1 /* hci_core.c - HCI core Bluetooth handling */
2 
3 /*
4  * Copyright (c) 2017-2025 Nordic Semiconductor ASA
5  * Copyright (c) 2015-2016 Intel Corporation
6  * Copyright 2025 NXP
7  *
8  * SPDX-License-Identifier: Apache-2.0
9  */
10 
11 #include <zephyr/autoconf.h>
12 
13 #include <zephyr/bluetooth/hci_types.h>
14 #include <zephyr/kernel.h>
15 #include <string.h>
16 #include <stdio.h>
17 #include <errno.h>
18 #include <zephyr/net_buf.h>
19 #include <zephyr/sys/atomic.h>
20 #include <zephyr/sys/check.h>
21 #include <zephyr/sys/util_macro.h>
22 #include <zephyr/sys/util.h>
23 #include <zephyr/sys/slist.h>
24 #include <zephyr/sys/byteorder.h>
25 #include <zephyr/debug/stack.h>
26 #include <zephyr/sys/__assert.h>
27 #include <soc.h>
28 
29 #include <zephyr/settings/settings.h>
30 
31 #include <zephyr/bluetooth/bluetooth.h>
32 #include <zephyr/bluetooth/conn.h>
33 #include <zephyr/bluetooth/l2cap.h>
34 #include <zephyr/bluetooth/hci.h>
35 #include <zephyr/bluetooth/hci_vs.h>
36 #include <zephyr/bluetooth/testing.h>
37 #include <zephyr/drivers/bluetooth.h>
38 
39 #include "common/hci_common_internal.h"
40 #include "common/bt_str.h"
41 #include "common/rpa.h"
42 #include "common/assert.h"
43 
44 #include "keys.h"
45 #include "monitor.h"
46 #include "hci_core.h"
47 #include "ecc.h"
48 #include "id.h"
49 #include "adv.h"
50 #include "scan.h"
51 
52 #include "addr_internal.h"
53 #include "conn_internal.h"
54 #include "iso_internal.h"
55 #include "l2cap_internal.h"
56 #include "gatt_internal.h"
57 #include "smp.h"
58 #include "crypto.h"
59 #include "settings.h"
60 
61 #if defined(CONFIG_BT_CLASSIC)
62 #include "classic/br.h"
63 #endif
64 
65 #if defined(CONFIG_BT_DF)
66 #include "direction_internal.h"
67 #endif /* CONFIG_BT_DF */
68 
69 #define LOG_LEVEL CONFIG_BT_HCI_CORE_LOG_LEVEL
70 #include <zephyr/logging/log.h>
71 LOG_MODULE_REGISTER(bt_hci_core);
72 
73 #if DT_HAS_CHOSEN(zephyr_bt_hci)
74 #define BT_HCI_NODE   DT_CHOSEN(zephyr_bt_hci)
75 #define BT_HCI_DEV    DEVICE_DT_GET(BT_HCI_NODE)
76 #define BT_HCI_BUS    BT_DT_HCI_BUS_GET(BT_HCI_NODE)
77 #define BT_HCI_NAME   BT_DT_HCI_NAME_GET(BT_HCI_NODE)
78 #define BT_HCI_QUIRKS BT_DT_HCI_QUIRKS_GET(BT_HCI_NODE)
79 #else
80 /* The zephyr,bt-hci chosen property is mandatory, except for unit tests */
81 BUILD_ASSERT(IS_ENABLED(CONFIG_ZTEST), "Missing DT chosen property for HCI");
82 #define BT_HCI_DEV    NULL
83 #define BT_HCI_BUS    0
84 #define BT_HCI_NAME   ""
85 #define BT_HCI_QUIRKS 0
86 #endif
87 
88 void bt_tx_irq_raise(void);
89 
90 #define HCI_CMD_TIMEOUT      K_SECONDS(10)
91 
92 /* Stacks for the threads */
93 static void rx_work_handler(struct k_work *work);
94 static K_WORK_DEFINE(rx_work, rx_work_handler);
95 #if defined(CONFIG_BT_RECV_WORKQ_BT)
96 static struct k_work_q bt_workq;
97 static K_KERNEL_STACK_DEFINE(rx_thread_stack, CONFIG_BT_RX_STACK_SIZE);
98 #endif /* CONFIG_BT_RECV_WORKQ_BT */
99 
100 static void init_work(struct k_work *work);
101 
102 struct bt_dev bt_dev = {
103 	.init          = Z_WORK_INITIALIZER(init_work),
104 #if defined(CONFIG_BT_PRIVACY)
105 	.rpa_timeout   = CONFIG_BT_RPA_TIMEOUT,
106 #endif
107 #if defined(CONFIG_BT_DEVICE_APPEARANCE_DYNAMIC)
108 	.appearance = CONFIG_BT_DEVICE_APPEARANCE,
109 #endif
110 	.hci = BT_HCI_DEV,
111 };
112 
113 static bt_ready_cb_t ready_cb;
114 
115 #if defined(CONFIG_BT_HCI_VS_EVT_USER)
116 static bt_hci_vnd_evt_cb_t *hci_vnd_evt_cb;
117 #endif /* CONFIG_BT_HCI_VS_EVT_USER */
118 
119 struct cmd_data {
120 	/** HCI status of the command completion */
121 	uint8_t  status;
122 
123 	/** The command OpCode that the buffer contains */
124 	uint16_t opcode;
125 
126 	/** The state to update when command completes with success. */
127 	struct bt_hci_cmd_state_set *state;
128 
129 	/** Used by bt_hci_cmd_send_sync. */
130 	struct k_sem *sync;
131 };
132 
133 static struct cmd_data cmd_data[BT_BUF_CMD_TX_COUNT];
134 
135 #define cmd(buf) (&cmd_data[net_buf_id(buf)])
136 #define acl(buf) ((struct acl_data *)net_buf_user_data(buf))
137 
drv_quirk_no_reset(void)138 static bool drv_quirk_no_reset(void)
139 {
140 	return ((BT_HCI_QUIRKS & BT_HCI_QUIRK_NO_RESET) != 0);
141 }
142 
bt_drv_quirk_no_auto_dle(void)143 bool bt_drv_quirk_no_auto_dle(void)
144 {
145 	return ((BT_HCI_QUIRKS & BT_HCI_QUIRK_NO_AUTO_DLE) != 0);
146 }
147 
bt_hci_cmd_state_set_init(struct net_buf * buf,struct bt_hci_cmd_state_set * state,atomic_t * target,int bit,bool val)148 void bt_hci_cmd_state_set_init(struct net_buf *buf,
149 			       struct bt_hci_cmd_state_set *state,
150 			       atomic_t *target, int bit, bool val)
151 {
152 	state->target = target;
153 	state->bit = bit;
154 	state->val = val;
155 	cmd(buf)->state = state;
156 }
157 
158 /* HCI command buffers. Derive the needed size from both Command and Event
159  * buffer length since the buffer is also used for the response event i.e
160  * command complete or command status.
161  */
162 #define CMD_BUF_SIZE MAX(BT_BUF_EVT_RX_SIZE, BT_BUF_CMD_TX_SIZE)
163 NET_BUF_POOL_FIXED_DEFINE(hci_cmd_pool, BT_BUF_CMD_TX_COUNT,
164 			  CMD_BUF_SIZE, sizeof(struct bt_buf_data), NULL);
165 
166 struct event_handler {
167 	uint8_t event;
168 	uint8_t min_len;
169 	void (*handler)(struct net_buf *buf);
170 };
171 
172 #define EVENT_HANDLER(_evt, _handler, _min_len) \
173 { \
174 	.event = _evt, \
175 	.handler = _handler, \
176 	.min_len = _min_len, \
177 }
178 
handle_event_common(uint8_t event,struct net_buf * buf,const struct event_handler * handlers,size_t num_handlers)179 static int handle_event_common(uint8_t event, struct net_buf *buf,
180 			       const struct event_handler *handlers, size_t num_handlers)
181 {
182 	size_t i;
183 
184 	for (i = 0; i < num_handlers; i++) {
185 		const struct event_handler *handler = &handlers[i];
186 
187 		if (handler->event != event) {
188 			continue;
189 		}
190 
191 		if (buf->len < handler->min_len) {
192 			LOG_ERR("Too small (%u bytes) event 0x%02x", buf->len, event);
193 			return -EINVAL;
194 		}
195 
196 		handler->handler(buf);
197 		return 0;
198 	}
199 
200 	return -EOPNOTSUPP;
201 }
202 
handle_event(uint8_t event,struct net_buf * buf,const struct event_handler * handlers,size_t num_handlers)203 static void handle_event(uint8_t event, struct net_buf *buf, const struct event_handler *handlers,
204 			 size_t num_handlers)
205 {
206 	int err;
207 
208 	err = handle_event_common(event, buf, handlers, num_handlers);
209 	if (err == -EOPNOTSUPP) {
210 		LOG_WRN("Unhandled event 0x%02x len %u: %s", event, buf->len,
211 			bt_hex(buf->data, buf->len));
212 	}
213 
214 	/* Other possible errors are handled by handle_event_common function */
215 }
216 
handle_vs_event(uint8_t event,struct net_buf * buf,const struct event_handler * handlers,size_t num_handlers)217 static void handle_vs_event(uint8_t event, struct net_buf *buf,
218 			    const struct event_handler *handlers, size_t num_handlers)
219 {
220 	int err;
221 
222 	err = handle_event_common(event, buf, handlers, num_handlers);
223 	if (err == -EOPNOTSUPP) {
224 		LOG_WRN("Unhandled vendor-specific event 0x%02x len %u: %s", event, buf->len,
225 			bt_hex(buf->data, buf->len));
226 	}
227 
228 	/* Other possible errors are handled by handle_event_common function */
229 }
230 
bt_acl_set_ncp_sent(struct net_buf * packet,bool value)231 void bt_acl_set_ncp_sent(struct net_buf *packet, bool value)
232 {
233 	acl(packet)->host_ncp_sent = value;
234 }
235 
bt_send_one_host_num_completed_packets(uint16_t handle)236 void bt_send_one_host_num_completed_packets(uint16_t handle)
237 {
238 	if (!IS_ENABLED(CONFIG_BT_HCI_ACL_FLOW_CONTROL)) {
239 		ARG_UNUSED(handle);
240 		return;
241 	}
242 
243 	struct bt_hci_cp_host_num_completed_packets *cp;
244 	struct bt_hci_handle_count *hc;
245 	struct net_buf *buf;
246 	int err;
247 
248 	LOG_DBG("Reporting completed packet for handle %u", handle);
249 
250 	buf = bt_hci_cmd_create(BT_HCI_OP_HOST_NUM_COMPLETED_PACKETS,
251 				sizeof(*cp) + sizeof(*hc));
252 	BT_ASSERT_MSG(buf, "Unable to alloc for Host NCP");
253 
254 	cp = net_buf_add(buf, sizeof(*cp));
255 	cp->num_handles = 1;
256 
257 	hc = net_buf_add(buf, sizeof(*hc));
258 	hc->handle = sys_cpu_to_le16(handle);
259 	hc->count  = sys_cpu_to_le16(1);
260 
261 	err = bt_hci_cmd_send(BT_HCI_OP_HOST_NUM_COMPLETED_PACKETS, buf);
262 	BT_ASSERT_MSG(err == 0, "Unable to send Host NCP (err %d)", err);
263 }
264 
265 #if defined(CONFIG_BT_TESTING)
bt_testing_trace_event_acl_pool_destroy(struct net_buf * buf)266 __weak void bt_testing_trace_event_acl_pool_destroy(struct net_buf *buf)
267 {
268 }
269 #endif
270 
271 #if defined(CONFIG_BT_HCI_ACL_FLOW_CONTROL)
bt_hci_host_num_completed_packets(struct net_buf * buf)272 void bt_hci_host_num_completed_packets(struct net_buf *buf)
273 {
274 	uint16_t handle = acl(buf)->handle;
275 	struct bt_conn *conn;
276 	uint8_t index = acl(buf)->index;
277 
278 	if (IS_ENABLED(CONFIG_BT_TESTING)) {
279 		bt_testing_trace_event_acl_pool_destroy(buf);
280 	}
281 
282 	net_buf_destroy(buf);
283 
284 	if (acl(buf)->host_ncp_sent) {
285 		return;
286 	}
287 
288 	/* Do nothing if controller to host flow control is not supported */
289 	if (!BT_CMD_TEST(bt_dev.supported_commands, 10, 5)) {
290 		return;
291 	}
292 
293 	conn = bt_conn_lookup_index(index);
294 	if (!conn) {
295 		LOG_WRN("Unable to look up conn with index 0x%02x", index);
296 		return;
297 	}
298 
299 	if (conn->state != BT_CONN_CONNECTED &&
300 	    conn->state != BT_CONN_DISCONNECTING) {
301 		LOG_WRN("Not reporting packet for non-connected conn");
302 		bt_conn_unref(conn);
303 		return;
304 	}
305 
306 	bt_conn_unref(conn);
307 
308 	bt_send_one_host_num_completed_packets(handle);
309 }
310 #endif /* defined(CONFIG_BT_HCI_ACL_FLOW_CONTROL) */
311 
bt_hci_cmd_create(uint16_t opcode,uint8_t param_len)312 struct net_buf *bt_hci_cmd_create(uint16_t opcode, uint8_t param_len)
313 {
314 	struct bt_hci_cmd_hdr *hdr;
315 	struct net_buf *buf;
316 
317 	LOG_DBG("opcode 0x%04x param_len %u", opcode, param_len);
318 
319 	/* net_buf_alloc(K_FOREVER) can fail when run from the syswq */
320 	buf = net_buf_alloc(&hci_cmd_pool, K_FOREVER);
321 	if (!buf) {
322 		LOG_DBG("Unable to allocate a command buffer");
323 		return NULL;
324 	}
325 
326 	LOG_DBG("buf %p", buf);
327 
328 	net_buf_reserve(buf, BT_BUF_RESERVE);
329 
330 	bt_buf_set_type(buf, BT_BUF_CMD);
331 
332 	cmd(buf)->opcode = opcode;
333 	cmd(buf)->sync = NULL;
334 	cmd(buf)->state = NULL;
335 
336 	hdr = net_buf_add(buf, sizeof(*hdr));
337 	hdr->opcode = sys_cpu_to_le16(opcode);
338 	hdr->param_len = param_len;
339 
340 	return buf;
341 }
342 
bt_hci_cmd_send(uint16_t opcode,struct net_buf * buf)343 int bt_hci_cmd_send(uint16_t opcode, struct net_buf *buf)
344 {
345 	if (!buf) {
346 		buf = bt_hci_cmd_create(opcode, 0);
347 		if (!buf) {
348 			return -ENOBUFS;
349 		}
350 	}
351 
352 	LOG_DBG("opcode 0x%04x len %u", opcode, buf->len);
353 
354 	/* Host Number of Completed Packets can ignore the ncmd value
355 	 * and does not generate any cmd complete/status events.
356 	 */
357 	if (opcode == BT_HCI_OP_HOST_NUM_COMPLETED_PACKETS) {
358 		int err;
359 
360 		err = bt_send(buf);
361 		if (err) {
362 			LOG_ERR("Unable to send to driver (err %d)", err);
363 			net_buf_unref(buf);
364 		}
365 
366 		return err;
367 	}
368 
369 	k_fifo_put(&bt_dev.cmd_tx_queue, buf);
370 	bt_tx_irq_raise();
371 
372 	return 0;
373 }
374 
375 static bool process_pending_cmd(k_timeout_t timeout);
bt_hci_cmd_send_sync(uint16_t opcode,struct net_buf * buf,struct net_buf ** rsp)376 int bt_hci_cmd_send_sync(uint16_t opcode, struct net_buf *buf,
377 			 struct net_buf **rsp)
378 {
379 	struct k_sem sync_sem;
380 	uint8_t status;
381 	int err;
382 
383 	if (!buf) {
384 		buf = bt_hci_cmd_create(opcode, 0);
385 		if (!buf) {
386 			return -ENOBUFS;
387 		}
388 	} else {
389 		/* `cmd(buf)` depends on this  */
390 		if (net_buf_pool_get(buf->pool_id) != &hci_cmd_pool) {
391 			__ASSERT_NO_MSG(false);
392 			return -EINVAL;
393 		}
394 	}
395 
396 	LOG_DBG("buf %p opcode 0x%04x len %u", buf, opcode, buf->len);
397 
398 	/* This local sem is just for suspending the current thread until the
399 	 * command is processed by the LL. It is given (and we are awaken) by
400 	 * the cmd_complete/status handlers.
401 	 */
402 	k_sem_init(&sync_sem, 0, 1);
403 	cmd(buf)->sync = &sync_sem;
404 
405 	k_fifo_put(&bt_dev.cmd_tx_queue, net_buf_ref(buf));
406 	bt_tx_irq_raise();
407 
408 	/* TODO: disallow sending sync commands from syswq altogether */
409 
410 	/* Since the commands are now processed in the syswq, we cannot suspend
411 	 * and wait. We have to send the command from the current context.
412 	 */
413 	if (k_current_get() == &k_sys_work_q.thread) {
414 		/* drain the command queue until we get to send the command of interest. */
415 		struct net_buf *cmd = NULL;
416 
417 		do {
418 			cmd = k_fifo_peek_head(&bt_dev.cmd_tx_queue);
419 			LOG_DBG("process cmd %p want %p", cmd, buf);
420 
421 			/* Wait for a response from the Bluetooth Controller.
422 			 * The Controller may fail to respond if:
423 			 *  - It was never programmed or connected.
424 			 *  - There was a fatal error.
425 			 *
426 			 * See the `BT_HCI_OP_` macros in hci_types.h or
427 			 * Core_v5.4, Vol 4, Part E, Section 5.4.1 and Section 7
428 			 * to map the opcode to the HCI command documentation.
429 			 * Example: 0x0c03 represents HCI_Reset command.
430 			 */
431 			__maybe_unused bool success = process_pending_cmd(HCI_CMD_TIMEOUT);
432 
433 			BT_ASSERT_MSG(success, "command opcode 0x%04x timeout", opcode);
434 		} while (buf != cmd);
435 	}
436 
437 	/* Now that we have sent the command, suspend until the LL replies */
438 	err = k_sem_take(&sync_sem, HCI_CMD_TIMEOUT);
439 	BT_ASSERT_MSG(err == 0,
440 		      "Controller unresponsive, command opcode 0x%04x timeout with err %d",
441 		      opcode, err);
442 
443 	status = cmd(buf)->status;
444 	if (status) {
445 		LOG_WRN("opcode 0x%04x status 0x%02x %s", opcode,
446 			status, bt_hci_err_to_str(status));
447 		net_buf_unref(buf);
448 
449 		switch (status) {
450 		case BT_HCI_ERR_CONN_LIMIT_EXCEEDED:
451 			return -ECONNREFUSED;
452 		case BT_HCI_ERR_INSUFFICIENT_RESOURCES:
453 			return -ENOMEM;
454 		case BT_HCI_ERR_INVALID_PARAM:
455 			return -EINVAL;
456 		case BT_HCI_ERR_CMD_DISALLOWED:
457 			return -EACCES;
458 		default:
459 			return -EIO;
460 		}
461 	}
462 
463 	LOG_DBG("rsp %p opcode 0x%04x len %u", buf, opcode, buf->len);
464 
465 	if (rsp) {
466 		*rsp = buf;
467 	} else {
468 		net_buf_unref(buf);
469 	}
470 
471 	return 0;
472 }
473 
bt_hci_le_rand(void * buffer,size_t len)474 int bt_hci_le_rand(void *buffer, size_t len)
475 {
476 	struct bt_hci_rp_le_rand *rp;
477 	struct net_buf *rsp;
478 	size_t count;
479 	int err;
480 
481 	/* Check first that HCI_LE_Rand is supported */
482 	if (!BT_CMD_TEST(bt_dev.supported_commands, 27, 7)) {
483 		return -ENOTSUP;
484 	}
485 
486 	while (len > 0) {
487 		/* Number of bytes to fill on this iteration */
488 		count = MIN(len, sizeof(rp->rand));
489 		/* Request the next 8 bytes over HCI */
490 		err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_RAND, NULL, &rsp);
491 		if (err) {
492 			return err;
493 		}
494 		/* Copy random data into buffer */
495 		rp = (void *)rsp->data;
496 		memcpy(buffer, rp->rand, count);
497 
498 		net_buf_unref(rsp);
499 		buffer = (uint8_t *)buffer + count;
500 		len -= count;
501 	}
502 
503 	return 0;
504 }
505 
bt_hci_le_read_max_data_len(uint16_t * tx_octets,uint16_t * tx_time)506 int bt_hci_le_read_max_data_len(uint16_t *tx_octets, uint16_t *tx_time)
507 {
508 	struct bt_hci_rp_le_read_max_data_len *rp;
509 	struct net_buf *rsp;
510 	int err;
511 
512 	err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_MAX_DATA_LEN, NULL, &rsp);
513 	if (err) {
514 		LOG_ERR("Failed to read DLE max data len");
515 		return err;
516 	}
517 
518 	rp = (void *)rsp->data;
519 	*tx_octets = sys_le16_to_cpu(rp->max_tx_octets);
520 	*tx_time = sys_le16_to_cpu(rp->max_tx_time);
521 	net_buf_unref(rsp);
522 
523 	if (!IN_RANGE(*tx_octets, BT_HCI_LE_MAX_TX_OCTETS_MIN, BT_HCI_LE_MAX_TX_OCTETS_MAX)) {
524 		LOG_WRN("tx_octets exceeds the valid range %u", *tx_octets);
525 	}
526 	if (!IN_RANGE(*tx_time, BT_HCI_LE_MAX_TX_TIME_MIN, BT_HCI_LE_MAX_TX_TIME_MAX)) {
527 		LOG_WRN("tx_time exceeds the valid range %u", *tx_time);
528 	}
529 
530 	return 0;
531 }
532 
bt_get_phy(uint8_t hci_phy)533 uint8_t bt_get_phy(uint8_t hci_phy)
534 {
535 	switch (hci_phy) {
536 	case BT_HCI_LE_PHY_1M:
537 		return BT_GAP_LE_PHY_1M;
538 	case BT_HCI_LE_PHY_2M:
539 		return BT_GAP_LE_PHY_2M;
540 	case BT_HCI_LE_PHY_CODED:
541 		return BT_GAP_LE_PHY_CODED;
542 	default:
543 		return 0;
544 	}
545 }
546 
bt_get_df_cte_type(uint8_t hci_cte_type)547 int bt_get_df_cte_type(uint8_t hci_cte_type)
548 {
549 	switch (hci_cte_type) {
550 	case BT_HCI_LE_AOA_CTE:
551 		return BT_DF_CTE_TYPE_AOA;
552 	case BT_HCI_LE_AOD_CTE_1US:
553 		return BT_DF_CTE_TYPE_AOD_1US;
554 	case BT_HCI_LE_AOD_CTE_2US:
555 		return BT_DF_CTE_TYPE_AOD_2US;
556 	case BT_HCI_LE_NO_CTE:
557 		return BT_DF_CTE_TYPE_NONE;
558 	default:
559 		return BT_DF_CTE_TYPE_NONE;
560 	}
561 }
562 
563 #if defined(CONFIG_BT_CONN_TX)
hci_num_completed_packets(struct net_buf * buf)564 static void hci_num_completed_packets(struct net_buf *buf)
565 {
566 	struct bt_hci_evt_num_completed_packets *evt = (void *)buf->data;
567 	int i;
568 
569 	if (sizeof(*evt) + sizeof(evt->h[0]) * evt->num_handles > buf->len) {
570 		LOG_ERR("evt num_handles (=%u) too large (%zu > %u)",
571 			evt->num_handles,
572 			sizeof(*evt) + sizeof(evt->h[0]) * evt->num_handles,
573 			buf->len);
574 		return;
575 	}
576 
577 	LOG_DBG("num_handles %u", evt->num_handles);
578 
579 	for (i = 0; i < evt->num_handles; i++) {
580 		uint16_t handle, count;
581 		struct bt_conn *conn;
582 
583 		handle = sys_le16_to_cpu(evt->h[i].handle);
584 		count = sys_le16_to_cpu(evt->h[i].count);
585 
586 		LOG_DBG("handle %u count %u", handle, count);
587 
588 		conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
589 		if (!conn) {
590 			LOG_ERR("No connection for handle %u", handle);
591 			continue;
592 		}
593 
594 		while (count--) {
595 			sys_snode_t *node;
596 
597 			k_sem_give(bt_conn_get_pkts(conn));
598 
599 			/* move the next TX context from the `pending` list to
600 			 * the `complete` list.
