const bt_addr_le_t *addr)
4277 {
4278 if (IS_ENABLED(CONFIG_BT_SMP)) {
4279 struct bt_keys *keys = bt_keys_find_addr(id, addr);
4280
4281 /* if there are any keys stored then device is bonded */
4282 return keys && keys->keys;
4283 } else {
4284 return false;
4285 }
4286 }
4287
4288 #if defined(CONFIG_BT_FILTER_ACCEPT_LIST)
bt_le_filter_accept_list_add(const bt_addr_le_t * addr)4289 int bt_le_filter_accept_list_add(const bt_addr_le_t *addr)
4290 {
4291 struct bt_hci_cp_le_add_dev_to_fal *cp;
4292 struct net_buf *buf;
4293 int err;
4294
4295 if (!atomic_test_bit(bt_dev.flags, BT_DEV_READY)) {
4296 return -EAGAIN;
4297 }
4298
4299 buf = bt_hci_cmd_create(BT_HCI_OP_LE_ADD_DEV_TO_FAL, sizeof(*cp));
4300 if (!buf) {
4301 return -ENOBUFS;
4302 }
4303
4304 cp = net_buf_add(buf, sizeof(*cp));
4305 bt_addr_le_copy(&cp->addr, addr);
4306
4307 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_ADD_DEV_TO_FAL, buf, NULL);
4308 if (err) {
4309 LOG_ERR("Failed to add device to filter accept list");
4310
4311 return err;
4312 }
4313
4314 return 0;
4315 }
4316
bt_le_filter_accept_list_remove(const bt_addr_le_t * addr)4317 int bt_le_filter_accept_list_remove(const bt_addr_le_t *addr)
4318 {
4319 struct bt_hci_cp_le_rem_dev_from_fal *cp;
4320 struct net_buf *buf;
4321 int err;
4322
4323 if (!atomic_test_bit(bt_dev.flags, BT_DEV_READY)) {
4324 return -EAGAIN;
4325 }
4326
4327 buf = bt_hci_cmd_create(BT_HCI_OP_LE_REM_DEV_FROM_FAL, sizeof(*cp));
4328 if (!buf) {
4329 return -ENOBUFS;
4330 }
4331
4332 cp = net_buf_add(buf, sizeof(*cp));
4333 bt_addr_le_copy(&cp->addr, addr);
4334
4335 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_REM_DEV_FROM_FAL, buf, NULL);
4336 if (err) {
4337 LOG_ERR("Failed to remove device from filter accept list");
4338 return err;
4339 }
4340
4341 return 0;
4342 }
4343
bt_le_filter_accept_list_clear(void)4344 int bt_le_filter_accept_list_clear(void)
4345 {
4346 int err;
4347
4348 if (!atomic_test_bit(bt_dev.flags, BT_DEV_READY)) {
4349 return -EAGAIN;
4350 }
4351
4352 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_CLEAR_FAL, NULL, NULL);
4353 if (err) {
4354 LOG_ERR("Failed to clear filter accept list");
4355 return err;
4356 }
4357
4358 return 0;
4359 }
4360 #endif /* defined(CONFIG_BT_FILTER_ACCEPT_LIST) */
4361
bt_le_set_chan_map(uint8_t chan_map[5])4362 int bt_le_set_chan_map(uint8_t chan_map[5])
4363 {
4364 struct bt_hci_cp_le_set_host_chan_classif *cp;
4365 struct net_buf *buf;
4366
4367 if (!(IS_ENABLED(CONFIG_BT_CENTRAL) || IS_ENABLED(CONFIG_BT_BROADCASTER))) {
4368 return -ENOTSUP;
4369 }
4370
4371 if (!BT_CMD_TEST(bt_dev.supported_commands, 27, 3)) {
4372 LOG_WRN("Set Host Channel Classification command is "
4373 "not supported");
4374 return -ENOTSUP;
4375 }
4376
4377 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_HOST_CHAN_CLASSIF,
4378 sizeof(*cp));
4379 if (!buf) {
4380 return -ENOBUFS;
4381 }
4382
4383 cp = net_buf_add(buf, sizeof(*cp));
4384
4385 memcpy(&cp->ch_map[0], &chan_map[0], 4);
4386 cp->ch_map[4] = chan_map[4] & BIT_MASK(5);
4387
4388 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_HOST_CHAN_CLASSIF,
4389 buf, NULL);
4390 }
4391
4392 #if defined(CONFIG_BT_RPA_TIMEOUT_DYNAMIC)
bt_le_set_rpa_timeout(uint16_t new_rpa_timeout)4393 int bt_le_set_rpa_timeout(uint16_t new_rpa_timeout)
4394 {
4395 if ((new_rpa_timeout == 0) || (new_rpa_timeout > 3600)) {
4396 return -EINVAL;
4397 }
4398
4399 if (new_rpa_timeout == bt_dev.rpa_timeout) {
4400 return 0;
4401 }
4402
4403 bt_dev.rpa_timeout = new_rpa_timeout;
4404 atomic_set_bit(bt_dev.flags, BT_DEV_RPA_TIMEOUT_CHANGED);
4405
4406 return 0;
4407 }
4408 #endif
4409
bt_configure_data_path(uint8_t dir,uint8_t id,uint8_t vs_config_len,const uint8_t * vs_config)4410 int bt_configure_data_path(uint8_t dir, uint8_t id, uint8_t vs_config_len,
4411 const uint8_t *vs_config)
4412 {
4413 struct bt_hci_rp_configure_data_path *rp;
4414 struct bt_hci_cp_configure_data_path *cp;
4415 struct net_buf *rsp;
4416 struct net_buf *buf;
4417 int err;
4418
4419 buf = bt_hci_cmd_create(BT_HCI_OP_CONFIGURE_DATA_PATH, sizeof(*cp) +
4420 vs_config_len);
4421 if (!buf) {
4422 return -ENOBUFS;
4423 }
4424
4425 cp = net_buf_add(buf, sizeof(*cp));
4426 cp->data_path_dir = dir;
4427 cp->data_path_id = id;
4428 cp->vs_config_len = vs_config_len;
4429 if (vs_config_len) {
4430 (void)memcpy(cp->vs_config, vs_config, vs_config_len);
4431 }
4432
4433 err = bt_hci_cmd_send_sync(BT_HCI_OP_CONFIGURE_DATA_PATH, buf, &rsp);
4434 if (err) {
4435 return err;
4436 }
4437
4438 rp = (void *)rsp->data;
4439 if (rp->status) {
4440 err = -EIO;
4441 }
4442 net_buf_unref(rsp);
4443
4444 return err;
4445 }
4446