601 			 */
602 			node = sys_slist_get(&conn->tx_pending);
603 
604 			if (!node) {
605 				LOG_ERR("packets count mismatch");
606 				__ASSERT_NO_MSG(0);
607 				break;
608 			}
609 
610 			sys_slist_append(&conn->tx_complete, node);
611 
612 			/* align the `pending` value */
613 			__ASSERT_NO_MSG(atomic_get(&conn->in_ll));
614 			atomic_dec(&conn->in_ll);
615 
616 			/* TX context free + callback happens in there */
617 			bt_conn_tx_notify(conn, false);
618 		}
619 
620 		bt_conn_unref(conn);
621 	}
622 }
623 #endif /* CONFIG_BT_CONN_TX */
624 
625 #if defined(CONFIG_BT_CONN)
hci_acl(struct net_buf * buf)626 static void hci_acl(struct net_buf *buf)
627 {
628 	struct bt_hci_acl_hdr *hdr;
629 	uint16_t handle, len;
630 	struct bt_conn *conn;
631 	uint8_t flags;
632 
633 	LOG_DBG("buf %p", buf);
634 	if (buf->len < sizeof(*hdr)) {
635 		LOG_ERR("Invalid HCI ACL packet size (%u)", buf->len);
636 		net_buf_unref(buf);
637 		return;
638 	}
639 
640 	hdr = net_buf_pull_mem(buf, sizeof(*hdr));
641 	len = sys_le16_to_cpu(hdr->len);
642 	handle = sys_le16_to_cpu(hdr->handle);
643 	flags = bt_acl_flags(handle);
644 
645 	acl(buf)->handle = bt_acl_handle(handle);
646 	acl(buf)->index = BT_CONN_INDEX_INVALID;
647 
648 	LOG_DBG("handle %u len %u flags %u", acl(buf)->handle, len, flags);
649 
650 	if (buf->len != len) {
651 		LOG_ERR("ACL data length mismatch (%u != %u)", buf->len, len);
652 		net_buf_unref(buf);
653 		return;
654 	}
655 
656 	conn = bt_conn_lookup_handle(acl(buf)->handle, BT_CONN_TYPE_ALL);
657 	if (!conn) {
658 		LOG_ERR("Unable to find conn for handle %u", acl(buf)->handle);
659 		net_buf_unref(buf);
660 		return;
661 	}
662 
663 	acl(buf)->index = bt_conn_index(conn);
664 
665 	bt_conn_recv(conn, buf, flags);
666 	bt_conn_unref(conn);
667 }
668 
hci_data_buf_overflow(struct net_buf * buf)669 static void hci_data_buf_overflow(struct net_buf *buf)
670 {
671 	struct bt_hci_evt_data_buf_overflow *evt = (void *)buf->data;
672 
673 	LOG_WRN("Data buffer overflow (link type 0x%02x)", evt->link_type);
674 }
675 
676 #if defined(CONFIG_BT_CENTRAL)
set_phy_conn_param(const struct bt_conn * conn,struct bt_hci_ext_conn_phy * phy)677 static void set_phy_conn_param(const struct bt_conn *conn,
678 			       struct bt_hci_ext_conn_phy *phy)
679 {
680 	phy->conn_interval_min = sys_cpu_to_le16(conn->le.interval_min);
681 	phy->conn_interval_max = sys_cpu_to_le16(conn->le.interval_max);
682 	phy->conn_latency = sys_cpu_to_le16(conn->le.latency);
683 	phy->supervision_timeout = sys_cpu_to_le16(conn->le.timeout);
684 
685 	phy->min_ce_len = 0;
686 	phy->max_ce_len = 0;
687 }
688 
bt_le_create_conn_ext(const struct bt_conn * conn)689 int bt_le_create_conn_ext(const struct bt_conn *conn)
690 {
691 	struct bt_hci_cp_le_ext_create_conn *cp;
692 	struct bt_hci_ext_conn_phy *phy;
693 	struct bt_hci_cmd_state_set state;
694 	bool use_filter = false;
695 	struct net_buf *buf;
696 	uint8_t own_addr_type;
697 	uint8_t num_phys;
698 	int err;
699 
700 	if (IS_ENABLED(CONFIG_BT_FILTER_ACCEPT_LIST)) {
701 		use_filter = atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT);
702 	}
703 
704 	err = bt_id_set_create_conn_own_addr(use_filter, &own_addr_type);
705 	if (err) {
706 		return err;
707 	}
708 
709 	num_phys = (!(bt_dev.create_param.options &
710 		      BT_CONN_LE_OPT_NO_1M) ? 1 : 0) +
711 		   ((bt_dev.create_param.options &
712 		      BT_CONN_LE_OPT_CODED) ? 1 : 0);
713 
714 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_EXT_CREATE_CONN, sizeof(*cp) +
715 				num_phys * sizeof(*phy));
716 	if (!buf) {
717 		return -ENOBUFS;
718 	}
719 
720 	cp = net_buf_add(buf, sizeof(*cp));
721 	(void)memset(cp, 0, sizeof(*cp));
722 
723 	if (use_filter) {
724 		/* User Initiated procedure use fast scan parameters. */
725 		bt_addr_le_copy(&cp->peer_addr, BT_ADDR_LE_ANY);
726 		cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_FILTER;
727 	} else {
728 		const bt_addr_le_t *peer_addr = &conn->le.dst;
729 
730 #if defined(CONFIG_BT_SMP)
731 		if (bt_dev.le.rl_entries > bt_dev.le.rl_size) {
732 			/* Host resolving is used, use the RPA directly. */
733 			peer_addr = &conn->le.resp_addr;
734 		}
735 #endif
736 		bt_addr_le_copy(&cp->peer_addr, peer_addr);
737 		cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_NO_FILTER;
738 	}
739 
740 	cp->own_addr_type = own_addr_type;
741 	cp->phys = 0;
742 
743 	if (!(bt_dev.create_param.options & BT_CONN_LE_OPT_NO_1M)) {
744 		cp->phys |= BT_HCI_LE_EXT_SCAN_PHY_1M;
745 		phy = net_buf_add(buf, sizeof(*phy));
746 		phy->scan_interval = sys_cpu_to_le16(
747 			bt_dev.create_param.interval);
748 		phy->scan_window = sys_cpu_to_le16(
749 			bt_dev.create_param.window);
750 		set_phy_conn_param(conn, phy);
751 	}
752 
753 	if (bt_dev.create_param.options & BT_CONN_LE_OPT_CODED) {
754 		cp->phys |= BT_HCI_LE_EXT_SCAN_PHY_CODED;
755 		phy = net_buf_add(buf, sizeof(*phy));
756 		phy->scan_interval = sys_cpu_to_le16(
757 			bt_dev.create_param.interval_coded);
758 		phy->scan_window = sys_cpu_to_le16(
759 			bt_dev.create_param.window_coded);
760 		set_phy_conn_param(conn, phy);
761 	}
762 
763 	bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags,
764 				  BT_DEV_INITIATING, true);
765 
766 	return bt_hci_cmd_send_sync(BT_HCI_OP_LE_EXT_CREATE_CONN, buf, NULL);
767 }
768 
bt_le_create_conn_synced(const struct bt_conn * conn,const struct bt_le_ext_adv * adv,uint8_t subevent)769 int bt_le_create_conn_synced(const struct bt_conn *conn, const struct bt_le_ext_adv *adv,
770 			     uint8_t subevent)
771 {
772 	struct bt_hci_cp_le_ext_create_conn_v2 *cp;
773 	struct bt_hci_ext_conn_phy *phy;
774 	struct bt_hci_cmd_state_set state;
775 	struct net_buf *buf;
776 	uint8_t own_addr_type;
777 	int err;
778 
779 	err = bt_id_set_create_conn_own_addr(false, &own_addr_type);
780 	if (err) {
781 		return err;
782 	}
783 
784 	/* There shall only be one Initiating_PHYs */
785 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_EXT_CREATE_CONN_V2, sizeof(*cp) + sizeof(*phy));
786 	if (!buf) {
787 		return -ENOBUFS;
788 	}
789 
790 	cp = net_buf_add(buf, sizeof(*cp));
791 	(void)memset(cp, 0, sizeof(*cp));
792 
793 	cp->subevent = subevent;
794 	cp->adv_handle = adv->handle;
795 	bt_addr_le_copy(&cp->peer_addr, &conn->le.dst);
796 	cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_NO_FILTER;
797 	cp->own_addr_type = own_addr_type;
798 
799 	/* The Initiating_PHY is the secondary phy of the corresponding ext adv set */
800 	if (adv->options & BT_LE_ADV_OPT_CODED) {
801 		cp->phys = BT_HCI_LE_EXT_SCAN_PHY_CODED;
802 	} else if (adv->options & BT_LE_ADV_OPT_NO_2M) {
803 		cp->phys = BT_HCI_LE_EXT_SCAN_PHY_1M;
804 	} else {
805 		cp->phys = BT_HCI_LE_EXT_SCAN_PHY_2M;
806 	}
807 
808 	phy = net_buf_add(buf, sizeof(*phy));
809 	(void)memset(phy, 0, sizeof(*phy));
810 	set_phy_conn_param(conn, phy);
811 
812 	bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags, BT_DEV_INITIATING, true);
813 
814 	return bt_hci_cmd_send_sync(BT_HCI_OP_LE_EXT_CREATE_CONN_V2, buf, NULL);
815 }
816 
bt_le_create_conn_legacy(const struct bt_conn * conn)817 static int bt_le_create_conn_legacy(const struct bt_conn *conn)
818 {
819 	struct bt_hci_cp_le_create_conn *cp;
820 	struct bt_hci_cmd_state_set state;
821 	bool use_filter = false;
822 	struct net_buf *buf;
823 	uint8_t own_addr_type;
824 	int err;
825 
826 	if (IS_ENABLED(CONFIG_BT_FILTER_ACCEPT_LIST)) {
827 		use_filter = atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT);
828 	}
829 
830 	err = bt_id_set_create_conn_own_addr(use_filter, &own_addr_type);
831 	if (err) {
832 		return err;
833 	}
834 
835 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_CREATE_CONN, sizeof(*cp));
836 	if (!buf) {
837 		return -ENOBUFS;
838 	}
839 
840 	cp = net_buf_add(buf, sizeof(*cp));
841 	memset(cp, 0, sizeof(*cp));
842 	cp->own_addr_type = own_addr_type;
843 
844 	if (use_filter) {
845 		/* User Initiated procedure use fast scan parameters. */
846 		bt_addr_le_copy(&cp->peer_addr, BT_ADDR_LE_ANY);
847 		cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_FILTER;
848 	} else {
849 		const bt_addr_le_t *peer_addr = &conn->le.dst;
850 
851 #if defined(CONFIG_BT_SMP)
852 		if (bt_dev.le.rl_entries > bt_dev.le.rl_size) {
853 			/* Host resolving is used, use the RPA directly. */
854 			peer_addr = &conn->le.resp_addr;
855 		}
856 #endif
857 		bt_addr_le_copy(&cp->peer_addr, peer_addr);
858 		cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_NO_FILTER;
859 	}
860 
861 	cp->scan_interval = sys_cpu_to_le16(bt_dev.create_param.interval);
862 	cp->scan_window = sys_cpu_to_le16(bt_dev.create_param.window);
863 
864 	cp->conn_interval_min = sys_cpu_to_le16(conn->le.interval_min);
865 	cp->conn_interval_max = sys_cpu_to_le16(conn->le.interval_max);
866 	cp->conn_latency = sys_cpu_to_le16(conn->le.latency);
867 	cp->supervision_timeout = sys_cpu_to_le16(conn->le.timeout);
868 
869 	bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags,
870 				  BT_DEV_INITIATING, true);
871 
872 	return bt_hci_cmd_send_sync(BT_HCI_OP_LE_CREATE_CONN, buf, NULL);
873 }
874 
bt_le_create_conn(const struct bt_conn * conn)875 int bt_le_create_conn(const struct bt_conn *conn)
876 {
877 	if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
878 	    BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
879 		return bt_le_create_conn_ext(conn);
880 	}
881 
882 	return bt_le_create_conn_legacy(conn);
883 }
884 
bt_le_create_conn_cancel(void)885 int bt_le_create_conn_cancel(void)
886 {
887 	struct net_buf *buf;
888 	struct bt_hci_cmd_state_set state;
889 
890 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_CREATE_CONN_CANCEL, 0);
891 	if (!buf) {
892 		return -ENOBUFS;
893 	}
894 
895 	bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags,
896 				  BT_DEV_INITIATING, false);
897 
898 	return bt_hci_cmd_send_sync(BT_HCI_OP_LE_CREATE_CONN_CANCEL, buf, NULL);
899 }
900 #endif /* CONFIG_BT_CENTRAL */
901 
bt_hci_disconnect(uint16_t handle,uint8_t reason)902 int bt_hci_disconnect(uint16_t handle, uint8_t reason)
903 {
904 	struct net_buf *buf;
905 	struct bt_hci_cp_disconnect *disconn;
906 
907 	buf = bt_hci_cmd_create(BT_HCI_OP_DISCONNECT, sizeof(*disconn));
908 	if (!buf) {
909 		return -ENOBUFS;
910 	}
911 
912 	disconn = net_buf_add(buf, sizeof(*disconn));
913 	disconn->handle = sys_cpu_to_le16(handle);
914 	disconn->reason = reason;
915 
916 	return bt_hci_cmd_send_sync(BT_HCI_OP_DISCONNECT, buf, NULL);
917 }
918 
919 static uint16_t disconnected_handles[CONFIG_BT_MAX_CONN];
920 static uint8_t disconnected_handles_reason[CONFIG_BT_MAX_CONN];
921 
disconnected_handles_reset(void)922 static void disconnected_handles_reset(void)
923 {
924 	(void)memset(disconnected_handles, 0, sizeof(disconnected_handles));
925 }
926 
conn_handle_disconnected(uint16_t handle,uint8_t disconnect_reason)927 static void conn_handle_disconnected(uint16_t handle, uint8_t disconnect_reason)
928 {
929 	for (int i = 0; i < ARRAY_SIZE(disconnected_handles); i++) {
930 		if (!disconnected_handles[i]) {
931 			/* Use invalid connection handle bits so that connection
932 			 * handle 0 can be used as a valid non-zero handle.
933 			 */
934 			disconnected_handles[i] = ~BT_ACL_HANDLE_MASK | handle;
935 			disconnected_handles_reason[i] = disconnect_reason;
936 
937 			return;
938 		}
939 	}
940 }
941 
942 /** @returns the disconnect reason. */
conn_handle_is_disconnected(uint16_t handle)943 static uint8_t conn_handle_is_disconnected(uint16_t handle)
944 {
945 	handle |= ~BT_ACL_HANDLE_MASK;
946 
947 	for (int i = 0; i < ARRAY_SIZE(disconnected_handles); i++) {
948 		if (disconnected_handles[i] == handle) {
949 			disconnected_handles[i] = 0;
950 			return disconnected_handles_reason[i];
951 		}
952 	}
953 
954 	return 0;
955 }
956 
hci_disconn_complete_prio(struct net_buf * buf)957 static void hci_disconn_complete_prio(struct net_buf *buf)
958 {
959 	struct bt_hci_evt_disconn_complete *evt = (void *)buf->data;
960 	uint16_t handle = sys_le16_to_cpu(evt->handle);
961 	struct bt_conn *conn;
962 
963 	LOG_DBG("status 0x%02x %s handle %u reason 0x%02x",
964 		evt->status, bt_hci_err_to_str(evt->status), handle, evt->reason);
965 
966 	if (evt->status) {
967 		return;
968 	}
969 
970 	conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
971 	if (!conn) {
972 		/* Priority disconnect complete event received before normal
973 		 * connection complete event.
974 		 */
975 		conn_handle_disconnected(handle, evt->reason);
976 		return;
977 	}
978 
979 	conn->err = evt->reason;
980 
981 	bt_conn_set_state(conn, BT_CONN_DISCONNECT_COMPLETE);
982 	bt_conn_unref(conn);
983 }
984 
hci_disconn_complete(struct net_buf * buf)985 static void hci_disconn_complete(struct net_buf *buf)
986 {
987 	struct bt_hci_evt_disconn_complete *evt = (void *)buf->data;
988 	uint16_t handle = sys_le16_to_cpu(evt->handle);
989 	struct bt_conn *conn;
990 
991 	LOG_DBG("status 0x%02x %s handle %u reason 0x%02x",
992 		evt->status, bt_hci_err_to_str(evt->status), handle, evt->reason);
993 
994 	if (evt->status) {
995 		return;
996 	}
997 
998 	conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
999 	if (!conn) {
1000 		LOG_ERR("Unable to look up conn with handle %u", handle);
1001 		return;
1002 	}
1003 
1004 	bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
1005 
1006 	if (conn->type != BT_CONN_TYPE_LE) {
1007 #if defined(CONFIG_BT_CLASSIC)
1008 		if (conn->type == BT_CONN_TYPE_SCO) {
1009 			bt_sco_cleanup(conn);
1010 			return;
1011 		}
1012 		/*
1013 		 * If only for one connection session bond was set, clear keys
1014 		 * database row for this connection.
1015 		 */
1016 		if (conn->type == BT_CONN_TYPE_BR &&
1017 		    atomic_test_and_clear_bit(conn->flags, BT_CONN_BR_NOBOND)) {
1018 			bt_keys_link_key_clear(conn->br.link_key);
1019 		}
1020 #endif
1021 		bt_conn_unref(conn);
1022 		return;
1023 	}
1024 
1025 #if defined(CONFIG_BT_CENTRAL) && !defined(CONFIG_BT_FILTER_ACCEPT_LIST)
1026 	if (atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT)) {
1027 		bt_conn_set_state(conn, BT_CONN_SCAN_BEFORE_INITIATING);
1028 		/* Just a best-effort check if the scanner should be started. */
1029 		int err = bt_le_scan_user_remove(BT_LE_SCAN_USER_NONE);
1030 
1031 		if (err) {
1032 			LOG_WRN("Error while updating the scanner (%d)", err);
1033 		}
1034 	}
1035 #endif /* defined(CONFIG_BT_CENTRAL) && !defined(CONFIG_BT_FILTER_ACCEPT_LIST) */
1036 
1037 	bt_conn_unref(conn);
1038 }
1039 
bt_hci_le_read_remote_features(struct bt_conn * conn)1040 int bt_hci_le_read_remote_features(struct bt_conn *conn)
1041 {
1042 	struct bt_hci_cp_le_read_remote_features *cp;
1043 	struct net_buf *buf;
1044 
1045 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_READ_REMOTE_FEATURES,
1046 				sizeof(*cp));
1047 	if (!buf) {
1048 		return -ENOBUFS;
1049 	}
1050 
1051 	cp = net_buf_add(buf, sizeof(*cp));
1052 	cp->handle = sys_cpu_to_le16(conn->handle);
1053 	/* Results in BT_HCI_EVT_LE_REMOTE_FEAT_COMPLETE */
1054 	return bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_REMOTE_FEATURES, buf, NULL);
1055 }
1056 
bt_hci_read_remote_version(struct bt_conn * conn)1057 int bt_hci_read_remote_version(struct bt_conn *conn)
1058 {
1059 	struct bt_hci_cp_read_remote_version_info *cp;
1060 	struct net_buf *buf;
1061 
1062 	if (conn->state != BT_CONN_CONNECTED) {
1063 		return -ENOTCONN;
1064 	}
1065 
1066 	/* Remote version cannot change. */
1067 	if (atomic_test_bit(conn->flags, BT_CONN_AUTO_VERSION_INFO)) {
1068 		return 0;
1069 	}
1070 
1071 	buf = bt_hci_cmd_create(BT_HCI_OP_READ_REMOTE_VERSION_INFO,
1072 				sizeof(*cp));
1073 	if (!buf) {
1074 		return -ENOBUFS;
1075 	}
1076 
1077 	cp = net_buf_add(buf, sizeof(*cp));
1078 	cp->handle = sys_cpu_to_le16(conn->handle);
1079 
1080 	return bt_hci_cmd_send_sync(BT_HCI_OP_READ_REMOTE_VERSION_INFO, buf,
1081 				    NULL);
1082 }
1083 
1084 /* LE Data Length Change Event is optional so this function just ignore
1085  * error and stack will continue to use default values.
1086  */
bt_le_set_data_len(struct bt_conn * conn,uint16_t tx_octets,uint16_t tx_time)1087 int bt_le_set_data_len(struct bt_conn *conn, uint16_t tx_octets, uint16_t tx_time)
1088 {
1089 	struct bt_hci_cp_le_set_data_len *cp;
1090 	struct net_buf *buf;
1091 
1092 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_DATA_LEN, sizeof(*cp));
1093 	if (!buf) {
1094 		return -ENOBUFS;
1095 	}
1096 
1097 	cp = net_buf_add(buf, sizeof(*cp));
1098 	cp->handle = sys_cpu_to_le16(conn->handle);
1099 	cp->tx_octets = sys_cpu_to_le16(tx_octets);
1100 	cp->tx_time = sys_cpu_to_le16(tx_time);
1101 
1102 	return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_DATA_LEN, buf, NULL);
1103 }
1104 
1105 #if defined(CONFIG_BT_USER_PHY_UPDATE)
hci_le_read_phy(struct bt_conn * conn)1106 static int hci_le_read_phy(struct bt_conn *conn)
1107 {
1108 	struct bt_hci_cp_le_read_phy *cp;
1109 	struct bt_hci_rp_le_read_phy *rp;
1110 	struct net_buf *buf, *rsp;
1111 	int err;
1112 
1113 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_READ_PHY, sizeof(*cp));
1114 	if (!buf) {
1115 		return -ENOBUFS;
1116 	}
1117 
1118 	cp = net_buf_add(buf, sizeof(*cp));
1119 	cp->handle = sys_cpu_to_le16(conn->handle);
1120 
1121 	err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_PHY, buf, &rsp);
1122 	if (err) {
1123 		return err;
1124 	}
1125 
1126 	rp = (void *)rsp->data;
1127 	conn->le.phy.tx_phy = bt_get_phy(rp->tx_phy);
1128 	conn->le.phy.rx_phy = bt_get_phy(rp->rx_phy);
1129 	net_buf_unref(rsp);
1130 
1131 	return 0;
1132 }
1133 #endif /* defined(CONFIG_BT_USER_PHY_UPDATE) */
1134 
bt_le_set_phy(struct bt_conn * conn,uint8_t all_phys,uint8_t pref_tx_phy,uint8_t pref_rx_phy,uint8_t phy_opts)1135 int bt_le_set_phy(struct bt_conn *conn, uint8_t all_phys,
1136 		  uint8_t pref_tx_phy, uint8_t pref_rx_phy, uint8_t phy_opts)
1137 {
1138 	struct bt_hci_cp_le_set_phy *cp;
1139 	struct net_buf *buf;
1140 
1141 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_PHY, sizeof(*cp));
1142 	if (!buf) {
1143 		return -ENOBUFS;
1144 	}
1145 
1146 	cp = net_buf_add(buf, sizeof(*cp));
1147 	cp->handle = sys_cpu_to_le16(conn->handle);
1148 	cp->all_phys = all_phys;
1149 	cp->tx_phys = pref_tx_phy;
1150 	cp->rx_phys = pref_rx_phy;
1151 	cp->phy_opts = phy_opts;
1152 
1153 	return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_PHY, buf, NULL);
1154 }
1155 
find_pending_connect(uint8_t role,bt_addr_le_t * peer_addr)1156 static struct bt_conn *find_pending_connect(uint8_t role, bt_addr_le_t *peer_addr)
1157 {
1158 	struct bt_conn *conn;
1159 
1160 	/*
1161 	 * Make lookup to check if there's a connection object in
1162 	 * CONNECT or CONNECT_AUTO state associated with passed peer LE address.
1163 	 */
1164 	if (IS_ENABLED(CONFIG_BT_CENTRAL) && role == BT_HCI_ROLE_CENTRAL) {
1165 		conn = bt_conn_lookup_state_le(BT_ID_DEFAULT, peer_addr,
1166 					       BT_CONN_INITIATING);
1167 		if (IS_ENABLED(CONFIG_BT_FILTER_ACCEPT_LIST) && !conn) {
1168 			conn = bt_conn_lookup_state_le(BT_ID_DEFAULT,
1169 						       BT_ADDR_LE_NONE,
1170 						       BT_CONN_INITIATING_FILTER_LIST);
1171 		}
1172 
1173 		return conn;
1174 	}
1175 
1176 	if (IS_ENABLED(CONFIG_BT_PERIPHERAL) && role == BT_HCI_ROLE_PERIPHERAL) {
1177 		conn = bt_conn_lookup_state_le(bt_dev.adv_conn_id, peer_addr,
1178 					       BT_CONN_ADV_DIR_CONNECTABLE);
1179 		if (!conn) {
1180 			conn = bt_conn_lookup_state_le(bt_dev.adv_conn_id,
1181 						       BT_ADDR_LE_NONE,
1182 						       BT_CONN_ADV_CONNECTABLE);
1183 		}
1184 
1185 		return conn;
1186 	}
1187 
1188 	return NULL;
1189 }
1190 
le_conn_complete_cancel(uint8_t err)1191 static void le_conn_complete_cancel(uint8_t err)
1192 {
1193 	int ret;
1194 	struct bt_conn *conn;
1195 
1196 	/* Handle create connection cancel.
1197 	 *
1198 	 * There is no need to check ID address as only one
1199 	 * connection in central role can be in pending state.
1200 	 */
1201 	conn = find_pending_connect(BT_HCI_ROLE_CENTRAL, NULL);
1202 	if (!conn) {
1203 		LOG_ERR("No pending central connection");
1204 		return;
1205 	}
1206 
1207 	if (atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT)) {
1208 		if (!IS_ENABLED(CONFIG_BT_FILTER_ACCEPT_LIST)) {
1209 			/* Restart passive scanner for device */
1210 			bt_conn_set_state(conn, BT_CONN_SCAN_BEFORE_INITIATING);
1211 		} else {
1212 			/* Restart FAL initiator after RPA timeout. */
1213 			ret = bt_le_create_conn(conn);
1214 			if (ret) {
1215 				LOG_ERR("Failed to restart initiator");
1216 			}
1217 		}
1218 	} else {
1219 		int busy_status = k_work_delayable_busy_get(&conn->deferred_work);
1220 
1221 		if (!(busy_status & (K_WORK_QUEUED | K_WORK_DELAYED))) {
1222 			LOG_WRN("Connection creation timeout triggered");
1223 			conn->err = err;
1224 			bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
1225 		} else {
1226 			/* Restart initiator after RPA timeout. */
1227 			ret = bt_le_create_conn(conn);
1228 			if (ret) {
1229 				LOG_ERR("Failed to restart initiator");
1230 			}
1231 		}
1232 	}
1233 
1234 	bt_conn_unref(conn);
1235 }
1236 
le_conn_complete_adv_timeout(void)1237 static void le_conn_complete_adv_timeout(void)
1238 {
1239 	if (!(IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1240 	      BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
1241 		struct bt_le_ext_adv *adv = bt_le_adv_lookup_legacy();
1242 		struct bt_conn *conn;
1243 
1244 		/* Handle advertising timeout after high duty cycle directed
1245 		 * advertising.
1246 		 */
1247 
1248 		atomic_clear_bit(adv->flags, BT_ADV_ENABLED);
1249 
1250 		if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1251 		    !BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
1252 			/* No advertising set terminated event, must be a
1253 			 * legacy advertiser set.
1254 			 */
1255 			bt_le_adv_delete_legacy();
1256 		}
1257 
1258 		/* There is no need to check ID address as only one
1259 		 * connection in peripheral role can be in pending state.
1260 		 */
1261 		conn = find_pending_connect(BT_HCI_ROLE_PERIPHERAL, NULL);
1262 		if (!conn) {
1263 			LOG_ERR("No pending peripheral connection");
1264 			return;
1265 		}
1266 
1267 		conn->err = BT_HCI_ERR_ADV_TIMEOUT;
1268 		bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
1269 
1270 		bt_conn_unref(conn);
1271 	}
1272 }
1273 
enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete * evt)1274 static void enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete *evt)
1275 {
1276 #if defined(CONFIG_BT_CONN) && (CONFIG_BT_EXT_ADV_MAX_ADV_SET > 1)
1277 	if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
1278 		evt->role == BT_HCI_ROLE_PERIPHERAL &&
1279 		evt->status == BT_HCI_ERR_SUCCESS &&
1280 		(IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1281 				BT_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
1282 
1283 		/* Cache the connection complete event. Process it later.
1284 		 * See bt_dev.cached_conn_complete.
1285 		 */
1286 		for (int i = 0; i < ARRAY_SIZE(bt_dev.cached_conn_complete); i++) {
1287 			if (!bt_dev.cached_conn_complete[i].valid) {
1288 				(void)memcpy(&bt_dev.cached_conn_complete[i].evt,
1289 					evt,
1290 					sizeof(struct bt_hci_evt_le_enh_conn_complete));
1291 				bt_dev.cached_conn_complete[i].valid = true;
1292 				return;
1293 			}
1294 		}
1295 
1296 		__ASSERT(false, "No more cache entries available."
1297 				"This should not happen by design");
1298 
1299 		return;
1300 	}
1301 #endif
1302 	bt_hci_le_enh_conn_complete(evt);
1303 }
1304 
translate_addrs(bt_addr_le_t * peer_addr,bt_addr_le_t * id_addr,const struct bt_hci_evt_le_enh_conn_complete * evt,uint8_t id)1305 static void translate_addrs(bt_addr_le_t *peer_addr, bt_addr_le_t *id_addr,
1306 			    const struct bt_hci_evt_le_enh_conn_complete *evt, uint8_t id)
1307 {
1308 	if (bt_addr_le_is_resolved(&evt->peer_addr)) {
1309 		bt_addr_le_copy_resolved(id_addr, &evt->peer_addr);
1310 
1311 		bt_addr_copy(&peer_addr->a, &evt->peer_rpa);
1312 		peer_addr->type = BT_ADDR_LE_RANDOM;
1313 	} else {
1314 		bt_addr_le_copy(id_addr, bt_lookup_id_addr(id, &evt->peer_addr));
1315 		bt_addr_le_copy(peer_addr, &evt->peer_addr);
1316 	}
1317 }
1318 
update_conn(struct bt_conn * conn,const bt_addr_le_t * id_addr,const struct bt_hci_evt_le_enh_conn_complete * evt)1319 static void update_conn(struct bt_conn *conn, const bt_addr_le_t *id_addr,
1320 			const struct bt_hci_evt_le_enh_conn_complete *evt)
1321 {
1322 	conn->handle = sys_le16_to_cpu(evt->handle);
1323 	bt_addr_le_copy(&conn->le.dst, id_addr);
1324 	conn->le.interval = sys_le16_to_cpu(evt->interval);
1325 	conn->le.latency = sys_le16_to_cpu(evt->latency);
1326 	conn->le.timeout = sys_le16_to_cpu(evt->supv_timeout);
1327 	conn->role = evt->role;
1328 	conn->err = 0U;
1329 
1330 #if defined(CONFIG_BT_USER_DATA_LEN_UPDATE)
1331 	conn->le.data_len.tx_max_len = BT_GAP_DATA_LEN_DEFAULT;
1332 	conn->le.data_len.tx_max_time = BT_GAP_DATA_TIME_DEFAULT;
1333 	conn->le.data_len.rx_max_len = BT_GAP_DATA_LEN_DEFAULT;
1334 	conn->le.data_len.rx_max_time = BT_GAP_DATA_TIME_DEFAULT;
1335 #endif
1336 #if defined(CONFIG_BT_SUBRATING)
1337 	conn->le.subrate.factor = 1; /* No subrating. */
1338 	conn->le.subrate.continuation_number = 0;
1339 #endif
1340 }
1341 
bt_hci_le_enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete * evt)1342 void bt_hci_le_enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete *evt)
1343 {
1344 	__ASSERT_NO_MSG(evt->status == BT_HCI_ERR_SUCCESS);
1345 
1346 	uint16_t handle = sys_le16_to_cpu(evt->handle);
1347 	uint8_t disconnect_reason = conn_handle_is_disconnected(handle);
1348 	bt_addr_le_t peer_addr, id_addr;
1349 	struct bt_conn *conn;
1350 	uint8_t id;
1351 
1352 	LOG_DBG("status 0x%02x %s handle %u role %u peer %s peer RPA %s",
1353 		evt->status, bt_hci_err_to_str(evt->status), handle,
1354 		evt->role, bt_addr_le_str(&evt->peer_addr), bt_addr_str(&evt->peer_rpa));
1355 	LOG_DBG("local RPA %s", bt_addr_str(&evt->local_rpa));
1356 
1357 #if defined(CONFIG_BT_SMP)
1358 	bt_id_pending_keys_update();
1359 #endif
1360 
1361 	id = evt->role == BT_HCI_ROLE_PERIPHERAL ? bt_dev.adv_conn_id : BT_ID_DEFAULT;
1362 	translate_addrs(&peer_addr, &id_addr, evt, id);
1363 
1364 	conn = find_pending_connect(evt->role, &id_addr);
1365 
1366 	if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
1367 	    evt->role == BT_HCI_ROLE_PERIPHERAL &&
1368 	    !(IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1369 	      BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
1370 		struct bt_le_ext_adv *adv = bt_le_adv_lookup_legacy();
1371 		/* Clear advertising even if we are not able to add connection
1372 		 * object to keep host in sync with controller state.
1373 		 */
1374 		atomic_clear_bit(adv->flags, BT_ADV_ENABLED);
1375 		(void)bt_le_lim_adv_cancel_timeout(adv);
1376 	}
1377 
1378 	if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
1379 	    evt->role == BT_HCI_ROLE_CENTRAL) {
1380 		/* Clear initiating even if we are not able to add connection
1381 		 * object to keep the host in sync with controller state.
1382 		 */
1383 		atomic_clear_bit(bt_dev.flags, BT_DEV_INITIATING);
1384 	}
1385 
1386 	if (!conn) {
1387 		LOG_ERR("No pending conn for peer %s", bt_addr_le_str(&evt->peer_addr));
1388 		bt_hci_disconnect(handle, BT_HCI_ERR_REMOTE_USER_TERM_CONN);
1389 		return;
1390 	}
1391 
1392 	update_conn(conn, &id_addr, evt);
1393 
1394 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1395 	conn->le.phy.tx_phy = BT_GAP_LE_PHY_1M;
1396 	conn->le.phy.rx_phy = BT_GAP_LE_PHY_1M;
1397 #endif
1398 	/*
1399 	 * Use connection address (instead of identity address) as initiator
1400 	 * or responder address. Only peripheral needs to be updated. For central all
1401 	 * was set during outgoing connection creation.
1402 	 */
1403 	if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
1404 	    conn->role == BT_HCI_ROLE_PERIPHERAL) {
1405 		bt_addr_le_copy(&conn->le.init_addr, &peer_addr);
1406 
1407 		if (!(IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1408 		      BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
1409 			struct bt_le_ext_adv *adv = bt_le_adv_lookup_legacy();
1410 
1411 			if (IS_ENABLED(CONFIG_BT_PRIVACY) &&
1412 			    !atomic_test_bit(adv->flags, BT_ADV_USE_IDENTITY)) {
1413 				conn->le.resp_addr.type = BT_ADDR_LE_RANDOM;
1414 				if (!bt_addr_eq(&evt->local_rpa, BT_ADDR_ANY)) {
1415 					bt_addr_copy(&conn->le.resp_addr.a,
1416 						     &evt->local_rpa);
1417 				} else {
1418 					bt_addr_copy(&conn->le.resp_addr.a,
1419 						     &bt_dev.random_addr.a);
1420 				}
1421 			} else {
1422 				bt_addr_le_copy(&conn->le.resp_addr,
1423 						&bt_dev.id_addr[conn->id]);
1424 			}
1425 		} else {
1426 			/* Copy the local RPA and handle this in advertising set
1427 			 * terminated event.
1428 			 */
1429 			bt_addr_copy(&conn->le.resp_addr.a, &evt->local_rpa);
1430 		}
1431 
1432 		/* if the controller supports, lets advertise for another
1433 		 * peripheral connection.
1434 		 * check for connectable advertising state is sufficient as
1435 		 * this is how this le connection complete for peripheral occurred.
1436 		 */
1437 		if (BT_LE_STATES_PER_CONN_ADV(bt_dev.le.states)) {
1438 			bt_le_adv_resume();
1439 		}
1440 
1441 		if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1442 		    !BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
1443 			struct bt_le_ext_adv *adv = bt_le_adv_lookup_legacy();
1444 			/* No advertising set terminated event, must be a
1445 			 * legacy advertiser set.
1446 			 */
1447 			if (!atomic_test_bit(adv->flags, BT_ADV_PERSIST)) {
1448 				bt_le_adv_delete_legacy();
1449 			}
1450 		}
1451 	}
1452 
1453 	if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
1454 	    conn->role == BT_HCI_ROLE_CENTRAL) {
1455 		bt_addr_le_copy(&conn->le.resp_addr, &peer_addr);
1456 
1457 		if (IS_ENABLED(CONFIG_BT_PRIVACY)) {
1458 			conn->le.init_addr.type = BT_ADDR_LE_RANDOM;
1459 			if (!bt_addr_eq(&evt->local_rpa, BT_ADDR_ANY)) {
1460 				bt_addr_copy(&conn->le.init_addr.a,
1461 					     &evt->local_rpa);
1462 			} else {
1463 				bt_addr_copy(&conn->le.init_addr.a,
1464 					     &bt_dev.random_addr.a);
1465 			}
1466 		} else {
1467 			bt_addr_le_copy(&conn->le.init_addr,
1468 					&bt_dev.id_addr[conn->id]);
1469 		}
1470 	}
1471 
1472 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1473 	if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1474 	    BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
1475 		int err;
1476 
1477 		err = hci_le_read_phy(conn);
1478 		if (err) {
1479 			LOG_WRN("Failed to read PHY (%d)", err);
1480 		}
1481 	}
1482 #endif /* defined(CONFIG_BT_USER_PHY_UPDATE) */
1483 
1484 	bt_conn_set_state(conn, BT_CONN_CONNECTED);
1485 
1486 	if (disconnect_reason) {
1487 		/* Mark the connection as already disconnected before calling
1488 		 * the connected callback, so that the application cannot
1489 		 * start sending packets
1490 		 */
1491 		conn->err = disconnect_reason;
1492 		bt_conn_set_state(conn, BT_CONN_DISCONNECT_COMPLETE);
1493 	}
1494 
1495 	bt_conn_connected(conn);
1496 	bt_conn_unref(conn);
1497 
1498 	if (IS_ENABLED(CONFIG_BT_CENTRAL) && conn->role == BT_HCI_ROLE_CENTRAL) {
1499 		int err;
1500 
1501 		/* Just a best-effort check if the scanner should be started. */
1502 		err = bt_le_scan_user_remove(BT_LE_SCAN_USER_NONE);
1503 		if (err) {
1504 			LOG_WRN("Error while updating the scanner (%d)", err);
1505 		}
1506 	}
1507 }
1508 
1509 #if defined(CONFIG_BT_PER_ADV_SYNC_RSP)
bt_hci_le_enh_conn_complete_sync(struct bt_hci_evt_le_enh_conn_complete_v2 * evt,struct bt_le_per_adv_sync * sync)1510 void bt_hci_le_enh_conn_complete_sync(struct bt_hci_evt_le_enh_conn_complete_v2 *evt,
1511 				      struct bt_le_per_adv_sync *sync)
1512 {
1513 	__ASSERT_NO_MSG(evt->status == BT_HCI_ERR_SUCCESS);
1514 
1515 	uint16_t handle = sys_le16_to_cpu(evt->handle);
1516 	uint8_t disconnect_reason = conn_handle_is_disconnected(handle);
1517 	bt_addr_le_t peer_addr, id_addr;
1518 	struct bt_conn *conn;
1519 
1520 	if (!sync->num_subevents) {
1521 		LOG_ERR("Unexpected connection complete event");
1522 
1523 		return;
1524 	}
1525 
1526 	conn = bt_conn_add_le(BT_ID_DEFAULT, BT_ADDR_LE_ANY);
1527 	if (!conn) {
1528 		LOG_ERR("Unable to allocate connection");
1529 		/* Tell the controller to disconnect to keep it in sync with
1530 		 * the host state and avoid a "rogue" connection.
1531 		 */
1532 		bt_hci_disconnect(handle, BT_HCI_ERR_REMOTE_USER_TERM_CONN);
1533 
1534 		return;
1535 	}
1536 
1537 	LOG_DBG("status 0x%02x %s handle %u role %u peer %s peer RPA %s",
1538 		evt->status, bt_hci_err_to_str(evt->status), handle,
1539 		evt->role, bt_addr_le_str(&evt->peer_addr), bt_addr_str(&evt->peer_rpa));
1540 	LOG_DBG("local RPA %s", bt_addr_str(&evt->local_rpa));
1541 
1542 	if (evt->role != BT_HCI_ROLE_PERIPHERAL) {
1543 		LOG_ERR("PAwR sync always becomes peripheral");
1544 
1545 		return;
1546 	}
1547 
1548 #if defined(CONFIG_BT_SMP)
1549 	bt_id_pending_keys_update();
1550 #endif
1551 
1552 	translate_addrs(&peer_addr, &id_addr, (const struct bt_hci_evt_le_enh_conn_complete *)evt,
1553 			BT_ID_DEFAULT);
1554 	update_conn(conn, &id_addr, (const struct bt_hci_evt_le_enh_conn_complete *)evt);
1555 
1556 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1557 	/* The connection is always initiated on the same phy as the PAwR advertiser */
1558 	conn->le.phy.tx_phy = sync->phy;
1559 	conn->le.phy.rx_phy = sync->phy;
1560 #endif
1561 
1562 	bt_addr_le_copy(&conn->le.init_addr, &peer_addr);
1563 
1564 	if (IS_ENABLED(CONFIG_BT_PRIVACY)) {
1565 		conn->le.resp_addr.type = BT_ADDR_LE_RANDOM;
1566 		bt_addr_copy(&conn->le.resp_addr.a, &evt->local_rpa);
1567 	} else {
1568 		bt_addr_le_copy(&conn->le.resp_addr, &bt_dev.id_addr[conn->id]);
1569 	}
1570 
1571 	bt_conn_set_state(conn, BT_CONN_CONNECTED);
1572 
1573 	if (disconnect_reason) {
1574 		/* Mark the connection as already disconnected before calling
1575 		 * the connected callback, so that the application cannot
1576 		 * start sending packets
1577 		 */
1578 		conn->err = disconnect_reason;
1579 		bt_conn_set_state(conn, BT_CONN_DISCONNECT_COMPLETE);
1580 	}
1581 
1582 	bt_conn_connected(conn);
1583 
1584 	/* Since we don't give the application a reference to manage
1585 	 * for peripheral connections, we need to release this reference here.
1586 	 */
1587 	bt_conn_unref(conn);
1588 }
1589 #endif /* CONFIG_BT_PER_ADV_SYNC_RSP */
1590 
enh_conn_complete_error_handle(uint8_t status)1591 static void enh_conn_complete_error_handle(uint8_t status)
1592 {
1593 	if (IS_ENABLED(CONFIG_BT_PERIPHERAL) && status == BT_HCI_ERR_ADV_TIMEOUT) {
1594 		le_conn_complete_adv_timeout();
1595 		return;
1596 	}
1597 
1598 	if (IS_ENABLED(CONFIG_BT_CENTRAL) && status == BT_HCI_ERR_UNKNOWN_CONN_ID) {
1599 		le_conn_complete_cancel(status);
1600 		int err = bt_le_scan_user_remove(BT_LE_SCAN_USER_NONE);
1601 
1602 		if (err) {
1603 			LOG_WRN("Error while updating the scanner (%d)", err);
1604 		}
1605 		return;
1606 	}
1607 
1608 	if (IS_ENABLED(CONFIG_BT_CENTRAL) && IS_ENABLED(CONFIG_BT_PER_ADV_RSP) &&
1609 	    status == BT_HCI_ERR_CONN_FAIL_TO_ESTAB) {
1610 		le_conn_complete_cancel(status);
1611 
1612 		atomic_clear_bit(bt_dev.flags, BT_DEV_INITIATING);
1613 
1614 		return;
1615 	}
1616 
1617 	LOG_WRN("Unexpected status 0x%02x %s", status, bt_hci_err_to_str(status));
1618 }
1619 
le_enh_conn_complete(struct net_buf * buf)1620 static void le_enh_conn_complete(struct net_buf *buf)
1621 {
1622 	struct bt_hci_evt_le_enh_conn_complete *evt =
1623 		(struct bt_hci_evt_le_enh_conn_complete *)buf->data;
1624 
1625 	if (evt->status != BT_HCI_ERR_SUCCESS) {
1626 		enh_conn_complete_error_handle(evt->status);
1627 		return;
1628 	}
1629 
1630 	enh_conn_complete(evt);
1631 }
1632 
1633 #if defined(CONFIG_BT_PER_ADV_RSP) || defined(CONFIG_BT_PER_ADV_SYNC_RSP)
le_enh_conn_complete_v2(struct net_buf * buf)1634 static void le_enh_conn_complete_v2(struct net_buf *buf)
1635 {
1636 	struct bt_hci_evt_le_enh_conn_complete_v2 *evt =
1637 		(struct bt_hci_evt_le_enh_conn_complete_v2 *)buf->data;
1638 
1639 	if (evt->status != BT_HCI_ERR_SUCCESS) {
1640 		enh_conn_complete_error_handle(evt->status);
1641 		return;
1642 	}
1643 
1644 	if (evt->adv_handle == BT_HCI_ADV_HANDLE_INVALID &&
1645 	    evt->sync_handle == BT_HCI_SYNC_HANDLE_INVALID) {
1646 		/* The connection was not created via PAwR, handle the event like v1 */
1647 		enh_conn_complete((struct bt_hci_evt_le_enh_conn_complete *)evt);
1648 	}
1649 #if defined(CONFIG_BT_PER_ADV_RSP)
1650 	else if (evt->adv_handle != BT_HCI_ADV_HANDLE_INVALID &&
1651 		 evt->sync_handle == BT_HCI_SYNC_HANDLE_INVALID) {
1652 		/* The connection was created via PAwR advertiser, it can be handled like v1 */
1653 		enh_conn_complete((struct bt_hci_evt_le_enh_conn_complete *)evt);
1654 	}
1655 #endif /* CONFIG_BT_PER_ADV_RSP */
1656 #if defined(CONFIG_BT_PER_ADV_SYNC_RSP)
1657 	else if (evt->adv_handle == BT_HCI_ADV_HANDLE_INVALID &&
1658 		 evt->sync_handle != BT_HCI_SYNC_HANDLE_INVALID) {
1659 		/* Created via PAwR sync, no adv set terminated event, needs separate handling */
1660 		struct bt_le_per_adv_sync *sync;
1661 
1662 		sync = bt_hci_per_adv_sync_lookup_handle(evt->sync_handle);
1663 		if (!sync) {
1664 			LOG_ERR("Unknown sync handle %d", evt->sync_handle);
1665 
1666 			return;
1667 		}
1668 
1669 		bt_hci_le_enh_conn_complete_sync(evt, sync);
1670 	}
1671 #endif /* CONFIG_BT_PER_ADV_SYNC_RSP */
1672 	else {
1673 		LOG_ERR("Invalid connection complete event");
1674 	}
1675 }
1676 #endif /* CONFIG_BT_PER_ADV_RSP || CONFIG_BT_PER_ADV_SYNC_RSP */
1677 
le_legacy_conn_complete(struct net_buf * buf)1678 static void le_legacy_conn_complete(struct net_buf *buf)
1679 {
1680 	struct bt_hci_evt_le_conn_complete *evt = (void *)buf->data;
1681 	struct bt_hci_evt_le_enh_conn_complete enh;
1682 
1683 	if (evt->status != BT_HCI_ERR_SUCCESS) {
1684 		enh_conn_complete_error_handle(evt->status);
1685 		return;
1686 	}
1687 
1688 	LOG_DBG("status 0x%02x %s role %u %s",
1689 		evt->status, bt_hci_err_to_str(evt->status), evt->role,
1690 		bt_addr_le_str(&evt->peer_addr));
1691 
1692 	enh.status         = evt->status;
1693 	enh.handle         = evt->handle;
1694 	enh.role           = evt->role;
1695 	enh.interval       = evt->interval;
1696 	enh.latency        = evt->latency;
1697 	enh.supv_timeout   = evt->supv_timeout;
1698 	enh.clock_accuracy = evt->clock_accuracy;
1699 
1700 	bt_addr_le_copy(&enh.peer_addr, &evt->peer_addr);
1701 
1702 	if (IS_ENABLED(CONFIG_BT_PRIVACY)) {
1703 		bt_addr_copy(&enh.local_rpa, &bt_dev.random_addr.a);
1704 	} else {
1705 		bt_addr_copy(&enh.local_rpa, BT_ADDR_ANY);
1706 	}
1707 
1708 	bt_addr_copy(&enh.peer_rpa, BT_ADDR_ANY);
1709 
1710 	enh_conn_complete(&enh);
1711 }
1712 
le_remote_feat_complete(struct net_buf * buf)1713 static void le_remote_feat_complete(struct net_buf *buf)
1714 {
1715 	struct bt_hci_evt_le_remote_feat_complete *evt = (void *)buf->data;
1716 	uint16_t handle = sys_le16_to_cpu(evt->handle);
1717 	struct bt_conn *conn;
1718 
1719 	conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1720 	if (!conn) {
1721 		LOG_ERR("Unable to lookup conn for handle %u", handle);
1722 		return;
1723 	}
1724 
1725 	if (!evt->status) {
1726 		memcpy(conn->le.features, evt->features,
1727 		       sizeof(conn->le.features));
1728 	}
1729 
1730 	atomic_set_bit(conn->flags, BT_CONN_LE_FEATURES_EXCHANGED);
1731 
1732 	if (IS_ENABLED(CONFIG_BT_REMOTE_INFO) &&
1733 	    !IS_ENABLED(CONFIG_BT_REMOTE_VERSION)) {
1734 		notify_remote_info(conn);
1735 	}
1736 
1737 	bt_conn_unref(conn);
1738 }
1739 
1740 #if defined(CONFIG_BT_DATA_LEN_UPDATE)
le_data_len_change(struct net_buf * buf)1741 static void le_data_len_change(struct net_buf *buf)
1742 {
1743 	struct bt_hci_evt_le_data_len_change *evt = (void *)buf->data;
1744 	uint16_t handle = sys_le16_to_cpu(evt->handle);
1745 	struct bt_conn *conn;
1746 
1747 	conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1748 	if (!conn) {
1749 		LOG_ERR("Unable to lookup conn for handle %u", handle);
1750 		return;
1751 	}
1752 
1753 #if defined(CONFIG_BT_USER_DATA_LEN_UPDATE)
1754 	uint16_t max_tx_octets = sys_le16_to_cpu(evt->max_tx_octets);
1755 	uint16_t max_rx_octets = sys_le16_to_cpu(evt->max_rx_octets);
1756 	uint16_t max_tx_time = sys_le16_to_cpu(evt->max_tx_time);
1757 	uint16_t max_rx_time = sys_le16_to_cpu(evt->max_rx_time);
1758 
1759 	if (!IN_RANGE(max_tx_octets, BT_HCI_LE_MAX_TX_OCTETS_MIN, BT_HCI_LE_MAX_TX_OCTETS_MAX)) {
1760 		LOG_WRN("max_tx_octets exceeds the valid range %u", max_tx_octets);
1761 	}
1762 	if (!IN_RANGE(max_rx_octets, BT_HCI_LE_MAX_RX_OCTETS_MIN, BT_HCI_LE_MAX_RX_OCTETS_MAX)) {
1763 		LOG_WRN("max_rx_octets exceeds the valid range %u", max_rx_octets);
1764 	}
1765 	if (!IN_RANGE(max_tx_time, BT_HCI_LE_MAX_TX_TIME_MIN, BT_HCI_LE_MAX_TX_TIME_MAX)) {
1766 		LOG_WRN("max_tx_time exceeds the valid range %u", max_tx_time);
1767 	}
1768 	if (!IN_RANGE(max_rx_time, BT_HCI_LE_MAX_RX_TIME_MIN, BT_HCI_LE_MAX_RX_TIME_MAX)) {
1769 		LOG_WRN("max_rx_time exceeds the valid range %u", max_rx_time);
1770 	}
1771 
1772 	LOG_DBG("max. tx: %u (%uus), max. rx: %u (%uus)", max_tx_octets, max_tx_time, max_rx_octets,
1773 		max_rx_time);
1774 
1775 	conn->le.data_len.tx_max_len = max_tx_octets;
1776 	conn->le.data_len.tx_max_time = max_tx_time;
1777 	conn->le.data_len.rx_max_len = max_rx_octets;
1778 	conn->le.data_len.rx_max_time = max_rx_time;
1779 	notify_le_data_len_updated(conn);
1780 #endif
1781 
1782 	bt_conn_unref(conn);
1783 }
1784 #endif /* CONFIG_BT_DATA_LEN_UPDATE */
1785 
1786 #if defined(CONFIG_BT_PHY_UPDATE)
le_phy_update_complete(struct net_buf * buf)1787 static void le_phy_update_complete(struct net_buf *buf)
1788 {
1789 	struct bt_hci_evt_le_phy_update_complete *evt = (void *)buf->data;
1790 	uint16_t handle = sys_le16_to_cpu(evt->handle);
1791 	struct bt_conn *conn;
1792 
1793 	conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1794 	if (!conn) {
1795 		LOG_ERR("Unable to lookup conn for handle %u", handle);
1796 		return;
1797 	}
1798 
1799 	LOG_DBG("PHY updated: status: 0x%02x %s, tx: %u, rx: %u",
1800 		evt->status, bt_hci_err_to_str(evt->status), evt->tx_phy,
1801 		evt->rx_phy);
1802 
1803 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1804 	conn->le.phy.tx_phy = bt_get_phy(evt->tx_phy);
1805 	conn->le.phy.rx_phy = bt_get_phy(evt->rx_phy);
1806 	notify_le_phy_updated(conn);
1807 #endif
1808 
1809 	bt_conn_unref(conn);
1810 }
1811 #endif /* CONFIG_BT_PHY_UPDATE */
1812 
bt_le_conn_params_valid(const struct bt_le_conn_param * param)1813 bool bt_le_conn_params_valid(const struct bt_le_conn_param *param)
1814 {
1815 	if (IS_ENABLED(CONFIG_BT_CONN_PARAM_ANY)) {
1816 		return true;
1817 	}
1818 
1819 	/* All limits according to BT Core spec 5.0 [Vol 2, Part E, 7.8.12] */
1820 
1821 	if (param->interval_min > param->interval_max ||
1822 	    param->interval_min < 6 || param->interval_max > 3200) {
1823 		return false;
1824 	}
1825 
1826 	if (param->latency > 499) {
1827 		return false;
1828 	}
1829 
1830 	if (param->timeout < 10 || param->timeout > 3200 ||
1831 	    ((param->timeout * 4U) <=
1832 	     ((1U + param->latency) * param->interval_max))) {
1833 		return false;
1834 	}
1835 
1836 	return true;
1837 }
1838 
le_conn_param_neg_reply(uint16_t handle,uint8_t reason)1839 static void le_conn_param_neg_reply(uint16_t handle, uint8_t reason)
1840 {
1841 	struct bt_hci_cp_le_conn_param_req_neg_reply *cp;
1842 	struct net_buf *buf;
1843 
1844 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY,
1845 				sizeof(*cp));
1846 	if (!buf) {
1847 		LOG_ERR("Unable to allocate buffer");
1848 		return;
1849 	}
1850 
1851 	cp = net_buf_add(buf, sizeof(*cp));
1852 	cp->handle = sys_cpu_to_le16(handle);
1853 	cp->reason = sys_cpu_to_le16(reason);
1854 
1855 	bt_hci_cmd_send(BT_HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, buf);
1856 }
1857 
le_conn_param_req_reply(uint16_t handle,const struct bt_le_conn_param * param)1858 static int le_conn_param_req_reply(uint16_t handle,
1859 				   const struct bt_le_conn_param *param)
1860 {
1861 	struct bt_hci_cp_le_conn_param_req_reply *cp;
1862 	struct net_buf *buf;
1863 
1864 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(*cp));
1865 	if (!buf) {
1866 		return -ENOBUFS;
1867 	}
1868 
1869 	cp = net_buf_add(buf, sizeof(*cp));
1870 	(void)memset(cp, 0, sizeof(*cp));
1871 
1872 	cp->handle = sys_cpu_to_le16(handle);
1873 	cp->interval_min = sys_cpu_to_le16(param->interval_min);
1874 	cp->interval_max = sys_cpu_to_le16(param->interval_max);
1875 	cp->latency = sys_cpu_to_le16(param->latency);
1876 	cp->timeout = sys_cpu_to_le16(param->timeout);
1877 
1878 	return bt_hci_cmd_send(BT_HCI_OP_LE_CONN_PARAM_REQ_REPLY, buf);
1879 }
1880 
le_conn_param_req(struct net_buf * buf)1881 static void le_conn_param_req(struct net_buf *buf)
1882 {
1883 	struct bt_hci_evt_le_conn_param_req *evt = (void *)buf->data;
1884 	struct bt_le_conn_param param;
1885 	struct bt_conn *conn;
1886 	uint16_t handle;
1887 
1888 	handle = sys_le16_to_cpu(evt->handle);
1889 	param.interval_min = sys_le16_to_cpu(evt->interval_min);
1890 	param.interval_max = sys_le16_to_cpu(evt->interval_max);
1891 	param.latency = sys_le16_to_cpu(evt->latency);
1892 	param.timeout = sys_le16_to_cpu(evt->timeout);
1893 
1894 	conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1895 	if (!conn) {
1896 		LOG_ERR("Unable to lookup conn for handle %u", handle);
1897 		le_conn_param_neg_reply(handle, BT_HCI_ERR_UNKNOWN_CONN_ID);
1898 		return;
1899 	}
1900 
1901 	if (!le_param_req(conn, &param)) {
1902 		le_conn_param_neg_reply(handle, BT_HCI_ERR_INVALID_LL_PARAM);
1903 	} else {
1904 		le_conn_param_req_reply(handle, &param);
1905 	}
1906 
1907 	bt_conn_unref(conn);
1908 }
1909 
le_conn_update_complete(struct net_buf * buf)1910 static void le_conn_update_complete(struct net_buf *buf)
1911 {
1912 	struct bt_hci_evt_le_conn_update_complete *evt = (void *)buf->data;
1913 	struct bt_conn *conn;
1914 	uint16_t handle;
1915 
1916 	handle = sys_le16_to_cpu(evt->handle);
1917 
1918 	LOG_DBG("status 0x%02x %s, handle %u",
1919 		evt->status, bt_hci_err_to_str(evt->status), handle);
1920 
1921 	conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1922 	if (!conn) {
1923 		LOG_ERR("Unable to lookup conn for handle %u", handle);
1924 		return;
1925 	}
1926 
1927 	if (evt->status == BT_HCI_ERR_UNSUPP_REMOTE_FEATURE &&
1928 	    conn->role == BT_HCI_ROLE_PERIPHERAL &&
1929 	    !atomic_test_and_set_bit(conn->flags,
1930 				     BT_CONN_PERIPHERAL_PARAM_L2CAP)) {
1931 		/* CPR not supported, let's try L2CAP CPUP instead */
1932 		struct bt_le_conn_param param;
1933 
1934 		param.interval_min = conn->le.interval_min;
1935 		param.interval_max = conn->le.interval_max;
1936 		param.latency = conn->le.pending_latency;
1937 		param.timeout = conn->le.pending_timeout;
1938 
1939 		bt_l2cap_update_conn_param(conn, &param);
1940 	} else {
1941 		if (!evt->status) {
1942 			conn->le.interval = sys_le16_to_cpu(evt->interval);
1943 			conn->le.latency = sys_le16_to_cpu(evt->latency);
1944 			conn->le.timeout = sys_le16_to_cpu(evt->supv_timeout);
1945 
1946 			if (!IS_ENABLED(CONFIG_BT_CONN_PARAM_ANY)) {
1947 				if (!IN_RANGE(conn->le.interval, BT_HCI_LE_INTERVAL_MIN,
1948 					      BT_HCI_LE_INTERVAL_MAX)) {
1949 					LOG_WRN("interval exceeds the valid range 0x%04x",
1950 						conn->le.interval);
1951 				}
1952 				if (conn->le.latency > BT_HCI_LE_PERIPHERAL_LATENCY_MAX) {
1953 					LOG_WRN("latency exceeds the valid range 0x%04x",
1954 						conn->le.latency);
1955 				}
1956 				if (!IN_RANGE(conn->le.timeout, BT_HCI_LE_SUPERVISON_TIMEOUT_MIN,
1957 					      BT_HCI_LE_SUPERVISON_TIMEOUT_MAX)) {
1958 					LOG_WRN("supv_timeout exceeds the valid range 0x%04x",
1959 						conn->le.timeout);
1960 				}
1961 			}
1962 
1963 #if defined(CONFIG_BT_GAP_AUTO_UPDATE_CONN_PARAMS)
1964 			atomic_clear_bit(conn->flags,
1965 					 BT_CONN_PERIPHERAL_PARAM_AUTO_UPDATE);
1966 		} else if (atomic_test_bit(conn->flags,
1967 					   BT_CONN_PERIPHERAL_PARAM_AUTO_UPDATE) &&
1968 			   evt->status == BT_HCI_ERR_UNSUPP_LL_PARAM_VAL &&
1969 			   conn->le.conn_param_retry_countdown) {
1970 			conn->le.conn_param_retry_countdown--;
1971 			k_work_schedule(&conn->deferred_work,
1972 					K_MSEC(CONFIG_BT_CONN_PARAM_RETRY_TIMEOUT));
1973 		} else {
1974 			atomic_clear_bit(conn->flags,
1975 					 BT_CONN_PERIPHERAL_PARAM_AUTO_UPDATE);
1976 #endif /* CONFIG_BT_GAP_AUTO_UPDATE_CONN_PARAMS */
1977 
1978 		}
1979 
1980 		notify_le_param_updated(conn);
1981 	}
1982 
1983 	bt_conn_unref(conn);
1984 }
1985 
1986 #if defined(CONFIG_BT_HCI_ACL_FLOW_CONTROL)
set_flow_control(void)1987 static int set_flow_control(void)
1988 {
1989 	struct bt_hci_cp_host_buffer_size *hbs;
1990 	struct net_buf *buf;
1991 	int err;
1992 
1993 	/* Check if host flow control is actually supported */
1994 	if (!BT_CMD_TEST(bt_dev.supported_commands, 10, 5)) {
1995 		LOG_WRN("Controller to host flow control not supported");
1996 		return 0;
1997 	}
1998 
1999 	buf = bt_hci_cmd_create(BT_HCI_OP_HOST_BUFFER_SIZE,
2000 				sizeof(*hbs));
2001 	if (!buf) {
2002 		return -ENOBUFS;
2003 	}
2004 
2005 	hbs = net_buf_add(buf, sizeof(*hbs));
2006 	(void)memset(hbs, 0, sizeof(*hbs));
2007 	hbs->acl_mtu = sys_cpu_to_le16(CONFIG_BT_BUF_ACL_RX_SIZE);
2008 	hbs->acl_pkts = sys_cpu_to_le16(BT_BUF_HCI_ACL_RX_COUNT);
2009 
2010 	err = bt_hci_cmd_send_sync(BT_HCI_OP_HOST_BUFFER_SIZE, buf, NULL);
2011 	if (err) {
2012 		return err;
2013 	}
2014 
2015 	buf = bt_hci_cmd_create(BT_HCI_OP_SET_CTL_TO_HOST_FLOW, 1);
2016 	if (!buf) {
2017 		return -ENOBUFS;
2018 	}
2019 
2020 	net_buf_add_u8(buf, BT_HCI_CTL_TO_HOST_FLOW_ENABLE);
2021 	return bt_hci_cmd_send_sync(BT_HCI_OP_SET_CTL_TO_HOST_FLOW, buf, NULL);
2022 }
2023 #endif /* CONFIG_BT_HCI_ACL_FLOW_CONTROL */
2024 
unpair(uint8_t id,const bt_addr_le_t * addr)2025 static void unpair(uint8_t id, const bt_addr_le_t *addr)
2026 {
2027 	struct bt_keys *keys = NULL;
2028 	struct bt_conn *conn = bt_conn_lookup_addr_le(id, addr);
2029 
2030 	if (conn) {
2031 		/* Clear the conn->le.keys pointer since we'll invalidate it,
2032 		 * and don't want any subsequent code (like disconnected
2033 		 * callbacks) accessing it.
2034 		 */
2035 		if (conn->type == BT_CONN_TYPE_LE) {
2036 			keys = conn->le.keys;
2037 			conn->le.keys = NULL;
2038 		}
2039 
2040 		bt_conn_disconnect(conn, BT_HCI_ERR_REMOTE_USER_TERM_CONN);
2041 		bt_conn_unref(conn);
2042 	}
2043 
2044 	if (IS_ENABLED(CONFIG_BT_CLASSIC)) {
2045 		/* LE Public may indicate BR/EDR as well */
2046 		if (addr->type == BT_ADDR_LE_PUBLIC) {
2047 			bt_keys_link_key_clear_addr(&addr->a);
2048 		}
2049 	}
2050 
2051 	if (IS_ENABLED(CONFIG_BT_SMP)) {
2052 		if (!keys) {
2053 			keys = bt_keys_find_addr(id, addr);
2054 		}
2055 
2056 		if (keys) {
2057 			bt_keys_clear(keys);
2058 		}
2059 	}
2060 
2061 	bt_gatt_clear(id, addr);
2062 
2063 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC)
2064 	struct bt_conn_auth_info_cb *listener, *next;
2065 
2066 	SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs, listener,
2067 					  next, node) {
2068 		if (listener->bond_deleted) {
2069 			listener->bond_deleted(id, addr);
2070 		}
2071 	}
2072 #endif /* defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC) */
2073 }
2074 
unpair_remote(const struct bt_bond_info * info,void * data)2075 static void unpair_remote(const struct bt_bond_info *info, void *data)
2076 {
2077 	uint8_t *id = (uint8_t *) data;
2078 
2079 	unpair(*id, &info->addr);
2080 }
2081 
bt_unpair(uint8_t id,const bt_addr_le_t * addr)2082 int bt_unpair(uint8_t id, const bt_addr_le_t *addr)
2083 {
2084 	if (id >= CONFIG_BT_ID_MAX) {
2085 		return -EINVAL;
2086 	}
2087 
2088 	if (IS_ENABLED(CONFIG_BT_SMP)) {
2089 		if (!addr || bt_addr_le_eq(addr, BT_ADDR_LE_ANY)) {
2090 			bt_foreach_bond(id, unpair_remote, &id);
2091 		} else {
2092 			unpair(id, addr);
2093 		}
2094 	} else {
2095 		CHECKIF(addr == NULL) {
2096 			LOG_DBG("addr is NULL");
2097 			return -EINVAL;
2098 		}
2099 
2100 		unpair(id, addr);
2101 	}
2102 
2103 	return 0;
2104 }
2105 
2106 #endif /* CONFIG_BT_CONN */
2107 
2108 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC)
bt_security_err_get(uint8_t hci_err)2109 enum bt_security_err bt_security_err_get(uint8_t hci_err)
2110 {
2111 	switch (hci_err) {
2112 	case BT_HCI_ERR_SUCCESS:
2113 		return BT_SECURITY_ERR_SUCCESS;
2114 	case BT_HCI_ERR_AUTH_FAIL:
2115 		return BT_SECURITY_ERR_AUTH_FAIL;
2116 	case BT_HCI_ERR_PIN_OR_KEY_MISSING:
2117 		return BT_SECURITY_ERR_PIN_OR_KEY_MISSING;
2118 	case BT_HCI_ERR_PAIRING_NOT_SUPPORTED:
2119 		return BT_SECURITY_ERR_PAIR_NOT_SUPPORTED;
2120 	case BT_HCI_ERR_PAIRING_NOT_ALLOWED:
2121 		return BT_SECURITY_ERR_PAIR_NOT_ALLOWED;
2122 	case BT_HCI_ERR_INVALID_PARAM:
2123 		return BT_SECURITY_ERR_INVALID_PARAM;
2124 	default:
2125 		return BT_SECURITY_ERR_UNSPECIFIED;
2126 	}
2127 }
2128 #endif /* defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC) */
2129 
2130 #if defined(CONFIG_BT_SMP)
update_sec_level(struct bt_conn * conn)2131 static bool update_sec_level(struct bt_conn *conn)
2132 {
2133 	if (conn->le.keys && (conn->le.keys->flags & BT_KEYS_AUTHENTICATED)) {
2134 		if (conn->le.keys->flags & BT_KEYS_SC &&
2135 		    conn->le.keys->enc_size == BT_SMP_MAX_ENC_KEY_SIZE) {
2136 			conn->sec_level = BT_SECURITY_L4;
2137 		} else {
2138 			conn->sec_level = BT_SECURITY_L3;
2139 		}
2140 	} else {
2141 		conn->sec_level = BT_SECURITY_L2;
2142 	}
2143 
2144 	return !(conn->required_sec_level > conn->sec_level);
2145 }
2146 #endif /* CONFIG_BT_SMP */
2147 
2148 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC)
hci_encrypt_change(struct net_buf * buf)2149 static void hci_encrypt_change(struct net_buf *buf)
2150 {
2151 	struct bt_hci_evt_encrypt_change *evt = (void *)buf->data;
2152 	uint16_t handle = sys_le16_to_cpu(evt->handle);
2153 	uint8_t status = evt->status;
2154 	struct bt_conn *conn;
2155 
2156 	LOG_DBG("status 0x%02x %s handle %u encrypt 0x%02x",
2157 		evt->status, bt_hci_err_to_str(evt->status), handle, evt->encrypt);
2158 
2159 	conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
2160 	if (!conn) {
2161 		LOG_ERR("Unable to look up conn with handle %u", handle);
2162 		return;
2163 	}
2164 
2165 	if (status) {
2166 		bt_conn_security_changed(conn, status,
2167 					 bt_security_err_get(status));
2168 		bt_conn_unref(conn);
2169 		return;
2170 	}
2171 
2172 	if (conn->encrypt == evt->encrypt) {
2173 		LOG_WRN("No change to encryption state (encrypt 0x%02x)", evt->encrypt);
2174 		bt_conn_unref(conn);
2175 		return;
2176 	}
2177 
2178 	conn->encrypt = evt->encrypt;
2179 
2180 #if defined(CONFIG_BT_SMP)
2181 	if (conn->type == BT_CONN_TYPE_LE) {
2182 		/*
2183 		 * we update keys properties only on successful encryption to
2184 		 * avoid losing valid keys if encryption was not successful.
2185 		 *
2186 		 * Update keys with last pairing info for proper sec level
2187 		 * update. This is done only for LE transport, for BR/EDR keys
2188 		 * are updated on HCI 'Link Key Notification Event'
2189 		 */
2190 		if (conn->encrypt) {
2191 			bt_smp_update_keys(conn);
2192 		}
2193 
2194 		if (!update_sec_level(conn)) {
2195 			status = BT_HCI_ERR_AUTH_FAIL;
2196 		}
2197 	}
2198 #endif /* CONFIG_BT_SMP */
2199 #if defined(CONFIG_BT_CLASSIC)
2200 	if (conn->type == BT_CONN_TYPE_BR) {
2201 		if (!bt_br_update_sec_level(conn)) {
2202 			bt_conn_unref(conn);
2203 			return;
2204 		}
2205 
2206 		if (IS_ENABLED(CONFIG_BT_SMP)) {
2207 			/*
2208 			 * Start SMP over BR/EDR if we are pairing and are
2209 			 * central on the link
2210 			 */
2211 			if (atomic_test_bit(conn->flags, BT_CONN_BR_PAIRED) &&
2212 			    conn->role == BT_CONN_ROLE_CENTRAL) {
2213 				bt_smp_br_send_pairing_req(conn);
2214 			}
2215 		}
2216 	}
2217 #endif /* CONFIG_BT_CLASSIC */
2218 
2219 	bt_conn_security_changed(conn, status, bt_security_err_get(status));
2220 
2221 	if (status) {
2222 		LOG_ERR("Failed to set required security level");
2223 		bt_conn_disconnect(conn, status);
2224 	}
2225 
2226 	bt_conn_unref(conn);
2227 }
2228 
hci_encrypt_key_refresh_complete(struct net_buf * buf)2229 static void hci_encrypt_key_refresh_complete(struct net_buf *buf)
2230 {
2231 	struct bt_hci_evt_encrypt_key_refresh_complete *evt = (void *)buf->data;
2232 	uint8_t status = evt->status;
2233 	struct bt_conn *conn;
2234 	uint16_t handle;
2235 
2236 	handle = sys_le16_to_cpu(evt->handle);
2237 
2238 	LOG_DBG("status 0x%02x %s handle %u",
2239 		evt->status, bt_hci_err_to_str(evt->status), handle);
2240 
2241 	conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
2242 	if (!conn) {
2243 		LOG_ERR("Unable to look up conn with handle %u", handle);
2244 		return;
2245 	}
2246 
2247 	if (status) {
2248 		bt_conn_security_changed(conn, status,
2249 					 bt_security_err_get(status));
2250 		bt_conn_unref(conn);
2251 		return;
2252 	}
2253 
2254 	/*
2255 	 * Update keys with last pairing info for proper sec level update.
2256 	 * This is done only for LE transport. For BR/EDR transport keys are
2257 	 * updated on HCI 'Link Key Notification Event', therefore update here
2258 	 * only security level based on available keys and encryption state.
2259 	 */
2260 #if defined(CONFIG_BT_SMP)
2261 	if (conn->type == BT_CONN_TYPE_LE) {
2262 		bt_smp_update_keys(conn);
2263 
2264 		if (!update_sec_level(conn)) {
2265 			status = BT_HCI_ERR_AUTH_FAIL;
2266 		}
2267 	}
2268 #endif /* CONFIG_BT_SMP */
2269 #if defined(CONFIG_BT_CLASSIC)
2270 	if (conn->type == BT_CONN_TYPE_BR) {
2271 		if (!bt_br_update_sec_level(conn)) {
2272 			bt_conn_unref(conn);
2273 			return;
2274 		}
2275 
2276 		if (IS_ENABLED(CONFIG_BT_SMP)) {
2277 			/*
2278 			 * Start SMP over BR/EDR if we are pairing and are
2279 			 * central on the link
2280 			 */
2281 			if (atomic_test_bit(conn->flags, BT_CONN_BR_PAIRED) &&
2282 			    conn->role == BT_CONN_ROLE_CENTRAL) {
2283 				bt_smp_br_send_pairing_req(conn);
2284 			}
2285 		}
2286 	}
2287 #endif /* CONFIG_BT_CLASSIC */
2288 
2289 	bt_conn_security_changed(conn, status, bt_security_err_get(status));
2290 	if (status) {
2291 		LOG_ERR("Failed to set required security level");
2292 		bt_conn_disconnect(conn, status);
2293 	}
2294 
2295 	bt_conn_unref(conn);
2296 }
2297 #endif /* CONFIG_BT_SMP || CONFIG_BT_CLASSIC */
2298 
2299 #if defined(CONFIG_BT_REMOTE_VERSION)
bt_hci_evt_read_remote_version_complete(struct net_buf * buf)2300 static void bt_hci_evt_read_remote_version_complete(struct net_buf *buf)
2301 {
2302 	struct bt_hci_evt_remote_version_info *evt;
2303 	struct bt_conn *conn;
2304 	uint16_t handle;
2305 
2306 	evt = net_buf_pull_mem(buf, sizeof(*evt));
2307 	handle = sys_le16_to_cpu(evt->handle);
2308 	conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
2309 	if (!conn) {
2310 		LOG_ERR("No connection for handle %u", handle);
2311 		return;
2312 	}
2313 
2314 	if (!evt->status) {
2315 		conn->rv.version = evt->version;
2316 		conn->rv.manufacturer = sys_le16_to_cpu(evt->manufacturer);
2317 		conn->rv.subversion = sys_le16_to_cpu(evt->subversion);
2318 	}
2319 
2320 	atomic_set_bit(conn->flags, BT_CONN_AUTO_VERSION_INFO);
2321 
2322 	if (IS_ENABLED(CONFIG_BT_REMOTE_INFO)) {
2323 		/* Remote features is already present */
2324 		notify_remote_info(conn);
2325 	}
2326 
2327 	bt_conn_unref(conn);
2328 }
2329 #endif /* CONFIG_BT_REMOTE_VERSION */
2330 
hci_hardware_error(struct net_buf * buf)2331 static void hci_hardware_error(struct net_buf *buf)
2332 {
2333 	struct bt_hci_evt_hardware_error *evt;
2334 
2335 	evt = net_buf_pull_mem(buf, sizeof(*evt));
2336 
2337 	LOG_ERR("Hardware error, hardware code: %d", evt->hardware_code);
2338 }
2339 
2340 #if defined(CONFIG_BT_SMP)
le_ltk_neg_reply(uint16_t handle)2341 static void le_ltk_neg_reply(uint16_t handle)
2342 {
2343 	struct bt_hci_cp_le_ltk_req_neg_reply *cp;
2344 	struct net_buf *buf;
2345 
2346 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_LTK_REQ_NEG_REPLY, sizeof(*cp));
2347 	if (!buf) {
2348 		LOG_ERR("Out of command buffers");
2349 
2350 		return;
2351 	}
2352 
2353 	cp = net_buf_add(buf, sizeof(*cp));
2354 	cp->handle = sys_cpu_to_le16(handle);
2355 
2356 	bt_hci_cmd_send(BT_HCI_OP_LE_LTK_REQ_NEG_REPLY, buf);
2357 }
2358 
le_ltk_reply(uint16_t handle,uint8_t * ltk)2359 static void le_ltk_reply(uint16_t handle, uint8_t *ltk)
2360 {
2361 	struct bt_hci_cp_le_ltk_req_reply *cp;
2362 	struct net_buf *buf;
2363 
2364 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_LTK_REQ_REPLY,
2365 				sizeof(*cp));
2366 	if (!buf) {
2367 		LOG_ERR("Out of command buffers");
2368 		return;
2369 	}
2370 
2371 	cp = net_buf_add(buf, sizeof(*cp));
2372 	cp->handle = sys_cpu_to_le16(handle);
2373 	memcpy(cp->ltk, ltk, sizeof(cp->ltk));
2374 
2375 	bt_hci_cmd_send(BT_HCI_OP_LE_LTK_REQ_REPLY, buf);
2376 }
2377 
le_ltk_request(struct net_buf * buf)2378 static void le_ltk_request(struct net_buf *buf)
2379 {
2380 	struct bt_hci_evt_le_ltk_request *evt = (void *)buf->data;
2381 	struct bt_conn *conn;
2382 	uint16_t handle;
2383 	uint8_t ltk[16];
2384 
2385 	handle = sys_le16_to_cpu(evt->handle);
2386 
2387 	LOG_DBG("handle %u", handle);
2388 
2389 	conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
2390 	if (!conn) {
2391 		LOG_ERR("Unable to lookup conn for handle %u", handle);
2392 		return;
2393 	}
2394 
2395 	if (bt_smp_request_ltk(conn, evt->rand, evt->ediv, ltk)) {
2396 		le_ltk_reply(handle, ltk);
2397 	} else {
2398 		le_ltk_neg_reply(handle);
2399 	}
2400 
2401 	bt_conn_unref(conn);
2402 }
2403 #endif /* CONFIG_BT_SMP */
2404 
hci_reset_complete(void)2405 static void hci_reset_complete(void)
2406 {
2407 	atomic_t flags;
2408 
2409 	if (IS_ENABLED(CONFIG_BT_OBSERVER)) {
2410 		bt_scan_reset();
2411 	}
2412 
2413 #if defined(CONFIG_BT_CLASSIC)
2414 	bt_br_discovery_reset();
2415 #endif /* CONFIG_BT_CLASSIC */
2416 
2417 	flags = (atomic_get(bt_dev.flags) & BT_DEV_PERSISTENT_FLAGS);
2418 	atomic_set(bt_dev.flags, flags);
2419 }
2420 
hci_cmd_done(uint16_t opcode,uint8_t status,struct net_buf * evt_buf)2421 static void hci_cmd_done(uint16_t opcode, uint8_t status, struct net_buf *evt_buf)
2422 {
2423 	/* Original command buffer. */
2424 	struct net_buf *buf = NULL;
2425 
2426 	LOG_DBG("opcode 0x%04x status 0x%02x %s buf %p", opcode,
2427 		status, bt_hci_err_to_str(status), evt_buf);
2428 
2429 	/* Unsolicited cmd complete. This does not complete a command.
2430 	 * The controller can send these for effect of the `ncmd` field.
2431 	 */
2432 	if (opcode == 0) {
2433 		goto exit;
2434 	}
2435 
2436 	/* Take the original command buffer reference. */
2437 	buf = atomic_ptr_clear((atomic_ptr_t *)&bt_dev.sent_cmd);
2438 
2439 	if (!buf) {
2440 		LOG_ERR("No command sent for cmd complete 0x%04x", opcode);
2441 		goto exit;
2442 	}
2443 
2444 	if (cmd(buf)->opcode != opcode) {
2445 		LOG_ERR("OpCode 0x%04x completed instead of expected 0x%04x", opcode,
2446 			cmd(buf)->opcode);
2447 		buf = atomic_ptr_set((atomic_ptr_t *)&bt_dev.sent_cmd, buf);
2448 		__ASSERT_NO_MSG(!buf);
2449 		goto exit;
2450 	}
2451 
2452 	/* Response data is to be delivered in the original command
2453 	 * buffer.
2454 	 */
2455 	if (evt_buf != buf) {
2456 		net_buf_reset(buf);
2457 		bt_buf_set_type(buf, BT_BUF_EVT);
2458 		net_buf_reserve(buf, BT_BUF_RESERVE);
2459 		net_buf_add_mem(buf, evt_buf->data, evt_buf->len);
2460 	}
2461 
2462 	if (cmd(buf)->state && !status) {
2463 		struct bt_hci_cmd_state_set *update = cmd(buf)->state;
2464 
2465 		atomic_set_bit_to(update->target, update->bit, update->val);
2466 	}
2467 
2468 	/* If the command was synchronous wake up bt_hci_cmd_send_sync() */
2469 	if (cmd(buf)->sync) {
2470 		LOG_DBG("sync cmd released");
2471 		cmd(buf)->status = status;
2472 		k_sem_give(cmd(buf)->sync);
2473 	}
2474 
2475 exit:
2476 	if (buf) {
2477 		net_buf_unref(buf);
2478 	}
2479 }
2480 
hci_cmd_complete(struct net_buf * buf)2481 static void hci_cmd_complete(struct net_buf *buf)
2482 {
2483 	struct bt_hci_evt_cmd_complete *evt;
2484 	uint8_t status, ncmd;
2485 	uint16_t opcode;
2486 
2487 	evt = net_buf_pull_mem(buf, sizeof(*evt));
2488 	ncmd = evt->ncmd;
2489 	opcode = sys_le16_to_cpu(evt->opcode);
2490 
2491 	LOG_DBG("opcode 0x%04x", opcode);
2492 
2493 	/* All command return parameters have a 1-byte status in the
2494 	 * beginning, so we can safely make this generalization.
2495 	 */
2496 	status = buf->data[0];
2497 
2498 	/* HOST_NUM_COMPLETED_PACKETS should not generate a response under normal operation.
2499 	 * The generation of this command ignores `ncmd_sem`, so should not be given here.
2500 	 */
2501 	if (opcode == BT_HCI_OP_HOST_NUM_COMPLETED_PACKETS) {
2502 		LOG_WRN("Unexpected HOST_NUM_COMPLETED_PACKETS, status 0x%02x %s",
2503 			status, bt_hci_err_to_str(status));
2504 		return;
2505 	}
2506 
2507 	hci_cmd_done(opcode, status, buf);
2508 
2509 	/* Allow next command to be sent */
2510 	if (ncmd) {
2511 		k_sem_give(&bt_dev.ncmd_sem);
2512 		bt_tx_irq_raise();
2513 	}
2514 }
2515 
hci_cmd_status(struct net_buf * buf)2516 static void hci_cmd_status(struct net_buf *buf)
2517 {
2518 	struct bt_hci_evt_cmd_status *evt;
2519 	uint16_t opcode;
2520 	uint8_t ncmd;
2521 
2522 	evt = net_buf_pull_mem(buf, sizeof(*evt));
2523 	opcode = sys_le16_to_cpu(evt->opcode);
2524 	ncmd = evt->ncmd;
2525 
2526 	LOG_DBG("opcode 0x%04x", opcode);
2527 
2528 	hci_cmd_done(opcode, evt->status, buf);
2529 
2530 	/* Allow next command to be sent */
2531 	if (ncmd) {
2532 		k_sem_give(&bt_dev.ncmd_sem);
2533 		bt_tx_irq_raise();
2534 	}
2535 }
2536 
bt_hci_get_conn_handle(const struct bt_conn * conn,uint16_t * conn_handle)2537 int bt_hci_get_conn_handle(const struct bt_conn *conn, uint16_t *conn_handle)
2538 {
2539 	if (conn->state != BT_CONN_CONNECTED) {
2540 		return -ENOTCONN;
2541 	}
2542 
2543 	*conn_handle = conn->handle;
2544 	return 0;
2545 }
2546 
2547 #if defined(CONFIG_BT_EXT_ADV)
bt_hci_get_adv_handle(const struct bt_le_ext_adv * adv,uint8_t * adv_handle)2548 int bt_hci_get_adv_handle(const struct bt_le_ext_adv *adv, uint8_t *adv_handle)
2549 {
2550 	if (!atomic_test_bit(adv->flags, BT_ADV_CREATED)) {
2551 		return -EINVAL;
2552 	}
2553 
2554 	*adv_handle = adv->handle;
2555 	return 0;
2556 }
2557 #endif /* CONFIG_BT_EXT_ADV */
2558 
2559 #if defined(CONFIG_BT_PER_ADV_SYNC)
bt_hci_get_adv_sync_handle(const struct bt_le_per_adv_sync * sync,uint16_t * sync_handle)2560 int bt_hci_get_adv_sync_handle(const struct bt_le_per_adv_sync *sync, uint16_t *sync_handle)
2561 {
2562 	if (!atomic_test_bit(sync->flags, BT_PER_ADV_SYNC_CREATED)) {
2563 		return -EINVAL;
2564 	}
2565 
2566 	*sync_handle = sync->handle;
2567 
2568 	return 0;
2569 }
2570 #endif
2571 
2572 #if defined(CONFIG_BT_HCI_VS_EVT_USER)
bt_hci_register_vnd_evt_cb(bt_hci_vnd_evt_cb_t cb)2573 int bt_hci_register_vnd_evt_cb(bt_hci_vnd_evt_cb_t cb)
2574 {
2575 	hci_vnd_evt_cb = cb;
2576 	return 0;
2577 }
2578 #endif /* CONFIG_BT_HCI_VS_EVT_USER */
2579 
2580 #if defined(CONFIG_BT_TRANSMIT_POWER_CONTROL)
bt_hci_le_transmit_power_report(struct net_buf * buf)2581 void bt_hci_le_transmit_power_report(struct net_buf *buf)
2582 {
2583 	struct bt_hci_evt_le_transmit_power_report *evt;
2584 	struct bt_conn_le_tx_power_report report;
2585 	struct bt_conn *conn;
2586 
2587 	evt = net_buf_pull_mem(buf, sizeof(*evt));
2588 	conn = bt_conn_lookup_handle(sys_le16_to_cpu(evt->handle), BT_CONN_TYPE_LE);
2589 	if (!conn) {
2590 		LOG_ERR("Unknown conn handle 0x%04X for transmit power report",
2591 		       sys_le16_to_cpu(evt->handle));
2592 		return;
2593 	}
2594 
2595 	report.reason = evt->reason;
2596 	report.phy = evt->phy;
2597 	report.tx_power_level = evt->tx_power_level;
2598 	report.tx_power_level_flag = evt->tx_power_level_flag;
2599 	report.delta = evt->delta;
2600 
2601 	notify_tx_power_report(conn, report);
2602 
2603 	bt_conn_unref(conn);
2604 }
2605 #endif /* CONFIG_BT_TRANSMIT_POWER_CONTROL */
2606 
2607 #if defined(CONFIG_BT_PATH_LOSS_MONITORING)
bt_hci_le_path_loss_threshold_event(struct net_buf * buf)2608 void bt_hci_le_path_loss_threshold_event(struct net_buf *buf)
2609 {
2610 	struct bt_hci_evt_le_path_loss_threshold *evt;
2611 	struct bt_conn_le_path_loss_threshold_report report;
2612 	struct bt_conn *conn;
2613 
2614 	evt = net_buf_pull_mem(buf, sizeof(*evt));
2615 
2616 	if (evt->zone_entered > BT_CONN_LE_PATH_LOSS_ZONE_ENTERED_HIGH) {
2617 		LOG_ERR("Invalid zone %u in bt_hci_evt_le_path_loss_threshold",
2618 			evt->zone_entered);
2619 		return;
2620 	}
2621 
2622 	conn = bt_conn_lookup_handle(sys_le16_to_cpu(evt->handle), BT_CONN_TYPE_LE);
2623 	if (!conn) {
2624 		LOG_ERR("Unknown conn handle 0x%04X for path loss threshold report",
2625 		       sys_le16_to_cpu(evt->handle));
2626 		return;
2627 	}
2628 
2629 	if (evt->current_path_loss == BT_HCI_LE_PATH_LOSS_UNAVAILABLE) {
2630 		report.zone = BT_CONN_LE_PATH_LOSS_ZONE_UNAVAILABLE;
2631 		report.path_loss = BT_HCI_LE_PATH_LOSS_UNAVAILABLE;
2632 	} else {
2633 		report.zone = evt->zone_entered;
2634 		report.path_loss = evt->current_path_loss;
2635 	}
2636 
2637 	notify_path_loss_threshold_report(conn, report);
2638 
2639 	bt_conn_unref(conn);
2640 }
2641 #endif /* CONFIG_BT_PATH_LOSS_MONITORING */
2642 
2643 #if defined(CONFIG_BT_SUBRATING)
bt_hci_le_subrate_change_event(struct net_buf * buf)2644 void bt_hci_le_subrate_change_event(struct net_buf *buf)
2645 {
2646 	struct bt_hci_evt_le_subrate_change *evt;
2647 	struct bt_conn_le_subrate_changed params;
2648 	struct bt_conn *conn;
2649 
2650 	evt = net_buf_pull_mem(buf, sizeof(*evt));
2651 
2652 	conn = bt_conn_lookup_handle(sys_le16_to_cpu(evt->handle), BT_CONN_TYPE_LE);
2653 	if (!conn) {
2654 		LOG_ERR("Unknown conn handle 0x%04X for subrating event",
2655 		       sys_le16_to_cpu(evt->handle));
2656 		return;
2657 	}
2658 
2659 	if (evt->status == BT_HCI_ERR_SUCCESS) {
2660 		conn->le.subrate.factor = sys_le16_to_cpu(evt->subrate_factor);
2661 		conn->le.subrate.continuation_number = sys_le16_to_cpu(evt->continuation_number);
2662 		conn->le.latency = sys_le16_to_cpu(evt->peripheral_latency);
2663 		conn->le.timeout = sys_le16_to_cpu(evt->supervision_timeout);
2664 
2665 		if (!IS_ENABLED(CONFIG_BT_CONN_PARAM_ANY)) {
2666 			if (!IN_RANGE(conn->le.subrate.factor, BT_HCI_LE_SUBRATE_FACTOR_MIN,
2667 				      BT_HCI_LE_SUBRATE_FACTOR_MAX)) {
2668 				LOG_WRN("subrate_factor exceeds the valid range %d",
2669 					conn->le.subrate.factor);
2670 			}
2671 			if (conn->le.latency > BT_HCI_LE_PERIPHERAL_LATENCY_MAX) {
2672 				LOG_WRN("peripheral_latency exceeds the valid range 0x%04x",
2673 					conn->le.latency);
2674 			}
2675 			if (conn->le.subrate.continuation_number > BT_HCI_LE_CONTINUATION_NUM_MAX) {
2676 				LOG_WRN("continuation_number exceeds the valid range %d",
2677 					conn->le.subrate.continuation_number);
2678 			}
2679 			if (!IN_RANGE(conn->le.timeout, BT_HCI_LE_SUPERVISON_TIMEOUT_MIN,
2680 				      BT_HCI_LE_SUPERVISON_TIMEOUT_MAX)) {
2681 				LOG_WRN("supervision_timeout exceeds the valid range 0x%04x",
2682 					conn->le.timeout);
2683 			}
2684 		}
2685 	}
2686 
2687 	params.status = evt->status;
2688 	params.factor = conn->le.subrate.factor;
2689 	params.continuation_number = conn->le.subrate.continuation_number;
2690 	params.peripheral_latency = conn->le.latency;
2691 	params.supervision_timeout = conn->le.timeout;
2692 
2693 	notify_subrate_change(conn, params);
2694 
2695 	bt_conn_unref(conn);
2696 }
2697 #endif /* CONFIG_BT_SUBRATING */
2698 
2699 static const struct event_handler vs_events[] = {
2700 #if defined(CONFIG_BT_DF_VS_CL_IQ_REPORT_16_BITS_IQ_SAMPLES)
2701 	EVENT_HANDLER(BT_HCI_EVT_VS_LE_CONNECTIONLESS_IQ_REPORT,
2702 		      bt_hci_le_vs_df_connectionless_iq_report,
2703 		      sizeof(struct bt_hci_evt_vs_le_connectionless_iq_report)),
2704 #endif /* CONFIG_BT_DF_VS_CL_IQ_REPORT_16_BITS_IQ_SAMPLES */
2705 #if defined(CONFIG_BT_DF_VS_CONN_IQ_REPORT_16_BITS_IQ_SAMPLES)
2706 	EVENT_HANDLER(BT_HCI_EVT_VS_LE_CONNECTION_IQ_REPORT, bt_hci_le_vs_df_connection_iq_report,
2707 		      sizeof(struct bt_hci_evt_vs_le_connection_iq_report)),
2708 #endif /* CONFIG_BT_DF_VS_CONN_IQ_REPORT_16_BITS_IQ_SAMPLES */
2709 };
2710 
hci_vendor_event(struct net_buf * buf)2711 static void hci_vendor_event(struct net_buf *buf)
2712 {
2713 	bool handled = false;
2714 
2715 #if defined(CONFIG_BT_HCI_VS_EVT_USER)
2716 	if (hci_vnd_evt_cb) {
2717 		struct net_buf_simple_state state;
2718 
2719 		net_buf_simple_save(&buf->b, &state);
2720 
2721 		handled = hci_vnd_evt_cb(&buf->b);
2722 
2723 		net_buf_simple_restore(&buf->b, &state);
2724 	}
2725 #endif /* CONFIG_BT_HCI_VS_EVT_USER */
2726 
2727 	if (IS_ENABLED(CONFIG_BT_HCI_VS) && !handled) {
2728 		struct bt_hci_evt_vs *evt;
2729 
2730 		evt = net_buf_pull_mem(buf, sizeof(*evt));
2731 
2732 		LOG_DBG("subevent 0x%02x", evt->subevent);
2733 
2734 		handle_vs_event(evt->subevent, buf, vs_events, ARRAY_SIZE(vs_events));
2735 	}
2736 }
2737 
2738 static const struct event_handler meta_events[] = {
2739 #if defined(CONFIG_BT_OBSERVER)
2740 	EVENT_HANDLER(BT_HCI_EVT_LE_ADVERTISING_REPORT, bt_hci_le_adv_report,
2741 		      sizeof(struct bt_hci_evt_le_advertising_report)),
2742 #endif /* CONFIG_BT_OBSERVER */
2743 #if defined(CONFIG_BT_CONN)
2744 	EVENT_HANDLER(BT_HCI_EVT_LE_CONN_COMPLETE, le_legacy_conn_complete,
2745 		      sizeof(struct bt_hci_evt_le_conn_complete)),
2746 	EVENT_HANDLER(BT_HCI_EVT_LE_ENH_CONN_COMPLETE, le_enh_conn_complete,
2747 		      sizeof(struct bt_hci_evt_le_enh_conn_complete)),
2748 	EVENT_HANDLER(BT_HCI_EVT_LE_CONN_UPDATE_COMPLETE,
2749 		      le_conn_update_complete,
2750 		      sizeof(struct bt_hci_evt_le_conn_update_complete)),
2751 	EVENT_HANDLER(BT_HCI_EVT_LE_REMOTE_FEAT_COMPLETE,
2752 		      le_remote_feat_complete,
2753 		      sizeof(struct bt_hci_evt_le_remote_feat_complete)),
2754 	EVENT_HANDLER(BT_HCI_EVT_LE_CONN_PARAM_REQ, le_conn_param_req,
2755 		      sizeof(struct bt_hci_evt_le_conn_param_req)),
2756 #if defined(CONFIG_BT_DATA_LEN_UPDATE)
2757 	EVENT_HANDLER(BT_HCI_EVT_LE_DATA_LEN_CHANGE, le_data_len_change,
2758 		      sizeof(struct bt_hci_evt_le_data_len_change)),
2759 #endif /* CONFIG_BT_DATA_LEN_UPDATE */
2760 #if defined(CONFIG_BT_PHY_UPDATE)
2761 	EVENT_HANDLER(BT_HCI_EVT_LE_PHY_UPDATE_COMPLETE,
2762 		      le_phy_update_complete,
2763 		      sizeof(struct bt_hci_evt_le_phy_update_complete)),
2764 #endif /* CONFIG_BT_PHY_UPDATE */
2765 #endif /* CONFIG_BT_CONN */
2766 #if defined(CONFIG_BT_SMP)
2767 	EVENT_HANDLER(BT_HCI_EVT_LE_LTK_REQUEST, le_ltk_request,
2768 		      sizeof(struct bt_hci_evt_le_ltk_request)),
2769 #endif /* CONFIG_BT_SMP */
2770 #if defined(CONFIG_BT_EXT_ADV)
2771 #if defined(CONFIG_BT_BROADCASTER)
2772 	EVENT_HANDLER(BT_HCI_EVT_LE_ADV_SET_TERMINATED, bt_hci_le_adv_set_terminated,
2773 		      sizeof(struct bt_hci_evt_le_adv_set_terminated)),
2774 	EVENT_HANDLER(BT_HCI_EVT_LE_SCAN_REQ_RECEIVED, bt_hci_le_scan_req_received,
2775 		      sizeof(struct bt_hci_evt_le_scan_req_received)),
2776 #endif
2777 #if defined(CONFIG_BT_OBSERVER)
2778 	EVENT_HANDLER(BT_HCI_EVT_LE_SCAN_TIMEOUT, bt_hci_le_scan_timeout,
2779 		      0),
2780 	EVENT_HANDLER(BT_HCI_EVT_LE_EXT_ADVERTISING_REPORT, bt_hci_le_adv_ext_report,
2781 		      sizeof(struct bt_hci_evt_le_ext_advertising_report)),
2782 #endif /* defined(CONFIG_BT_OBSERVER) */
2783 #if defined(CONFIG_BT_PER_ADV_SYNC)
2784 	EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_SYNC_ESTABLISHED,
2785 		      bt_hci_le_per_adv_sync_established,
2786 		      sizeof(struct bt_hci_evt_le_per_adv_sync_established)),
2787 	EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADVERTISING_REPORT, bt_hci_le_per_adv_report,
2788 		      sizeof(struct bt_hci_evt_le_per_advertising_report)),
2789 	EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_SYNC_LOST, bt_hci_le_per_adv_sync_lost,
2790 		      sizeof(struct bt_hci_evt_le_per_adv_sync_lost)),
2791 #if defined(CONFIG_BT_PER_ADV_SYNC_TRANSFER_RECEIVER)
2792 	EVENT_HANDLER(BT_HCI_EVT_LE_PAST_RECEIVED, bt_hci_le_past_received,
2793 		      sizeof(struct bt_hci_evt_le_past_received)),
2794 #endif /* CONFIG_BT_PER_ADV_SYNC_TRANSFER_RECEIVER */
2795 #endif /* defined(CONFIG_BT_PER_ADV_SYNC) */
2796 #endif /* defined(CONFIG_BT_EXT_ADV) */
2797 #if defined(CONFIG_BT_ISO_UNICAST)
2798 	EVENT_HANDLER(BT_HCI_EVT_LE_CIS_ESTABLISHED, hci_le_cis_established,
2799 		      sizeof(struct bt_hci_evt_le_cis_established)),
2800 	EVENT_HANDLER(BT_HCI_EVT_LE_CIS_ESTABLISHED_V2, hci_le_cis_established_v2,
2801 		      sizeof(struct bt_hci_evt_le_cis_established_v2)),
2802 #if defined(CONFIG_BT_ISO_PERIPHERAL)
2803 	EVENT_HANDLER(BT_HCI_EVT_LE_CIS_REQ, hci_le_cis_req,
2804 		      sizeof(struct bt_hci_evt_le_cis_req)),
2805 #endif /* (CONFIG_BT_ISO_PERIPHERAL) */
2806 #endif /* (CONFIG_BT_ISO_UNICAST) */
2807 #if defined(CONFIG_BT_ISO_BROADCASTER)
2808 	EVENT_HANDLER(BT_HCI_EVT_LE_BIG_COMPLETE,
2809 		      hci_le_big_complete,
2810 		      sizeof(struct bt_hci_evt_le_big_complete)),
2811 	EVENT_HANDLER(BT_HCI_EVT_LE_BIG_TERMINATE,
2812 		      hci_le_big_terminate,
2813 		      sizeof(struct bt_hci_evt_le_big_terminate)),
2814 #endif /* CONFIG_BT_ISO_BROADCASTER */
2815 #if defined(CONFIG_BT_ISO_SYNC_RECEIVER)
2816 	EVENT_HANDLER(BT_HCI_EVT_LE_BIG_SYNC_ESTABLISHED,
2817 		      hci_le_big_sync_established,
2818 		      sizeof(struct bt_hci_evt_le_big_sync_established)),
2819 	EVENT_HANDLER(BT_HCI_EVT_LE_BIG_SYNC_LOST,
2820 		      hci_le_big_sync_lost,
2821 		      sizeof(struct bt_hci_evt_le_big_sync_lost)),
2822 	EVENT_HANDLER(BT_HCI_EVT_LE_BIGINFO_ADV_REPORT,
2823 		      bt_hci_le_biginfo_adv_report,
2824 		      sizeof(struct bt_hci_evt_le_biginfo_adv_report)),
2825 #endif /* CONFIG_BT_ISO_SYNC_RECEIVER */
2826 #if defined(CONFIG_BT_DF_CONNECTIONLESS_CTE_RX)
2827 	EVENT_HANDLER(BT_HCI_EVT_LE_CONNECTIONLESS_IQ_REPORT, bt_hci_le_df_connectionless_iq_report,
2828 		      sizeof(struct bt_hci_evt_le_connectionless_iq_report)),
2829 #endif /* CONFIG_BT_DF_CONNECTIONLESS_CTE_RX */
2830 #if defined(CONFIG_BT_DF_CONNECTION_CTE_RX)
2831 	EVENT_HANDLER(BT_HCI_EVT_LE_CONNECTION_IQ_REPORT, bt_hci_le_df_connection_iq_report,
2832 		      sizeof(struct bt_hci_evt_le_connection_iq_report)),
2833 #endif /* CONFIG_BT_DF_CONNECTION_CTE_RX */
2834 #if defined(CONFIG_BT_DF_CONNECTION_CTE_REQ)
2835 	EVENT_HANDLER(BT_HCI_EVT_LE_CTE_REQUEST_FAILED, bt_hci_le_df_cte_req_failed,
2836 		      sizeof(struct bt_hci_evt_le_cte_req_failed)),
2837 #endif /* CONFIG_BT_DF_CONNECTION_CTE_REQ */
2838 #if defined(CONFIG_BT_TRANSMIT_POWER_CONTROL)
2839 	EVENT_HANDLER(BT_HCI_EVT_LE_TRANSMIT_POWER_REPORT, bt_hci_le_transmit_power_report,
2840 		      sizeof(struct bt_hci_evt_le_transmit_power_report)),
2841 #endif /* CONFIG_BT_TRANSMIT_POWER_CONTROL */
2842 #if defined(CONFIG_BT_PATH_LOSS_MONITORING)
2843 	EVENT_HANDLER(BT_HCI_EVT_LE_PATH_LOSS_THRESHOLD, bt_hci_le_path_loss_threshold_event,
2844 		      sizeof(struct bt_hci_evt_le_path_loss_threshold)),
2845 #endif /* CONFIG_BT_PATH_LOSS_MONITORING */
2846 #if defined(CONFIG_BT_SUBRATING)
2847 	EVENT_HANDLER(BT_HCI_EVT_LE_SUBRATE_CHANGE, bt_hci_le_subrate_change_event,
2848 		      sizeof(struct bt_hci_evt_le_subrate_change)),
2849 #endif /* CONFIG_BT_PATH_LOSS_MONITORING */
2850 #if defined(CONFIG_BT_PER_ADV_SYNC_RSP)
2851 	EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADVERTISING_REPORT_V2, bt_hci_le_per_adv_report_v2,
2852 		      sizeof(struct bt_hci_evt_le_per_advertising_report_v2)),
2853 #if defined(CONFIG_BT_PER_ADV_SYNC_TRANSFER_RECEIVER)
2854 	EVENT_HANDLER(BT_HCI_EVT_LE_PAST_RECEIVED_V2, bt_hci_le_past_received_v2,
2855 		      sizeof(struct bt_hci_evt_le_past_received_v2)),
2856 #endif /* CONFIG_BT_PER_ADV_SYNC_TRANSFER_RECEIVER */
2857 	EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_SYNC_ESTABLISHED_V2,
2858 		      bt_hci_le_per_adv_sync_established_v2,
2859 		      sizeof(struct bt_hci_evt_le_per_adv_sync_established_v2)),
2860 #endif /* CONFIG_BT_PER_ADV_SYNC_RSP */
2861 #if defined(CONFIG_BT_PER_ADV_RSP)
2862 	EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_SUBEVENT_DATA_REQUEST,
2863 		      bt_hci_le_per_adv_subevent_data_request,
2864 		      sizeof(struct bt_hci_evt_le_per_adv_subevent_data_request)),
2865 	EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_RESPONSE_REPORT, bt_hci_le_per_adv_response_report,
2866 		      sizeof(struct bt_hci_evt_le_per_adv_response_report)),
2867 #endif /* CONFIG_BT_PER_ADV_RSP */
2868 #if defined(CONFIG_BT_CONN)
2869 #if defined(CONFIG_BT_PER_ADV_RSP) || defined(CONFIG_BT_PER_ADV_SYNC_RSP)
2870 	EVENT_HANDLER(BT_HCI_EVT_LE_ENH_CONN_COMPLETE_V2, le_enh_conn_complete_v2,
2871 		      sizeof(struct bt_hci_evt_le_enh_conn_complete_v2)),
2872 #endif /* CONFIG_BT_PER_ADV_RSP || CONFIG_BT_PER_ADV_SYNC_RSP */
2873 #endif /* CONFIG_BT_CONN */
2874 #if defined(CONFIG_BT_CHANNEL_SOUNDING)
2875 	EVENT_HANDLER(BT_HCI_EVT_LE_CS_READ_REMOTE_SUPPORTED_CAPABILITIES_COMPLETE,
2876 		      bt_hci_le_cs_read_remote_supported_capabilities_complete,
2877 		      sizeof(struct bt_hci_evt_le_cs_read_remote_supported_capabilities_complete)),
2878 	EVENT_HANDLER(BT_HCI_EVT_LE_CS_READ_REMOTE_FAE_TABLE_COMPLETE,
2879 		      bt_hci_le_cs_read_remote_fae_table_complete,
2880 		      sizeof(struct bt_hci_evt_le_cs_read_remote_fae_table_complete)),
2881 	EVENT_HANDLER(BT_HCI_EVT_LE_CS_CONFIG_COMPLETE, bt_hci_le_cs_config_complete_event,
2882 		      sizeof(struct bt_hci_evt_le_cs_config_complete)),
2883 	EVENT_HANDLER(BT_HCI_EVT_LE_CS_SECURITY_ENABLE_COMPLETE,
2884 			  bt_hci_le_cs_security_enable_complete,
2885 			  sizeof(struct bt_hci_evt_le_cs_security_enable_complete)),
2886 	EVENT_HANDLER(BT_HCI_EVT_LE_CS_PROCEDURE_ENABLE_COMPLETE,
2887 			  bt_hci_le_cs_procedure_enable_complete,
2888 			  sizeof(struct bt_hci_evt_le_cs_procedure_enable_complete)),
2889 	EVENT_HANDLER(BT_HCI_EVT_LE_CS_SUBEVENT_RESULT,
2890 		      bt_hci_le_cs_subevent_result,
2891 		      sizeof(struct bt_hci_evt_le_cs_subevent_result)),
2892 	EVENT_HANDLER(BT_HCI_EVT_LE_CS_SUBEVENT_RESULT_CONTINUE,
2893 		      bt_hci_le_cs_subevent_result_continue,
2894 		      sizeof(struct bt_hci_evt_le_cs_subevent_result_continue)),
2895 #if defined(CONFIG_BT_CHANNEL_SOUNDING_TEST)
2896 	EVENT_HANDLER(BT_HCI_EVT_LE_CS_TEST_END_COMPLETE,
2897 		      bt_hci_le_cs_test_end_complete,
2898 		      sizeof(struct bt_hci_evt_le_cs_test_end_complete)),
2899 #endif /* CONFIG_BT_CHANNEL_SOUNDING_TEST */
2900 #endif /* CONFIG_BT_CHANNEL_SOUNDING */
2901 
2902 };
2903 
hci_le_meta_event(struct net_buf * buf)2904 static void hci_le_meta_event(struct net_buf *buf)
2905 {
2906 	struct bt_hci_evt_le_meta_event *evt;
2907 
2908 	evt = net_buf_pull_mem(buf, sizeof(*evt));
2909 
2910 	LOG_DBG("subevent 0x%02x", evt->subevent);
2911 
2912 	handle_event(evt->subevent, buf, meta_events, ARRAY_SIZE(meta_events));
2913 }
2914 
2915 static const struct event_handler normal_events[] = {
2916 	EVENT_HANDLER(BT_HCI_EVT_VENDOR, hci_vendor_event,
2917 		      sizeof(struct bt_hci_evt_vs)),
2918 	EVENT_HANDLER(BT_HCI_EVT_LE_META_EVENT, hci_le_meta_event,
2919 		      sizeof(struct bt_hci_evt_le_meta_event)),
2920 #if defined(CONFIG_BT_CLASSIC)
2921 	EVENT_HANDLER(BT_HCI_EVT_CONN_REQUEST, bt_hci_conn_req,
2922 		      sizeof(struct bt_hci_evt_conn_request)),
2923 	EVENT_HANDLER(BT_HCI_EVT_CONN_COMPLETE, bt_hci_conn_complete,
2924 		      sizeof(struct bt_hci_evt_conn_complete)),
2925 	EVENT_HANDLER(BT_HCI_EVT_PIN_CODE_REQ, bt_hci_pin_code_req,
2926 		      sizeof(struct bt_hci_evt_pin_code_req)),
2927 	EVENT_HANDLER(BT_HCI_EVT_LINK_KEY_NOTIFY, bt_hci_link_key_notify,
2928 		      sizeof(struct bt_hci_evt_link_key_notify)),
2929 	EVENT_HANDLER(BT_HCI_EVT_LINK_KEY_REQ, bt_hci_link_key_req,
2930 		      sizeof(struct bt_hci_evt_link_key_req)),
2931 	EVENT_HANDLER(BT_HCI_EVT_IO_CAPA_RESP, bt_hci_io_capa_resp,
2932 		      sizeof(struct bt_hci_evt_io_capa_resp)),
2933 	EVENT_HANDLER(BT_HCI_EVT_IO_CAPA_REQ, bt_hci_io_capa_req,
2934 		      sizeof(struct bt_hci_evt_io_capa_req)),
2935 	EVENT_HANDLER(BT_HCI_EVT_SSP_COMPLETE, bt_hci_ssp_complete,
2936 		      sizeof(struct bt_hci_evt_ssp_complete)),
2937 	EVENT_HANDLER(BT_HCI_EVT_USER_CONFIRM_REQ, bt_hci_user_confirm_req,
2938 		      sizeof(struct bt_hci_evt_user_confirm_req)),
2939 	EVENT_HANDLER(BT_HCI_EVT_USER_PASSKEY_NOTIFY,
2940 		      bt_hci_user_passkey_notify,
2941 		      sizeof(struct bt_hci_evt_user_passkey_notify)),
2942 	EVENT_HANDLER(BT_HCI_EVT_USER_PASSKEY_REQ, bt_hci_user_passkey_req,
2943 		      sizeof(struct bt_hci_evt_user_passkey_req)),
2944 	EVENT_HANDLER(BT_HCI_EVT_INQUIRY_COMPLETE, bt_hci_inquiry_complete,
2945 		      sizeof(struct bt_hci_evt_inquiry_complete)),
2946 	EVENT_HANDLER(BT_HCI_EVT_INQUIRY_RESULT_WITH_RSSI,
2947 		      bt_hci_inquiry_result_with_rssi,
2948 		      sizeof(struct bt_hci_evt_inquiry_result_with_rssi)),
2949 	EVENT_HANDLER(BT_HCI_EVT_EXTENDED_INQUIRY_RESULT,
2950 		      bt_hci_extended_inquiry_result,
2951 		      sizeof(struct bt_hci_evt_extended_inquiry_result)),
2952 	EVENT_HANDLER(BT_HCI_EVT_REMOTE_NAME_REQ_COMPLETE,
2953 		      bt_hci_remote_name_request_complete,
2954 		      sizeof(struct bt_hci_evt_remote_name_req_complete)),
2955 	EVENT_HANDLER(BT_HCI_EVT_AUTH_COMPLETE, bt_hci_auth_complete,
2956 		      sizeof(struct bt_hci_evt_auth_complete)),
2957 	EVENT_HANDLER(BT_HCI_EVT_REMOTE_FEATURES,
2958 		      bt_hci_read_remote_features_complete,
2959 		      sizeof(struct bt_hci_evt_remote_features)),
2960 	EVENT_HANDLER(BT_HCI_EVT_REMOTE_EXT_FEATURES,
2961 		      bt_hci_read_remote_ext_features_complete,
2962 		      sizeof(struct bt_hci_evt_remote_ext_features)),
2963 	EVENT_HANDLER(BT_HCI_EVT_ROLE_CHANGE, bt_hci_role_change,
2964 		      sizeof(struct bt_hci_evt_role_change)),
2965 	EVENT_HANDLER(BT_HCI_EVT_SYNC_CONN_COMPLETE, bt_hci_synchronous_conn_complete,
2966 		      sizeof(struct bt_hci_evt_sync_conn_complete)),
2967 #endif /* CONFIG_BT_CLASSIC */
2968 #if defined(CONFIG_BT_CONN)
2969 	EVENT_HANDLER(BT_HCI_EVT_DISCONN_COMPLETE, hci_disconn_complete,
2970 		      sizeof(struct bt_hci_evt_disconn_complete)),
2971 #endif /* CONFIG_BT_CONN */
2972 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC)
2973 	EVENT_HANDLER(BT_HCI_EVT_ENCRYPT_CHANGE, hci_encrypt_change,
2974 		      sizeof(struct bt_hci_evt_encrypt_change)),
2975 	EVENT_HANDLER(BT_HCI_EVT_ENCRYPT_KEY_REFRESH_COMPLETE,
2976 		      hci_encrypt_key_refresh_complete,
2977 		      sizeof(struct bt_hci_evt_encrypt_key_refresh_complete)),
2978 #endif /* CONFIG_BT_SMP || CONFIG_BT_CLASSIC */
2979 #if defined(CONFIG_BT_REMOTE_VERSION)
2980 	EVENT_HANDLER(BT_HCI_EVT_REMOTE_VERSION_INFO,
2981 		      bt_hci_evt_read_remote_version_complete,
2982 		      sizeof(struct bt_hci_evt_remote_version_info)),
2983 #endif /* CONFIG_BT_REMOTE_VERSION */
2984 	EVENT_HANDLER(BT_HCI_EVT_HARDWARE_ERROR, hci_hardware_error,
2985 		      sizeof(struct bt_hci_evt_hardware_error)),
2986 };
2987 
2988 
2989 #define BT_HCI_EVT_FLAG_RECV_PRIO BIT(0)
2990 #define BT_HCI_EVT_FLAG_RECV      BIT(1)
2991 
2992 /** @brief Get HCI event flags.
2993  *
2994  * Helper for the HCI driver to get HCI event flags that describes rules that.
2995  * must be followed.
2996  *
2997  * @param evt HCI event code.
2998  *
2999  * @return HCI event flags for the specified event.
3000  */
bt_hci_evt_get_flags(uint8_t evt)3001 static inline uint8_t bt_hci_evt_get_flags(uint8_t evt)
3002 {
3003 	switch (evt) {
3004 	case BT_HCI_EVT_DISCONN_COMPLETE:
3005 		return BT_HCI_EVT_FLAG_RECV | BT_HCI_EVT_FLAG_RECV_PRIO;
3006 		/* fallthrough */
3007 #if defined(CONFIG_BT_CONN) || defined(CONFIG_BT_ISO)
3008 	case BT_HCI_EVT_NUM_COMPLETED_PACKETS:
3009 #if defined(CONFIG_BT_CONN)
3010 	case BT_HCI_EVT_DATA_BUF_OVERFLOW:
3011 		__fallthrough;
3012 #endif /* defined(CONFIG_BT_CONN) */
3013 #endif /* CONFIG_BT_CONN ||  CONFIG_BT_ISO */
3014 	case BT_HCI_EVT_CMD_COMPLETE:
3015 	case BT_HCI_EVT_CMD_STATUS:
3016 		return BT_HCI_EVT_FLAG_RECV_PRIO;
3017 	default:
3018 		return BT_HCI_EVT_FLAG_RECV;
3019 	}
3020 }
3021 
hci_event(struct net_buf * buf)3022 static void hci_event(struct net_buf *buf)
3023 {
3024 	struct bt_hci_evt_hdr *hdr;
3025 
3026 	if (buf->len < sizeof(*hdr)) {
3027 		LOG_ERR("Invalid HCI event size (%u)", buf->len);
3028 		net_buf_unref(buf);
3029 		return;
3030 	}
3031 
3032 	hdr = net_buf_pull_mem(buf, sizeof(*hdr));
3033 	LOG_DBG("event 0x%02x", hdr->evt);
3034 	BT_ASSERT(bt_hci_evt_get_flags(hdr->evt) & BT_HCI_EVT_FLAG_RECV);
3035 
3036 	handle_event(hdr->evt, buf, normal_events, ARRAY_SIZE(normal_events));
3037 
3038 	net_buf_unref(buf);
3039 }
3040 
hci_core_send_cmd(void)3041 static void hci_core_send_cmd(void)
3042 {
3043 	struct net_buf *buf;
3044 	int err;
3045 
3046 	/* Get next command */
3047 	LOG_DBG("fetch cmd");
3048 	buf = k_fifo_get(&bt_dev.cmd_tx_queue, K_NO_WAIT);
3049 	BT_ASSERT(buf);
3050 
3051 	/* Clear out any existing sent command */
3052 	if (bt_dev.sent_cmd) {
3053 		LOG_ERR("Uncleared pending sent_cmd");
3054 		net_buf_unref(bt_dev.sent_cmd);
3055 		bt_dev.sent_cmd = NULL;
3056 	}
3057 
3058 	bt_dev.sent_cmd = net_buf_ref(buf);
3059 
3060 	LOG_DBG("Sending command 0x%04x (buf %p) to driver", cmd(buf)->opcode, buf);
3061 
3062 	err = bt_send(buf);
3063 	if (err) {
3064 		LOG_ERR("Unable to send to driver (err %d)", err);
3065 		k_sem_give(&bt_dev.ncmd_sem);
3066 		hci_cmd_done(cmd(buf)->opcode, BT_HCI_ERR_UNSPECIFIED, buf);
3067 		net_buf_unref(buf);
3068 		bt_tx_irq_raise();
3069 	}
3070 }
3071 
3072 #if defined(CONFIG_BT_CONN)
3073 #if defined(CONFIG_BT_ISO)
3074 /* command FIFO + conn_change signal + MAX_CONN + ISO_MAX_CHAN */
3075 #define EV_COUNT (2 + CONFIG_BT_MAX_CONN + CONFIG_BT_ISO_MAX_CHAN)
3076 #else
3077 /* command FIFO + conn_change signal + MAX_CONN */
3078 #define EV_COUNT (2 + CONFIG_BT_MAX_CONN)
3079 #endif /* CONFIG_BT_ISO */
3080 #else
3081 #if defined(CONFIG_BT_ISO)
3082 /* command FIFO + conn_change signal + ISO_MAX_CHAN */
3083 #define EV_COUNT (2 + CONFIG_BT_ISO_MAX_CHAN)
3084 #else
3085 /* command FIFO */
3086 #define EV_COUNT 1
3087 #endif /* CONFIG_BT_ISO */
3088 #endif /* CONFIG_BT_CONN */
3089 
read_local_ver_complete(struct net_buf * buf)3090 static void read_local_ver_complete(struct net_buf *buf)
3091 {
3092 	struct bt_hci_rp_read_local_version_info *rp = (void *)buf->data;
3093 
3094 	LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3095 
3096 	bt_dev.hci_version = rp->hci_version;
3097 	bt_dev.hci_revision = sys_le16_to_cpu(rp->hci_revision);
3098 	bt_dev.lmp_version = rp->lmp_version;
3099 	bt_dev.lmp_subversion = sys_le16_to_cpu(rp->lmp_subversion);
3100 	bt_dev.manufacturer = sys_le16_to_cpu(rp->manufacturer);
3101 }
3102 
read_le_features_complete(struct net_buf * buf)3103 static void read_le_features_complete(struct net_buf *buf)
3104 {
3105 	struct bt_hci_rp_le_read_local_features *rp = (void *)buf->data;
3106 
3107 	LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3108 
3109 	memcpy(bt_dev.le.features, rp->features, sizeof(bt_dev.le.features));
3110 }
3111 
3112 #if defined(CONFIG_BT_CONN)
3113 #if !defined(CONFIG_BT_CLASSIC)
read_buffer_size_complete(struct net_buf * buf)3114 static void read_buffer_size_complete(struct net_buf *buf)
3115 {
3116 	struct bt_hci_rp_read_buffer_size *rp = (void *)buf->data;
3117 	uint16_t pkts;
3118 
3119 	LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3120 
3121 	/* If LE-side has buffers we can ignore the BR/EDR values */
3122 	if (bt_dev.le.acl_mtu) {
3123 		return;
3124 	}
3125 
3126 	bt_dev.le.acl_mtu = sys_le16_to_cpu(rp->acl_max_len);
3127 	pkts = sys_le16_to_cpu(rp->acl_max_num);
3128 
3129 	LOG_DBG("ACL BR/EDR buffers: pkts %u mtu %u", pkts, bt_dev.le.acl_mtu);
3130 
3131 	k_sem_init(&bt_dev.le.acl_pkts, pkts, pkts);
3132 }
3133 #endif /* !defined(CONFIG_BT_CLASSIC) */
3134 #endif /* CONFIG_BT_CONN */
3135 
le_read_buffer_size_complete(struct net_buf * buf)3136 static void le_read_buffer_size_complete(struct net_buf *buf)
3137 {
3138 	struct bt_hci_rp_le_read_buffer_size *rp = (void *)buf->data;
3139 
3140 	LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3141 
3142 #if defined(CONFIG_BT_CONN)
3143 	uint16_t acl_mtu = sys_le16_to_cpu(rp->le_max_len);
3144 
3145 	if (!acl_mtu || !rp->le_max_num) {
3146 		return;
3147 	}
3148 
3149 	bt_dev.le.acl_mtu = acl_mtu;
3150 
3151 	LOG_DBG("ACL LE buffers: pkts %u mtu %u", rp->le_max_num, bt_dev.le.acl_mtu);
3152 
3153 	k_sem_init(&bt_dev.le.acl_pkts, rp->le_max_num, rp->le_max_num);
3154 #endif /* CONFIG_BT_CONN */
3155 }
3156 
read_buffer_size_v2_complete(struct net_buf * buf)3157 static void read_buffer_size_v2_complete(struct net_buf *buf)
3158 {
3159 #if defined(CONFIG_BT_ISO)
3160 	struct bt_hci_rp_le_read_buffer_size_v2 *rp = (void *)buf->data;
3161 
3162 	LOG_DBG("status %u %s", rp->status, bt_hci_err_to_str(rp->status));
3163 
3164 #if defined(CONFIG_BT_CONN)
3165 	uint16_t acl_mtu = sys_le16_to_cpu(rp->acl_max_len);
3166 
3167 	if (acl_mtu && rp->acl_max_num) {
3168 		bt_dev.le.acl_mtu = acl_mtu;
3169 		LOG_DBG("ACL LE buffers: pkts %u mtu %u", rp->acl_max_num, bt_dev.le.acl_mtu);
3170 
3171 		k_sem_init(&bt_dev.le.acl_pkts, rp->acl_max_num, rp->acl_max_num);
3172 	}
3173 #endif /* CONFIG_BT_CONN */
3174 
3175 	uint16_t iso_mtu = sys_le16_to_cpu(rp->iso_max_len);
3176 
3177 	if (!iso_mtu || !rp->iso_max_num) {
3178 		LOG_ERR("ISO buffer size not set");
3179 		return;
3180 	}
3181 
3182 	bt_dev.le.iso_mtu = iso_mtu;
3183 
3184 	LOG_DBG("ISO buffers: pkts %u mtu %u", rp->iso_max_num, bt_dev.le.iso_mtu);
3185 
3186 	k_sem_init(&bt_dev.le.iso_pkts, rp->iso_max_num, rp->iso_max_num);
3187 	bt_dev.le.iso_limit = rp->iso_max_num;
3188 #endif /* CONFIG_BT_ISO */
3189 }
3190 
le_set_host_feature(uint8_t bit_number,uint8_t bit_value)3191 static int le_set_host_feature(uint8_t bit_number, uint8_t bit_value)
3192 {
3193 	struct bt_hci_cp_le_set_host_feature *cp;
3194 	struct net_buf *buf;
3195 
3196 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_HOST_FEATURE, sizeof(*cp));
3197 	if (!buf) {
3198 		return -ENOBUFS;
3199 	}
3200 
3201 	cp = net_buf_add(buf, sizeof(*cp));
3202 	cp->bit_number = bit_number;
3203 	cp->bit_value = bit_value;
3204 
3205 	return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_HOST_FEATURE, buf, NULL);
3206 }
3207 
read_supported_commands_complete(struct net_buf * buf)3208 static void read_supported_commands_complete(struct net_buf *buf)
3209 {
3210 	struct bt_hci_rp_read_supported_commands *rp = (void *)buf->data;
3211 
3212 	LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3213 
3214 	memcpy(bt_dev.supported_commands, rp->commands, sizeof(bt_dev.supported_commands));
3215 }
3216 
read_local_features_complete(struct net_buf * buf)3217 static void read_local_features_complete(struct net_buf *buf)
3218 {
3219 	struct bt_hci_rp_read_local_features *rp = (void *)buf->data;
3220 
3221 	LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3222 
3223 	memcpy(bt_dev.features[0], rp->features, sizeof(bt_dev.features[0]));
3224 }
3225 
le_read_supp_states_complete(struct net_buf * buf)3226 static void le_read_supp_states_complete(struct net_buf *buf)
3227 {
3228 	struct bt_hci_rp_le_read_supp_states *rp = (void *)buf->data;
3229 
3230 	LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3231 
3232 	bt_dev.le.states = sys_get_le64(rp->le_states);
3233 }
3234 
3235 #if defined(CONFIG_BT_BROADCASTER)
le_read_maximum_adv_data_len_complete(struct net_buf * buf)3236 static void le_read_maximum_adv_data_len_complete(struct net_buf *buf)
3237 {
3238 	struct bt_hci_rp_le_read_max_adv_data_len *rp = (void *)buf->data;
3239 
3240 	LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3241 
3242 	bt_dev.le.max_adv_data_len = sys_le16_to_cpu(rp->max_adv_data_len);
3243 }
3244 #endif /* CONFIG_BT_BROADCASTER */
3245 
3246 #if defined(CONFIG_BT_SMP)
le_read_resolving_list_size_complete(struct net_buf * buf)3247 static void le_read_resolving_list_size_complete(struct net_buf *buf)
3248 {
3249 	struct bt_hci_rp_le_read_rl_size *rp = (void *)buf->data;
3250 
3251 	LOG_DBG("Resolving List size %u", rp->rl_size);
3252 
3253 	bt_dev.le.rl_size = rp->rl_size;
3254 }
3255 #endif /* defined(CONFIG_BT_SMP) */
3256 
common_init(void)3257 static int common_init(void)
3258 {
3259 	struct net_buf *rsp;
3260 	int err;
3261 
3262 	if (!drv_quirk_no_reset()) {
3263 		/* Send HCI_RESET */
3264 		err = bt_hci_cmd_send_sync(BT_HCI_OP_RESET, NULL, NULL);
3265 		if (err) {
3266 			return err;
3267 		}
3268 
3269 		hci_reset_complete();
3270 	}
3271 
3272 	/* Read Local Supported Features */
3273 	err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_LOCAL_FEATURES, NULL, &rsp);
3274 	if (err) {
3275 		return err;
3276 	}
3277 	read_local_features_complete(rsp);
3278 	net_buf_unref(rsp);
3279 
3280 	/* Read Local Version Information */
3281 	err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_LOCAL_VERSION_INFO, NULL,
3282 				   &rsp);
3283 	if (err) {
3284 		return err;
3285 	}
3286 	read_local_ver_complete(rsp);
3287 	net_buf_unref(rsp);
3288 
3289 	/* Read Local Supported Commands */
3290 	err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_SUPPORTED_COMMANDS, NULL,
3291 				   &rsp);
3292 	if (err) {
3293 		return err;
3294 	}
3295 	read_supported_commands_complete(rsp);
3296 	net_buf_unref(rsp);
3297 
3298 	if (IS_ENABLED(CONFIG_BT_HOST_CRYPTO)) {
3299 		/* Initialize crypto for host */
3300 		err = bt_crypto_init();
3301 		if (err) {
3302 			return err;
3303 		}
3304 	}
3305 
3306 #if defined(CONFIG_BT_HCI_ACL_FLOW_CONTROL)
3307 	err = set_flow_control();
3308 	if (err) {
3309 		return err;
3310 	}
3311 #endif /* CONFIG_BT_HCI_ACL_FLOW_CONTROL */
3312 
3313 	return 0;
3314 }
3315 
le_set_event_mask(void)3316 static int le_set_event_mask(void)
3317 {
3318 	struct bt_hci_cp_le_set_event_mask *cp_mask;
3319 	struct net_buf *buf;
3320 	uint64_t mask = 0U;
3321 
3322 	/* Set LE event mask */
3323 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_EVENT_MASK, sizeof(*cp_mask));
3324 	if (!buf) {
3325 		return -ENOBUFS;
3326 	}
3327 
3328 	cp_mask = net_buf_add(buf, sizeof(*cp_mask));
3329 
3330 	mask |= BT_EVT_MASK_LE_ADVERTISING_REPORT;
3331 
3332 	if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
3333 	    BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
3334 		mask |= BT_EVT_MASK_LE_ADV_SET_TERMINATED;
3335 		mask |= BT_EVT_MASK_LE_SCAN_REQ_RECEIVED;
3336 		mask |= BT_EVT_MASK_LE_EXT_ADVERTISING_REPORT;
3337 		mask |= BT_EVT_MASK_LE_SCAN_TIMEOUT;
3338 		if (IS_ENABLED(CONFIG_BT_PER_ADV_SYNC)) {
3339 			mask |= BT_EVT_MASK_LE_PER_ADV_SYNC_ESTABLISHED;
3340 			mask |= BT_EVT_MASK_LE_PER_ADVERTISING_REPORT;
3341 			mask |= BT_EVT_MASK_LE_PER_ADV_SYNC_LOST;
3342 			mask |= BT_EVT_MASK_LE_PAST_RECEIVED;
3343 		}
3344 	}
3345 
3346 	if (IS_ENABLED(CONFIG_BT_CONN)) {
3347 		if ((IS_ENABLED(CONFIG_BT_SMP) &&
3348 		     BT_FEAT_LE_PRIVACY(bt_dev.le.features)) ||
3349 		    (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
3350 		     BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
3351 			/* C24:
3352 			 * Mandatory if the LE Controller supports Connection
3353 			 * State and either LE Feature (LL Privacy) or
3354 			 * LE Feature (Extended Advertising) is supported, ...
3355 			 */
3356 			mask |= BT_EVT_MASK_LE_ENH_CONN_COMPLETE;
3357 		} else {
3358 			mask |= BT_EVT_MASK_LE_CONN_COMPLETE;
3359 		}
3360 
3361 		mask |= BT_EVT_MASK_LE_CONN_UPDATE_COMPLETE;
3362 		mask |= BT_EVT_MASK_LE_REMOTE_FEAT_COMPLETE;
3363 
3364 		if (BT_FEAT_LE_CONN_PARAM_REQ_PROC(bt_dev.le.features)) {
3365 			mask |= BT_EVT_MASK_LE_CONN_PARAM_REQ;
3366 		}
3367 
3368 		if (IS_ENABLED(CONFIG_BT_DATA_LEN_UPDATE) &&
3369 		    BT_FEAT_LE_DLE(bt_dev.le.features)) {
3370 			mask |= BT_EVT_MASK_LE_DATA_LEN_CHANGE;
3371 		}
3372 
3373 		if (IS_ENABLED(CONFIG_BT_PHY_UPDATE) &&
3374 		    (BT_FEAT_LE_PHY_2M(bt_dev.le.features) ||
3375 		     BT_FEAT_LE_PHY_CODED(bt_dev.le.features))) {
3376 			mask |= BT_EVT_MASK_LE_PHY_UPDATE_COMPLETE;
3377 		}
3378 		if (IS_ENABLED(CONFIG_BT_TRANSMIT_POWER_CONTROL)) {
3379 			mask |= BT_EVT_MASK_LE_TRANSMIT_POWER_REPORTING;
3380 		}
3381 
3382 		if (IS_ENABLED(CONFIG_BT_PATH_LOSS_MONITORING)) {
3383 			mask |= BT_EVT_MASK_LE_PATH_LOSS_THRESHOLD;
3384 		}
3385 
3386 		if (IS_ENABLED(CONFIG_BT_SUBRATING) &&
3387 		    BT_FEAT_LE_CONN_SUBRATING(bt_dev.le.features)) {
3388 			mask |= BT_EVT_MASK_LE_SUBRATE_CHANGE;
3389 		}
3390 	}
3391 
3392 	if (IS_ENABLED(CONFIG_BT_SMP) &&
3393 	    BT_FEAT_LE_ENCR(bt_dev.le.features)) {
3394 		mask |= BT_EVT_MASK_LE_LTK_REQUEST;
3395 	}
3396 
3397 	/*
3398 	 * Enable CIS events only if ISO connections are enabled and controller
3399 	 * support them.
3400 	 */
3401 	if (IS_ENABLED(CONFIG_BT_ISO) &&
3402 	    BT_FEAT_LE_CIS(bt_dev.le.features)) {
3403 		mask |= BT_EVT_MASK_LE_CIS_ESTABLISHED;
3404 		mask |= BT_EVT_MASK_LE_CIS_ESTABLISHED_V2;
3405 		if (BT_FEAT_LE_CIS_PERIPHERAL(bt_dev.le.features)) {
3406 			mask |= BT_EVT_MASK_LE_CIS_REQ;
3407 		}
3408 	}
3409 
3410 	/* Enable BIS events for broadcaster and/or receiver */
3411 	if (IS_ENABLED(CONFIG_BT_ISO) && BT_FEAT_LE_BIS(bt_dev.le.features)) {
3412 		if (IS_ENABLED(CONFIG_BT_ISO_BROADCASTER) &&
3413 		    BT_FEAT_LE_ISO_BROADCASTER(bt_dev.le.features)) {
3414 			mask |= BT_EVT_MASK_LE_BIG_COMPLETE;
3415 			mask |= BT_EVT_MASK_LE_BIG_TERMINATED;
3416 		}
3417 		if (IS_ENABLED(CONFIG_BT_ISO_SYNC_RECEIVER) &&
3418 		    BT_FEAT_LE_SYNC_RECEIVER(bt_dev.le.features)) {
3419 			mask |= BT_EVT_MASK_LE_BIG_SYNC_ESTABLISHED;
3420 			mask |= BT_EVT_MASK_LE_BIG_SYNC_LOST;
3421 			mask |= BT_EVT_MASK_LE_BIGINFO_ADV_REPORT;
3422 		}
3423 	}
3424 
3425 	/* Enable IQ samples report events receiver */
3426 	if (IS_ENABLED(CONFIG_BT_DF_CONNECTIONLESS_CTE_RX)) {
3427 		mask |= BT_EVT_MASK_LE_CONNECTIONLESS_IQ_REPORT;
3428 	}
3429 
3430 	if (IS_ENABLED(CONFIG_BT_DF_CONNECTION_CTE_RX)) {
3431 		mask |= BT_EVT_MASK_LE_CONNECTION_IQ_REPORT;
3432 		mask |= BT_EVT_MASK_LE_CTE_REQUEST_FAILED;
3433 	}
3434 
3435 	if (IS_ENABLED(CONFIG_BT_PER_ADV_RSP)) {
3436 		mask |= BT_EVT_MASK_LE_PER_ADV_SUBEVENT_DATA_REQ;
3437 		mask |= BT_EVT_MASK_LE_PER_ADV_RESPONSE_REPORT;
3438 	}
3439 
3440 	if (IS_ENABLED(CONFIG_BT_PER_ADV_SYNC_RSP)) {
3441 		mask |= BT_EVT_MASK_LE_PER_ADVERTISING_REPORT_V2;
3442 		mask |= BT_EVT_MASK_LE_PER_ADV_SYNC_ESTABLISHED_V2;
3443 		mask |= BT_EVT_MASK_LE_PAST_RECEIVED_V2;
3444 	}
3445 
3446 	if (IS_ENABLED(CONFIG_BT_CONN) &&
3447 	    (IS_ENABLED(CONFIG_BT_PER_ADV_RSP) || IS_ENABLED(CONFIG_BT_PER_ADV_SYNC_RSP))) {
3448 		mask |= BT_EVT_MASK_LE_ENH_CONN_COMPLETE_V2;
3449 	}
3450 
3451 
3452 	if (IS_ENABLED(CONFIG_BT_CHANNEL_SOUNDING) &&
3453 	    BT_FEAT_LE_CHANNEL_SOUNDING(bt_dev.le.features)) {
3454 		mask |= BT_EVT_MASK_LE_CS_READ_REMOTE_SUPPORTED_CAPABILITIES_COMPLETE;
3455 		mask |= BT_EVT_MASK_LE_CS_READ_REMOTE_FAE_TABLE_COMPLETE;
3456 		mask |= BT_EVT_MASK_LE_CS_CONFIG_COMPLETE;
3457 		mask |= BT_EVT_MASK_LE_CS_SECURITY_ENABLE_COMPLETE;
3458 		mask |= BT_EVT_MASK_LE_CS_PROCEDURE_ENABLE_COMPLETE;
3459 		mask |= BT_EVT_MASK_LE_CS_SUBEVENT_RESULT;
3460 		mask |= BT_EVT_MASK_LE_CS_SUBEVENT_RESULT_CONTINUE;
3461 		mask |= BT_EVT_MASK_LE_CS_TEST_END_COMPLETE;
3462 	}
3463 
3464 	sys_put_le64(mask, cp_mask->events);
3465 	return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_EVENT_MASK, buf, NULL);
3466 }
3467 
le_init_iso(void)3468 static int le_init_iso(void)
3469 {
3470 	int err;
3471 	struct net_buf *rsp;
3472 
3473 	if (IS_ENABLED(CONFIG_BT_ISO_UNICAST)) {
3474 		/* Set Connected Isochronous Streams - Host support */
3475 		err = le_set_host_feature(BT_LE_FEAT_BIT_ISO_CHANNELS, 1);
3476 		if (err) {
3477 			return err;
3478 		}
3479 	}
3480 
3481 	/* Octet 41, bit 5 is read buffer size V2 */
3482 	if (BT_CMD_TEST(bt_dev.supported_commands, 41, 5)) {
3483 		/* Read ISO Buffer Size V2 */
3484 		err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_BUFFER_SIZE_V2,
3485 					   NULL, &rsp);
3486 		if (err) {
3487 			return err;
3488 		}
3489 
3490 		read_buffer_size_v2_complete(rsp);
3491 
3492 		net_buf_unref(rsp);
3493 	} else if (IS_ENABLED(CONFIG_BT_CONN_TX)) {
3494 		if (IS_ENABLED(CONFIG_BT_ISO_TX)) {
3495 			LOG_WRN("Read Buffer Size V2 command is not supported. "
3496 				"No ISO TX buffers will be available");
3497 		}
3498 
3499 		/* Read LE Buffer Size in the case that we support ACL without TX ISO (e.g. if we
3500 		 * only support ISO sync receiver).
3501 		 */
3502 		err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_BUFFER_SIZE,
3503 					   NULL, &rsp);
3504 		if (err) {
3505 			return err;
3506 		}
3507 
3508 		le_read_buffer_size_complete(rsp);
3509 
3510 		net_buf_unref(rsp);
3511 	}
3512 
3513 	return 0;
3514 }
3515 
le_init(void)3516 static int le_init(void)
3517 {
3518 	struct bt_hci_cp_write_le_host_supp *cp_le;
3519 	struct net_buf *buf, *rsp;
3520 	int err;
3521 
3522 	/* For now we only support LE capable controllers */
3523 	if (!BT_FEAT_LE(bt_dev.features)) {
3524 		LOG_ERR("Non-LE capable controller detected!");
3525 		return -ENODEV;
3526 	}
3527 
3528 	/* Read Low Energy Supported Features */
3529 	err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_LOCAL_FEATURES, NULL,
3530 				   &rsp);
3531 	if (err) {
3532 		return err;
3533 	}
3534 
3535 	read_le_features_complete(rsp);
3536 	net_buf_unref(rsp);
3537 
3538 	if (IS_ENABLED(CONFIG_BT_ISO) &&
3539 	    BT_FEAT_LE_ISO(bt_dev.le.features)) {
3540 		err = le_init_iso();
3541 		if (err) {
3542 			return err;
3543 		}
3544 	} else if (IS_ENABLED(CONFIG_BT_CONN)) {
3545 		/* Read LE Buffer Size */
3546 		err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_BUFFER_SIZE,
3547 					   NULL, &rsp);
3548 		if (err) {
3549 			return err;
3550 		}
3551 
3552 		le_read_buffer_size_complete(rsp);
3553 
3554 		net_buf_unref(rsp);
3555 	}
3556 
3557 #if defined(CONFIG_BT_BROADCASTER)
3558 	if (IS_ENABLED(CONFIG_BT_EXT_ADV) && BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
3559 		/* Read LE Max Adv Data Len */
3560 		err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_MAX_ADV_DATA_LEN, NULL, &rsp);
3561 		if (err == 0) {
3562 			le_read_maximum_adv_data_len_complete(rsp);
3563 			net_buf_unref(rsp);
3564 		} else if (err == -EIO) {
3565 			LOG_WRN("Controller does not support 'LE_READ_MAX_ADV_DATA_LEN'. "
3566 				"Assuming maximum length is 31 bytes.");
3567 			bt_dev.le.max_adv_data_len = 31;
3568 		} else {
3569 			return err;
3570 		}
3571 	} else {
3572 		bt_dev.le.max_adv_data_len = 31;
3573 	}
3574 #endif /* CONFIG_BT_BROADCASTER */
3575 
3576 	if (BT_FEAT_BREDR(bt_dev.features)) {
3577 		buf = bt_hci_cmd_create(BT_HCI_OP_LE_WRITE_LE_HOST_SUPP,
3578 					sizeof(*cp_le));
3579 		if (!buf) {
3580 			return -ENOBUFS;
3581 		}
3582 
3583 		cp_le = net_buf_add(buf, sizeof(*cp_le));
3584 
3585 		/* Explicitly enable LE for dual-mode controllers */
3586 		cp_le->le = 0x01;
3587 		cp_le->simul = 0x00;
3588 		err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_WRITE_LE_HOST_SUPP, buf,
3589 					   NULL);
3590 		if (err) {
3591 			return err;
3592 		}
3593 	}
3594 
3595 	/* Read LE Supported States */
3596 	if (BT_CMD_LE_STATES(bt_dev.supported_commands)) {
3597 		err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_SUPP_STATES, NULL,
3598 					   &rsp);
3599 		if (err) {
3600 			return err;
3601 		}
3602 
3603 		le_read_supp_states_complete(rsp);
3604 		net_buf_unref(rsp);
3605 	}
3606 
3607 	if (IS_ENABLED(CONFIG_BT_CONN) &&
3608 	    IS_ENABLED(CONFIG_BT_DATA_LEN_UPDATE) &&
3609 	    IS_ENABLED(CONFIG_BT_AUTO_DATA_LEN_UPDATE) &&
3610 	    BT_FEAT_LE_DLE(bt_dev.le.features)) {
3611 		struct bt_hci_cp_le_write_default_data_len *cp;
3612 		uint16_t tx_octets, tx_time;
3613 
3614 		err = bt_hci_le_read_max_data_len(&tx_octets, &tx_time);
3615 		if (err) {
3616 			return err;
3617 		}
3618 
3619 		buf = bt_hci_cmd_create(BT_HCI_OP_LE_WRITE_DEFAULT_DATA_LEN,
3620 					sizeof(*cp));
3621 		if (!buf) {
3622 			return -ENOBUFS;
3623 		}
3624 
3625 		cp = net_buf_add(buf, sizeof(*cp));
3626 		cp->max_tx_octets = sys_cpu_to_le16(tx_octets);
3627 		cp->max_tx_time = sys_cpu_to_le16(tx_time);
3628 
3629 		err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_WRITE_DEFAULT_DATA_LEN,
3630 					   buf, NULL);
3631 		if (err) {
3632 			return err;
3633 		}
3634 	}
3635 
3636 #if defined(CONFIG_BT_SMP)
3637 	if (BT_FEAT_LE_PRIVACY(bt_dev.le.features)) {
3638 #if defined(CONFIG_BT_PRIVACY)
3639 		struct bt_hci_cp_le_set_rpa_timeout *cp;
3640 
3641 		buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_RPA_TIMEOUT,
3642 					sizeof(*cp));
3643 		if (!buf) {
3644 			return -ENOBUFS;
3645 		}
3646 
3647 		cp = net_buf_add(buf, sizeof(*cp));
3648 		cp->rpa_timeout = sys_cpu_to_le16(bt_dev.rpa_timeout);
3649 		err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_RPA_TIMEOUT, buf,
3650 					   NULL);
3651 		if (err) {
3652 			return err;
3653 		}
3654 #endif /* defined(CONFIG_BT_PRIVACY) */
3655 
3656 		err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_RL_SIZE, NULL,
3657 					   &rsp);
3658 		if (err) {
3659 			return err;
3660 		}
3661 		le_read_resolving_list_size_complete(rsp);
3662 		net_buf_unref(rsp);
3663 	}
3664 #endif
3665 
3666 #if defined(CONFIG_BT_DF)
3667 	if (BT_FEAT_LE_CONNECTIONLESS_CTE_TX(bt_dev.le.features) ||
3668 	    BT_FEAT_LE_CONNECTIONLESS_CTE_RX(bt_dev.le.features) ||
3669 	    BT_FEAT_LE_RX_CTE(bt_dev.le.features)) {
3670 		err = le_df_init();
3671 		if (err) {
3672 			return err;
3673 		}
3674 	}
3675 #endif /* CONFIG_BT_DF */
3676 
3677 	if (IS_ENABLED(CONFIG_BT_SUBRATING) &&
3678 	    BT_FEAT_LE_CONN_SUBRATING(bt_dev.le.features)) {
3679 		/* Connection Subrating (Host Support) */
3680 		err = le_set_host_feature(BT_LE_FEAT_BIT_CONN_SUBRATING_HOST_SUPP, 1);
3681 		if (err) {
3682 			return err;
3683 		}
3684 	}
3685 
3686 	if (IS_ENABLED(CONFIG_BT_CHANNEL_SOUNDING) &&
3687 	    BT_FEAT_LE_CHANNEL_SOUNDING(bt_dev.le.features)) {
3688 		err = le_set_host_feature(BT_LE_FEAT_BIT_CHANNEL_SOUNDING_HOST, 1);
3689 		if (err) {
3690 			return err;
3691 		}
3692 	}
3693 
3694 	if (IS_ENABLED(CONFIG_BT_EXT_ADV_CODING_SELECTION) &&
3695 	    IS_ENABLED(CONFIG_BT_OBSERVER) &&
3696 	    BT_FEAT_LE_ADV_CODING_SEL(bt_dev.le.features)) {
3697 		err = le_set_host_feature(BT_LE_FEAT_BIT_ADV_CODING_SEL_HOST, 1);
3698 		if (err) {
3699 			return err;
3700 		}
3701 	}
3702 
3703 	return  le_set_event_mask();
3704 }
3705 
3706 #if !defined(CONFIG_BT_CLASSIC)
bt_br_init(void)3707 static int bt_br_init(void)
3708 {
3709 #if defined(CONFIG_BT_CONN)
3710 	struct net_buf *rsp;
3711 	int err;
3712 
3713 	if (bt_dev.le.acl_mtu) {
3714 		return 0;
3715 	}
3716 
3717 	/* Use BR/EDR buffer size if LE reports zero buffers */
3718 	err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_BUFFER_SIZE, NULL, &rsp);
3719 	if (err) {
3720 		return err;
3721 	}
3722 
3723 	read_buffer_size_complete(rsp);
3724 	net_buf_unref(rsp);
3725 #endif /* CONFIG_BT_CONN */
3726 
3727 	return 0;
3728 }
3729 #endif /* !defined(CONFIG_BT_CLASSIC) */
3730 
set_event_mask(void)3731 static int set_event_mask(void)
3732 {
3733 	struct bt_hci_cp_set_event_mask *ev;
3734 	struct net_buf *buf;
3735 	uint64_t mask = 0U;
3736 
3737 	buf = bt_hci_cmd_create(BT_HCI_OP_SET_EVENT_MASK, sizeof(*ev));
3738 	if (!buf) {
3739 		return -ENOBUFS;
3740 	}
3741 
3742 	ev = net_buf_add(buf, sizeof(*ev));
3743 
3744 	if (IS_ENABLED(CONFIG_BT_CLASSIC)) {
3745 		/* Since we require LE support, we can count on a
3746 		 * Bluetooth 4.0 feature set
3747 		 */
3748 		mask |= BT_EVT_MASK_INQUIRY_COMPLETE;
3749 		mask |= BT_EVT_MASK_CONN_COMPLETE;
3750 		mask |= BT_EVT_MASK_CONN_REQUEST;
3751 		mask |= BT_EVT_MASK_AUTH_COMPLETE;
3752 		mask |= BT_EVT_MASK_REMOTE_NAME_REQ_COMPLETE;
3753 		mask |= BT_EVT_MASK_REMOTE_FEATURES;
3754 		mask |= BT_EVT_MASK_ROLE_CHANGE;
3755 		mask |= BT_EVT_MASK_PIN_CODE_REQ;
3756 		mask |= BT_EVT_MASK_LINK_KEY_REQ;
3757 		mask |= BT_EVT_MASK_LINK_KEY_NOTIFY;
3758 		mask |= BT_EVT_MASK_INQUIRY_RESULT_WITH_RSSI;
3759 		mask |= BT_EVT_MASK_REMOTE_EXT_FEATURES;
3760 		mask |= BT_EVT_MASK_SYNC_CONN_COMPLETE;
3761 		mask |= BT_EVT_MASK_EXTENDED_INQUIRY_RESULT;
3762 		mask |= BT_EVT_MASK_IO_CAPA_REQ;
3763 		mask |= BT_EVT_MASK_IO_CAPA_RESP;
3764 		mask |= BT_EVT_MASK_USER_CONFIRM_REQ;
3765 		mask |= BT_EVT_MASK_USER_PASSKEY_REQ;
3766 		mask |= BT_EVT_MASK_SSP_COMPLETE;
3767 		mask |= BT_EVT_MASK_USER_PASSKEY_NOTIFY;
3768 	}
3769 
3770 	mask |= BT_EVT_MASK_HARDWARE_ERROR;
3771 	mask |= BT_EVT_MASK_DATA_BUFFER_OVERFLOW;
3772 	mask |= BT_EVT_MASK_LE_META_EVENT;
3773 
3774 	if (IS_ENABLED(CONFIG_BT_CONN)) {
3775 		mask |= BT_EVT_MASK_DISCONN_COMPLETE;
3776 		mask |= BT_EVT_MASK_REMOTE_VERSION_INFO;
3777 	}
3778 
3779 	if (IS_ENABLED(CONFIG_BT_SMP) &&
3780 	    BT_FEAT_LE_ENCR(bt_dev.le.features)) {
3781 		mask |= BT_EVT_MASK_ENCRYPT_CHANGE;
3782 		mask |= BT_EVT_MASK_ENCRYPT_KEY_REFRESH_COMPLETE;
3783 	}
3784 
3785 	sys_put_le64(mask, ev->events);
3786 	return bt_hci_cmd_send_sync(BT_HCI_OP_SET_EVENT_MASK, buf, NULL);
3787 }
3788 
bt_hci_get_ver_str(uint8_t core_version)3789 const char *bt_hci_get_ver_str(uint8_t core_version)
3790 {
3791 	const char * const str[] = {
3792 		"1.0b", "1.1", "1.2", "2.0", "2.1", "3.0", "4.0", "4.1", "4.2",
3793 		"5.0", "5.1", "5.2", "5.3", "5.4", "6.0"
3794 	};
3795 
3796 	if (core_version < ARRAY_SIZE(str)) {
3797 		return str[core_version];
3798 	}
3799 
3800 	return "unknown";
3801 }
3802 
bt_dev_show_info(void)3803 static void bt_dev_show_info(void)
3804 {
3805 	int i;
3806 
3807 	LOG_INF("Identity%s: %s", bt_dev.id_count > 1 ? "[0]" : "",
3808 		bt_addr_le_str(&bt_dev.id_addr[0]));
3809 
3810 	if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
3811 #if defined(CONFIG_BT_PRIVACY)
3812 		uint8_t irk[16];
3813 
3814 		sys_memcpy_swap(irk, bt_dev.irk[0], 16);
3815 		LOG_INF("IRK%s: 0x%s", bt_dev.id_count > 1 ? "[0]" : "", bt_hex(irk, 16));
3816 #endif
3817 	}
3818 
3819 	for (i = 1; i < bt_dev.id_count; i++) {
3820 		LOG_INF("Identity[%d]: %s", i, bt_addr_le_str(&bt_dev.id_addr[i]));
3821 
3822 		if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
3823 #if defined(CONFIG_BT_PRIVACY)
3824 			uint8_t irk[16];
3825 
3826 			sys_memcpy_swap(irk, bt_dev.irk[i], 16);
3827 			LOG_INF("IRK[%d]: 0x%s", i, bt_hex(irk, 16));
3828 #endif
3829 		}
3830 	}
3831 
3832 	if (IS_ENABLED(CONFIG_BT_SMP) &&
3833 	    IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
3834 		bt_keys_foreach_type(BT_KEYS_ALL, bt_keys_show_sniffer_info, NULL);
3835 	}
3836 
3837 	LOG_INF("HCI: version %s (0x%02x) revision 0x%04x, manufacturer 0x%04x",
3838 		bt_hci_get_ver_str(bt_dev.hci_version), bt_dev.hci_version, bt_dev.hci_revision,
3839 		bt_dev.manufacturer);
3840 	LOG_INF("LMP: version %s (0x%02x) subver 0x%04x", bt_hci_get_ver_str(bt_dev.lmp_version),
3841 		bt_dev.lmp_version, bt_dev.lmp_subversion);
3842 }
3843 
3844 #if defined(CONFIG_BT_HCI_VS)
vs_hw_platform(uint16_t platform)3845 static const char *vs_hw_platform(uint16_t platform)
3846 {
3847 	static const char * const plat_str[] = {
3848 		"reserved", "Intel Corporation", "Nordic Semiconductor",
3849 		"NXP Semiconductors" };
3850 
3851 	if (platform < ARRAY_SIZE(plat_str)) {
3852 		return plat_str[platform];
3853 	}
3854 
3855 	return "unknown";
3856 }
3857 
vs_hw_variant(uint16_t platform,uint16_t variant)3858 static const char *vs_hw_variant(uint16_t platform, uint16_t variant)
3859 {
3860 	static const char * const nordic_str[] = {
3861 		"reserved", "nRF51x", "nRF52x", "nRF53x", "nRF54Hx", "nRF54Lx"
3862 	};
3863 
3864 	if (platform != BT_HCI_VS_HW_PLAT_NORDIC) {
3865 		return "unknown";
3866 	}
3867 
3868 	if (variant < ARRAY_SIZE(nordic_str)) {
3869 		return nordic_str[variant];
3870 	}
3871 
3872 	return "unknown";
3873 }
3874 
vs_fw_variant(uint8_t variant)3875 static const char *vs_fw_variant(uint8_t variant)
3876 {
3877 	static const char * const var_str[] = {
3878 		"Standard Bluetooth controller",
3879 		"Vendor specific controller",
3880 		"Firmware loader",
3881 		"Rescue image",
3882 	};
3883 
3884 	if (variant < ARRAY_SIZE(var_str)) {
3885 		return var_str[variant];
3886 	}
3887 
3888 	return "unknown";
3889 }
3890 
hci_vs_init(void)3891 static void hci_vs_init(void)
3892 {
3893 	union {
3894 		struct bt_hci_rp_vs_read_version_info *info;
3895 		struct bt_hci_rp_vs_read_supported_commands *cmds;
3896 		struct bt_hci_rp_vs_read_supported_features *feat;
3897 	} rp;
3898 	struct net_buf *rsp;
3899 	int err;
3900 
3901 	/* If heuristics is enabled, try to guess HCI VS support by looking
3902 	 * at the HCI version and identity address. We haven't set any addresses
3903 	 * at this point. So we need to read the public address.
3904 	 */
3905 	if (IS_ENABLED(CONFIG_BT_HCI_VS_EXT_DETECT)) {
3906 		bt_addr_le_t addr;
3907 
3908 		if ((bt_dev.hci_version < BT_HCI_VERSION_5_0) ||
3909 		    bt_id_read_public_addr(&addr)) {
3910 			LOG_WRN("Controller doesn't seem to support "
3911 				"Zephyr vendor HCI");
3912 			return;
3913 		}
3914 	}
3915 
3916 	err = bt_hci_cmd_send_sync(BT_HCI_OP_VS_READ_VERSION_INFO, NULL, &rsp);
3917 	if (err) {
3918 		LOG_WRN("Vendor HCI extensions not available");
3919 		return;
3920 	}
3921 
3922 	if (IS_ENABLED(CONFIG_BT_HCI_VS_EXT_DETECT) &&
3923 	    rsp->len != sizeof(struct bt_hci_rp_vs_read_version_info)) {
3924 		LOG_WRN("Invalid Vendor HCI extensions");
3925 		net_buf_unref(rsp);
3926 		return;
3927 	}
3928 
3929 	rp.info = (void *)rsp->data;
3930 	LOG_INF("HW Platform: %s (0x%04x)", vs_hw_platform(sys_le16_to_cpu(rp.info->hw_platform)),
3931 		sys_le16_to_cpu(rp.info->hw_platform));
3932 	LOG_INF("HW Variant: %s (0x%04x)",
3933 		vs_hw_variant(sys_le16_to_cpu(rp.info->hw_platform),
3934 			      sys_le16_to_cpu(rp.info->hw_variant)),
3935 		sys_le16_to_cpu(rp.info->hw_variant));
3936 	LOG_INF("Firmware: %s (0x%02x) Version %u.%u Build %u", vs_fw_variant(rp.info->fw_variant),
3937 		rp.info->fw_variant, rp.info->fw_version, sys_le16_to_cpu(rp.info->fw_revision),
3938 		sys_le32_to_cpu(rp.info->fw_build));
3939 
3940 	net_buf_unref(rsp);
3941 
3942 	err = bt_hci_cmd_send_sync(BT_HCI_OP_VS_READ_SUPPORTED_COMMANDS,
3943 				   NULL, &rsp);
3944 	if (err) {
3945 		LOG_WRN("Failed to read supported vendor commands");
3946 		return;
3947 	}
3948 
3949 	if (IS_ENABLED(CONFIG_BT_HCI_VS_EXT_DETECT) &&
3950 	    rsp->len != sizeof(struct bt_hci_rp_vs_read_supported_commands)) {
3951 		LOG_WRN("Invalid Vendor HCI extensions");
3952 		net_buf_unref(rsp);
3953 		return;
3954 	}
3955 
3956 	rp.cmds = (void *)rsp->data;
3957 	memcpy(bt_dev.vs_commands, rp.cmds->commands, BT_DEV_VS_CMDS_MAX);
3958 	net_buf_unref(rsp);
3959 
3960 	if (BT_VS_CMD_SUP_FEAT(bt_dev.vs_commands)) {
3961 		err = bt_hci_cmd_send_sync(BT_HCI_OP_VS_READ_SUPPORTED_FEATURES,
3962 					   NULL, &rsp);
3963 		if (err) {
3964 			LOG_WRN("Failed to read supported vendor features");
3965 			return;
3966 		}
3967 
3968 		if (IS_ENABLED(CONFIG_BT_HCI_VS_EXT_DETECT) &&
3969 		    rsp->len !=
3970 		    sizeof(struct bt_hci_rp_vs_read_supported_features)) {
3971 			LOG_WRN("Invalid Vendor HCI extensions");
3972 			net_buf_unref(rsp);
3973 			return;
3974 		}
3975 
3976 		rp.feat = (void *)rsp->data;
3977 		memcpy(bt_dev.vs_features, rp.feat->features,
3978 		       BT_DEV_VS_FEAT_MAX);
3979 		net_buf_unref(rsp);
3980 	}
3981 }
3982 #endif /* CONFIG_BT_HCI_VS */
3983 
hci_init(void)3984 static int hci_init(void)
3985 {
3986 	int err;
3987 
3988 #if defined(CONFIG_BT_HCI_SETUP)
3989 	struct bt_hci_setup_params setup_params = { 0 };
3990 
3991 	bt_addr_copy(&setup_params.public_addr, BT_ADDR_ANY);
3992 #if defined(CONFIG_BT_HCI_SET_PUBLIC_ADDR)
3993 	if (bt_dev.id_count > 0 && bt_dev.id_addr[BT_ID_DEFAULT].type == BT_ADDR_LE_PUBLIC) {
3994 		bt_addr_copy(&setup_params.public_addr, &bt_dev.id_addr[BT_ID_DEFAULT].a);
3995 	}
3996 #endif /* defined(CONFIG_BT_HCI_SET_PUBLIC_ADDR) */
3997 
3998 	err = bt_hci_setup(bt_dev.hci, &setup_params);
3999 	if (err && err != -ENOSYS) {
4000 		return err;
4001 	}
4002 #endif /* defined(CONFIG_BT_HCI_SETUP) */
4003 
4004 	err = common_init();
4005 	if (err) {
4006 		return err;
4007 	}
4008 
4009 	err = le_init();
4010 	if (err) {
4011 		return err;
4012 	}
4013 
4014 	if (BT_FEAT_BREDR(bt_dev.features)) {
4015 		err = bt_br_init();
4016 		if (err) {
4017 			return err;
4018 		}
4019 	} else if (IS_ENABLED(CONFIG_BT_CLASSIC)) {
4020 		LOG_ERR("Non-BR/EDR controller detected");
4021 		return -EIO;
4022 	}
4023 #if defined(CONFIG_BT_CONN)
4024 	else if (!bt_dev.le.acl_mtu) {
4025 		LOG_ERR("ACL BR/EDR buffers not initialized");
4026 		return -EIO;
4027 	}
4028 #endif
4029 
4030 	err = set_event_mask();
4031 	if (err) {
4032 		return err;
4033 	}
4034 
4035 #if defined(CONFIG_BT_HCI_VS)
4036 	hci_vs_init();
4037 #endif
4038 	err = bt_id_init();
4039 	if (err) {
4040 		return err;
4041 	}
4042 
4043 	return 0;
4044 }
4045 
bt_send(struct net_buf * buf)4046 int bt_send(struct net_buf *buf)
4047 {
4048 	LOG_DBG("buf %p len %u type %u", buf, buf->len, bt_buf_get_type(buf));
4049 
4050 	bt_monitor_send(bt_monitor_opcode(buf), buf->data, buf->len);
4051 
4052 	return bt_hci_send(bt_dev.hci, buf);
4053 }
4054 
4055 static const struct event_handler prio_events[] = {
4056 	EVENT_HANDLER(BT_HCI_EVT_CMD_COMPLETE, hci_cmd_complete,
4057 		      sizeof(struct bt_hci_evt_cmd_complete)),
4058 	EVENT_HANDLER(BT_HCI_EVT_CMD_STATUS, hci_cmd_status,
4059 		      sizeof(struct bt_hci_evt_cmd_status)),
4060 #if defined(CONFIG_BT_CONN)
4061 	EVENT_HANDLER(BT_HCI_EVT_DATA_BUF_OVERFLOW,
4062 		      hci_data_buf_overflow,
4063 		      sizeof(struct bt_hci_evt_data_buf_overflow)),
4064 	EVENT_HANDLER(BT_HCI_EVT_DISCONN_COMPLETE, hci_disconn_complete_prio,
4065 		      sizeof(struct bt_hci_evt_disconn_complete)),
4066 #endif /* CONFIG_BT_CONN */
4067 #if defined(CONFIG_BT_CONN_TX)
4068 	EVENT_HANDLER(BT_HCI_EVT_NUM_COMPLETED_PACKETS,
4069 		      hci_num_completed_packets,
4070 		      sizeof(struct bt_hci_evt_num_completed_packets)),
4071 #endif /* CONFIG_BT_CONN_TX */
4072 };
4073 
hci_event_prio(struct net_buf * buf)4074 void hci_event_prio(struct net_buf *buf)
4075 {
4076 	struct net_buf_simple_state state;
4077 	struct bt_hci_evt_hdr *hdr;
4078 	uint8_t evt_flags;
4079 
4080 	net_buf_simple_save(&buf->b, &state);
4081 
4082 	if (buf->len < sizeof(*hdr)) {
4083 		LOG_ERR("Invalid HCI event size (%u)", buf->len);
4084 		net_buf_unref(buf);
4085 		return;
4086 	}
4087 
4088 	hdr = net_buf_pull_mem(buf, sizeof(*hdr));
4089 	evt_flags = bt_hci_evt_get_flags(hdr->evt);
4090 	BT_ASSERT(evt_flags & BT_HCI_EVT_FLAG_RECV_PRIO);
4091 
4092 	handle_event(hdr->evt, buf, prio_events, ARRAY_SIZE(prio_events));
4093 
4094 	if (evt_flags & BT_HCI_EVT_FLAG_RECV) {
4095 		net_buf_simple_restore(&buf->b, &state);
4096 	} else {
4097 		net_buf_unref(buf);
4098 	}
4099 }
4100 
rx_queue_put(struct net_buf * buf)4101 static void rx_queue_put(struct net_buf *buf)
4102 {
4103 	net_buf_slist_put(&bt_dev.rx_queue, buf);
4104 
4105 #if defined(CONFIG_BT_RECV_WORKQ_SYS)
4106 	const int err = k_work_submit(&rx_work);
4107 #elif defined(CONFIG_BT_RECV_WORKQ_BT)
4108 	const int err = k_work_submit_to_queue(&bt_workq, &rx_work);
4109 #endif /* CONFIG_BT_RECV_WORKQ_SYS */
4110 	if (err < 0) {
4111 		LOG_ERR("Could not submit rx_work: %d", err);
4112 	}
4113 }
4114 
bt_recv_unsafe(struct net_buf * buf)4115 static int bt_recv_unsafe(struct net_buf *buf)
4116 {
4117 	bt_monitor_send(bt_monitor_opcode(buf), buf->data, buf->len);
4118 
4119 	LOG_DBG("buf %p len %u", buf, buf->len);
4120 
4121 	switch (bt_buf_get_type(buf)) {
4122 #if defined(CONFIG_BT_CONN)
4123 	case BT_BUF_ACL_IN:
4124 		rx_queue_put(buf);
4125 		return 0;
4126 #endif /* BT_CONN */
4127 	case BT_BUF_EVT:
4128 	{
4129 		struct bt_hci_evt_hdr *hdr = (void *)buf->data;
4130 		uint8_t evt_flags = bt_hci_evt_get_flags(hdr->evt);
4131 
4132 		if (evt_flags & BT_HCI_EVT_FLAG_RECV_PRIO) {
4133 			hci_event_prio(buf);
4134 		}
4135 
4136 		if (evt_flags & BT_HCI_EVT_FLAG_RECV) {
4137 			rx_queue_put(buf);
4138 		}
4139 
4140 		return 0;
4141 	}
4142 #if defined(CONFIG_BT_ISO)
4143 	case BT_BUF_ISO_IN:
4144 		rx_queue_put(buf);
4145 		return 0;
4146 #endif /* CONFIG_BT_ISO */
4147 	default:
4148 		LOG_ERR("Invalid buf type %u", bt_buf_get_type(buf));
4149 		net_buf_unref(buf);
4150 		return -EINVAL;
4151 	}
4152 }
4153 
bt_hci_recv(const struct device * dev,struct net_buf * buf)4154 int bt_hci_recv(const struct device *dev, struct net_buf *buf)
4155 {
4156 	ARG_UNUSED(dev);
4157 	int err;
4158 
4159 	k_sched_lock();
4160 	err = bt_recv_unsafe(buf);
4161 	k_sched_unlock();
4162 
4163 	return err;
4164 }
4165 
bt_finalize_init(void)4166 void bt_finalize_init(void)
4167 {
4168 	atomic_set_bit(bt_dev.flags, BT_DEV_READY);
4169 
4170 	if (IS_ENABLED(CONFIG_BT_OBSERVER)) {
4171 		bt_scan_reset();
4172 	}
4173 
4174 	bt_dev_show_info();
4175 }
4176 
bt_init(void)4177 static int bt_init(void)
4178 {
4179 	int err;
4180 
4181 	err = hci_init();
4182 	if (err) {
4183 		return err;
4184 	}
4185 
4186 	if (IS_ENABLED(CONFIG_BT_CONN)) {
4187 		err = bt_conn_init();
4188 		if (err) {
4189 			return err;
4190 		}
4191 	}
4192 
4193 	if (IS_ENABLED(CONFIG_BT_ISO)) {
4194 		err = bt_conn_iso_init();
4195 		if (err) {
4196 			return err;
4197 		}
4198 	}
4199 
4200 	if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
4201 		if (!bt_dev.id_count) {
4202 			LOG_INF("No ID address. App must call settings_load()");
4203 			return 0;
4204 		}
4205 
4206 		atomic_set_bit(bt_dev.flags, BT_DEV_PRESET_ID);
4207 	}
4208 
4209 	bt_finalize_init();
4210 	return 0;
4211 }
4212 
init_work(struct k_work * work)4213 static void init_work(struct k_work *work)
4214 {
4215 	int err;
4216 
4217 	err = bt_init();
4218 	if (ready_cb) {
4219 		ready_cb(err);
4220 	}
4221 }
4222 
rx_work_handler(struct k_work * work)4223 static void rx_work_handler(struct k_work *work)
4224 {
4225 	int err;
4226 
4227 	struct net_buf *buf;
4228 
4229 	LOG_DBG("Getting net_buf from queue");
4230 	buf = net_buf_slist_get(&bt_dev.rx_queue);
4231 	if (!buf) {
4232 		return;
4233 	}
4234 
4235 	LOG_DBG("buf %p type %u len %u", buf, bt_buf_get_type(buf), buf->len);
4236 
4237 	switch (bt_buf_get_type(buf)) {
4238 #if defined(CONFIG_BT_CONN)
4239 	case BT_BUF_ACL_IN:
4240 		hci_acl(buf);
4241 		break;
4242 #endif /* CONFIG_BT_CONN */
4243 #if defined(CONFIG_BT_ISO)
4244 	case BT_BUF_ISO_IN:
4245 		hci_iso(buf);
4246 		break;
4247 #endif /* CONFIG_BT_ISO */
4248 	case BT_BUF_EVT:
4249 		hci_event(buf);
4250 		break;
4251 	default:
4252 		LOG_ERR("Unknown buf type %u", bt_buf_get_type(buf));
4253 		net_buf_unref(buf);
4254 		break;
4255 	}
4256 
4257 	/* Schedule the work handler to be executed again if there are
4258 	 * additional items in the queue. This allows for other users of the
4259 	 * work queue to get a chance at running, which wouldn't be possible if
4260 	 * we used a while() loop with a k_yield() statement.
4261 	 */
4262 	if (!sys_slist_is_empty(&bt_dev.rx_queue)) {
4263 
4264 #if defined(CONFIG_BT_RECV_WORKQ_SYS)
4265 		err = k_work_submit(&rx_work);
4266 #elif defined(CONFIG_BT_RECV_WORKQ_BT)
4267 		err = k_work_submit_to_queue(&bt_workq, &rx_work);
4268 #endif
4269 		if (err < 0) {
4270 			LOG_ERR("Could not submit rx_work: %d", err);
4271 		}
4272 	}
4273 }
4274 
4275 #if defined(CONFIG_BT_TESTING)
bt_testing_tx_tid_get(void)4276 k_tid_t bt_testing_tx_tid_get(void)
4277 {
4278 	/* We now TX everything from the syswq */
4279 	return &k_sys_work_q.thread;
4280 }
4281 
4282 #if defined(CONFIG_BT_ISO)
bt_testing_set_iso_mtu(uint16_t mtu)4283 void bt_testing_set_iso_mtu(uint16_t mtu)
4284 {
4285 	bt_dev.le.iso_mtu = mtu;
4286 }
4287 #endif /* CONFIG_BT_ISO */
4288 #endif /* CONFIG_BT_TESTING */
4289 
bt_enable(bt_ready_cb_t cb)4290 int bt_enable(bt_ready_cb_t cb)
4291 {
4292 	int err;
4293 
4294 	if (IS_ENABLED(CONFIG_ZTEST) && bt_dev.hci == NULL) {
4295 		LOG_ERR("No DT chosen property for HCI");
4296 		return -ENODEV;
4297 	}
4298 
4299 	if (!device_is_ready(bt_dev.hci)) {
4300 		LOG_ERR("HCI driver is not ready");
4301 		return -ENODEV;
4302 	}
4303 
4304 	bt_monitor_new_index(BT_MONITOR_TYPE_PRIMARY, BT_HCI_BUS, BT_ADDR_ANY, BT_HCI_NAME);
4305 
4306 	atomic_clear_bit(bt_dev.flags, BT_DEV_DISABLE);
4307 
4308 	if (atomic_test_and_set_bit(bt_dev.flags, BT_DEV_ENABLE)) {
4309 		return -EALREADY;
4310 	}
4311 
4312 	if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
4313 		err = bt_settings_init();
4314 		if (err) {
4315 			return err;
4316 		}
4317 	} else if (IS_ENABLED(CONFIG_BT_DEVICE_NAME_DYNAMIC)) {
4318 		err = bt_set_name(CONFIG_BT_DEVICE_NAME);
4319 		if (err) {
4320 			LOG_WRN("Failed to set device name (%d)", err);
4321 		}
4322 	}
4323 
4324 	ready_cb = cb;
4325 
4326 	/* Give cmd_sem allowing to send first HCI_Reset cmd, the only
4327 	 * exception is if the controller requests to wait for an
4328 	 * initial Command Complete for NOP.
4329 	 */
4330 	if (!IS_ENABLED(CONFIG_BT_WAIT_NOP)) {
4331 		k_sem_init(&bt_dev.ncmd_sem, 1, 1);
4332 	} else {
4333 		k_sem_init(&bt_dev.ncmd_sem, 0, 1);
4334 	}
4335 	k_fifo_init(&bt_dev.cmd_tx_queue);
4336 
4337 #if defined(CONFIG_BT_RECV_WORKQ_BT)
4338 	/* RX thread */
4339 	k_work_queue_init(&bt_workq);
4340 	k_work_queue_start(&bt_workq, rx_thread_stack,
4341 			   CONFIG_BT_RX_STACK_SIZE,
4342 			   K_PRIO_COOP(CONFIG_BT_RX_PRIO), NULL);
4343 	k_thread_name_set(&bt_workq.thread, "BT RX WQ");
4344 #endif
4345 
4346 	err = bt_hci_open(bt_dev.hci, bt_hci_recv);
4347 	if (err) {
4348 		LOG_ERR("HCI driver open failed (%d)", err);
4349 		return err;
4350 	}
4351 
4352 	bt_monitor_send(BT_MONITOR_OPEN_INDEX, NULL, 0);
4353 
4354 	if (!cb) {
4355 		return bt_init();
4356 	}
4357 
4358 	k_work_submit(&bt_dev.init);
4359 	return 0;
4360 }
4361 
bt_disable(void)4362 int bt_disable(void)
4363 {
4364 	int err;
4365 
4366 	if (atomic_test_and_set_bit(bt_dev.flags, BT_DEV_DISABLE)) {
4367 		return -EALREADY;
4368 	}
4369 
4370 	/* Clear BT_DEV_READY before disabling HCI link */
4371 	atomic_clear_bit(bt_dev.flags, BT_DEV_READY);
4372 
4373 #if defined(CONFIG_BT_BROADCASTER)
4374 	bt_adv_reset_adv_pool();
4375 #endif /* CONFIG_BT_BROADCASTER */
4376 
4377 #if defined(CONFIG_BT_PRIVACY)
4378 	k_work_cancel_delayable(&bt_dev.rpa_update);
4379 #endif /* CONFIG_BT_PRIVACY */
4380 
4381 #if defined(CONFIG_BT_PER_ADV_SYNC)
4382 	bt_periodic_sync_disable();
4383 #endif /* CONFIG_BT_PER_ADV_SYNC */
4384 
4385 #if defined(CONFIG_BT_CONN)
4386 	if (IS_ENABLED(CONFIG_BT_SMP)) {
4387 		bt_pub_key_hci_disrupted();
4388 	}
4389 	bt_conn_cleanup_all();
4390 	disconnected_handles_reset();
4391 #endif /* CONFIG_BT_CONN */
4392 
4393 	/* Reset the Controller */
4394 	if (!drv_quirk_no_reset()) {
4395 
4396 		err = bt_hci_cmd_send_sync(BT_HCI_OP_RESET, NULL, NULL);
4397 		if (err) {
4398 			LOG_ERR("Failed to reset BLE controller");
4399 			return err;
4400 		}
4401 
4402 		hci_reset_complete();
4403 	}
4404 
4405 	err = bt_hci_close(bt_dev.hci);
4406 	if (err == -ENOSYS) {
4407 		atomic_clear_bit(bt_dev.flags, BT_DEV_DISABLE);
4408 		atomic_set_bit(bt_dev.flags, BT_DEV_READY);
4409 		return -ENOTSUP;
4410 	}
4411 
4412 	if (err) {
4413 		LOG_ERR("HCI driver close failed (%d)", err);
4414 
4415 		/* Re-enable BT_DEV_READY to avoid inconsistent stack state */
4416 		atomic_set_bit(bt_dev.flags, BT_DEV_READY);
4417 
4418 		return err;
4419 	}
4420 
4421 #if defined(CONFIG_BT_RECV_WORKQ_BT)
4422 	/* Abort RX thread */
4423 	k_thread_abort(&bt_workq.thread);
4424 #endif
4425 
4426 	/* Some functions rely on checking this bitfield */
4427 	memset(bt_dev.supported_commands, 0x00, sizeof(bt_dev.supported_commands));
4428 
4429 	/* Reset IDs and corresponding keys. */
4430 	bt_dev.id_count = 0;
4431 #if defined(CONFIG_BT_SMP)
4432 	bt_dev.le.rl_entries = 0;
4433 	bt_keys_reset();
4434 #endif
4435 
4436 	/* If random address was set up - clear it */
4437 	bt_addr_le_copy(&bt_dev.random_addr, BT_ADDR_LE_ANY);
4438 
4439 	if (IS_ENABLED(CONFIG_BT_ISO)) {
4440 		bt_iso_reset();
4441 	}
4442 
4443 	bt_monitor_send(BT_MONITOR_CLOSE_INDEX, NULL, 0);
4444 
4445 	/* Clear BT_DEV_ENABLE here to prevent early bt_enable() calls, before disable is
4446 	 * completed.
4447 	 */
4448 	atomic_clear_bit(bt_dev.flags, BT_DEV_ENABLE);
4449 
4450 	return 0;
4451 }
4452 
bt_is_ready(void)4453 bool bt_is_ready(void)
4454 {
4455 	return atomic_test_bit(bt_dev.flags, BT_DEV_READY);
4456 }
4457 
4458 #define DEVICE_NAME_LEN (sizeof(CONFIG_BT_DEVICE_NAME) - 1)
4459 #if defined(CONFIG_BT_DEVICE_NAME_DYNAMIC)
4460 BUILD_ASSERT(DEVICE_NAME_LEN < CONFIG_BT_DEVICE_NAME_MAX);
4461 #else
4462 BUILD_ASSERT(DEVICE_NAME_LEN < 248);
4463 #endif
4464 
bt_set_name(const char * name)4465 int bt_set_name(const char *name)
4466 {
4467 #if defined(CONFIG_BT_DEVICE_NAME_DYNAMIC)
4468 	size_t len = strlen(name);
4469 	int err;
4470 
4471 	if (len > CONFIG_BT_DEVICE_NAME_MAX) {
4472 		return -ENOMEM;
4473 	}
4474 
4475 	if (!strcmp(bt_dev.name, name)) {
4476 		return 0;
4477 	}
4478 
4479 	memcpy(bt_dev.name, name, len);
4480 	bt_dev.name[len] = '\0';
4481 
4482 	if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
4483 		err = bt_settings_store_name(bt_dev.name, len);
4484 		if (err) {
4485 			LOG_WRN("Unable to store name");
4486 		}
4487 	}
4488 
4489 	return 0;
4490 #else
4491 	return -ENOMEM;
4492 #endif
4493 }
4494 
bt_get_name(void)4495 const char *bt_get_name(void)
4496 {
4497 #if defined(CONFIG_BT_DEVICE_NAME_DYNAMIC)
4498 	return bt_dev.name;
4499 #else
4500 	return CONFIG_BT_DEVICE_NAME;
4501 #endif
4502 }
4503 
bt_get_appearance(void)4504 uint16_t bt_get_appearance(void)
4505 {
4506 #if defined(CONFIG_BT_DEVICE_APPEARANCE_DYNAMIC)
4507 	return bt_dev.appearance;
4508 #else
4509 	return CONFIG_BT_DEVICE_APPEARANCE;
4510 #endif
4511 }
4512 
4513 #if defined(CONFIG_BT_DEVICE_APPEARANCE_DYNAMIC)
bt_set_appearance(uint16_t appearance)4514 int bt_set_appearance(uint16_t appearance)
4515 {
4516 	if (bt_dev.appearance != appearance) {
4517 		if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
4518 			int err = bt_settings_store_appearance(&appearance, sizeof(appearance));
4519 			if (err) {
4520 				LOG_ERR("Unable to save setting 'bt/appearance' (err %d).", err);
4521 				return err;
4522 			}
4523 		}
4524 
4525 		bt_dev.appearance = appearance;
4526 	}
4527 
4528 	return 0;
4529 }
4530 #endif
4531 
bt_le_get_local_features(struct bt_le_local_features * remote_info)4532 int bt_le_get_local_features(struct bt_le_local_features *remote_info)
4533 {
4534 	if (remote_info == NULL) {
4535 		return -EINVAL;
4536 	}
4537 
4538 	if (!atomic_test_bit(bt_dev.flags, BT_DEV_READY)) {
4539 		return -EAGAIN;
4540 	}
4541 
4542 	memcpy(remote_info->features, bt_dev.le.features, sizeof(remote_info->features));
4543 	remote_info->states = bt_dev.le.states;
4544 	remote_info->acl_mtu = COND_CODE_1(CONFIG_BT_CONN, (bt_dev.le.acl_mtu), (0));
4545 	remote_info->acl_pkts = COND_CODE_1(CONFIG_BT_CONN, (bt_dev.le.acl_pkts.limit), (0));
4546 	remote_info->iso_mtu = COND_CODE_1(CONFIG_BT_ISO, (bt_dev.le.iso_mtu), (0));
4547 	remote_info->iso_pkts = COND_CODE_1(CONFIG_BT_ISO, (bt_dev.le.iso_limit), (0));
4548 	remote_info->rl_size = COND_CODE_1(CONFIG_BT_SMP, (bt_dev.le.rl_size), (0));
4549 	remote_info->max_adv_data_len =
4550 		COND_CODE_1(CONFIG_BT_BROADCASTER, (bt_dev.le.max_adv_data_len), (0));
4551 
4552 	return 0;
4553 }
4554 
bt_le_bond_exists(uint8_t id,const bt_addr_le_t * addr)4555 bool bt_le_bond_exists(uint8_t id, const bt_addr_le_t *addr)
4556 {
4557 	if (IS_ENABLED(CONFIG_BT_SMP)) {
4558 		struct bt_keys *keys = bt_keys_find_addr(id, addr);
4559 
4560 		/* if there are any keys stored then device is bonded */
4561 		return keys && keys->keys;
4562 	} else {
4563 		return false;
4564 	}
4565 }
4566 
4567 #if defined(CONFIG_BT_FILTER_ACCEPT_LIST)
bt_le_filter_accept_list_add(const bt_addr_le_t * addr)4568 int bt_le_filter_accept_list_add(const bt_addr_le_t *addr)
4569 {
4570 	struct bt_hci_cp_le_add_dev_to_fal *cp;
4571 	struct net_buf *buf;
4572 	int err;
4573 
4574 	if (!atomic_test_bit(bt_dev.flags, BT_DEV_READY)) {
4575 		return -EAGAIN;
4576 	}
4577 
4578 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_ADD_DEV_TO_FAL, sizeof(*cp));
4579 	if (!buf) {
4580 		return -ENOBUFS;
4581 	}
4582 
4583 	cp = net_buf_add(buf, sizeof(*cp));
4584 	bt_addr_le_copy(&cp->addr, addr);
4585 
4586 	err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_ADD_DEV_TO_FAL, buf, NULL);
4587 	if (err) {
4588 		LOG_ERR("Failed to add device to filter accept list");
4589 
4590 		return err;
4591 	}
4592 
4593 	return 0;
4594 }
4595 
bt_le_filter_accept_list_remove(const bt_addr_le_t * addr)4596 int bt_le_filter_accept_list_remove(const bt_addr_le_t *addr)
4597 {
4598 	struct bt_hci_cp_le_rem_dev_from_fal *cp;
4599 	struct net_buf *buf;
4600 	int err;
4601 
4602 	if (!atomic_test_bit(bt_dev.flags, BT_DEV_READY)) {
4603 		return -EAGAIN;
4604 	}
4605 
4606 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_REM_DEV_FROM_FAL, sizeof(*cp));
4607 	if (!buf) {
4608 		return -ENOBUFS;
4609 	}
4610 
4611 	cp = net_buf_add(buf, sizeof(*cp));
4612 	bt_addr_le_copy(&cp->addr, addr);
4613 
4614 	err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_REM_DEV_FROM_FAL, buf, NULL);
4615 	if (err) {
4616 		LOG_ERR("Failed to remove device from filter accept list");
4617 		return err;
4618 	}
4619 
4620 	return 0;
4621 }
4622 
bt_le_filter_accept_list_clear(void)4623 int bt_le_filter_accept_list_clear(void)
4624 {
4625 	int err;
4626 
4627 	if (!atomic_test_bit(bt_dev.flags, BT_DEV_READY)) {
4628 		return -EAGAIN;
4629 	}
4630 
4631 	err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_CLEAR_FAL, NULL, NULL);
4632 	if (err) {
4633 		LOG_ERR("Failed to clear filter accept list");
4634 		return err;
4635 	}
4636 
4637 	return 0;
4638 }
4639 #endif /* defined(CONFIG_BT_FILTER_ACCEPT_LIST) */
4640 
bt_le_set_chan_map(uint8_t chan_map[5])4641 int bt_le_set_chan_map(uint8_t chan_map[5])
4642 {
4643 	struct bt_hci_cp_le_set_host_chan_classif *cp;
4644 	struct net_buf *buf;
4645 
4646 	if (!(IS_ENABLED(CONFIG_BT_CENTRAL) || IS_ENABLED(CONFIG_BT_BROADCASTER))) {
4647 		return -ENOTSUP;
4648 	}
4649 
4650 	if (!BT_CMD_TEST(bt_dev.supported_commands, 27, 3)) {
4651 		LOG_WRN("Set Host Channel Classification command is "
4652 			"not supported");
4653 		return -ENOTSUP;
4654 	}
4655 
4656 	buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_HOST_CHAN_CLASSIF,
4657 				sizeof(*cp));
4658 	if (!buf) {
4659 		return -ENOBUFS;
4660 	}
4661 
4662 	cp = net_buf_add(buf, sizeof(*cp));
4663 
4664 	memcpy(&cp->ch_map[0], &chan_map[0], 4);
4665 	cp->ch_map[4] = chan_map[4] & BIT_MASK(5);
4666 
4667 	return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_HOST_CHAN_CLASSIF,
4668 				    buf, NULL);
4669 }
4670 
4671 #if defined(CONFIG_BT_RPA_TIMEOUT_DYNAMIC)
bt_le_set_rpa_timeout(uint16_t new_rpa_timeout)4672 int bt_le_set_rpa_timeout(uint16_t new_rpa_timeout)
4673 {
4674 	if ((new_rpa_timeout == 0) || (new_rpa_timeout > 3600)) {
4675 		return -EINVAL;
4676 	}
4677 
4678 	if (new_rpa_timeout == bt_dev.rpa_timeout) {
4679 		return 0;
4680 	}
4681 
4682 	bt_dev.rpa_timeout = new_rpa_timeout;
4683 	atomic_set_bit(bt_dev.flags, BT_DEV_RPA_TIMEOUT_CHANGED);
4684 
4685 	return 0;
4686 }
4687 #endif
4688 
bt_configure_data_path(uint8_t dir,uint8_t id,uint8_t vs_config_len,const uint8_t * vs_config)4689 int bt_configure_data_path(uint8_t dir, uint8_t id, uint8_t vs_config_len,
4690 			   const uint8_t *vs_config)
4691 {
4692 	struct bt_hci_rp_configure_data_path *rp;
4693 	struct bt_hci_cp_configure_data_path *cp;
4694 	struct net_buf *rsp;
4695 	struct net_buf *buf;
4696 	int err;
4697 
4698 	buf = bt_hci_cmd_create(BT_HCI_OP_CONFIGURE_DATA_PATH, sizeof(*cp) +
4699 				vs_config_len);
4700 	if (!buf) {
4701 		return -ENOBUFS;
4702 	}
4703 
4704 	cp = net_buf_add(buf, sizeof(*cp));
4705 	cp->data_path_dir = dir;
4706 	cp->data_path_id  = id;
4707 	cp->vs_config_len = vs_config_len;
4708 	if (vs_config_len) {
4709 		(void)memcpy(cp->vs_config, vs_config, vs_config_len);
4710 	}
4711 
4712 	err = bt_hci_cmd_send_sync(BT_HCI_OP_CONFIGURE_DATA_PATH, buf, &rsp);
4713 	if (err) {
4714 		return err;
4715 	}
4716 
4717 	rp = (void *)rsp->data;
4718 	if (rp->status) {
4719 		err = -EIO;
4720 	}
4721 	net_buf_unref(rsp);
4722 
4723 	return err;
4724 }
4725 
4726 /* Return `true` if a command was processed/sent */
process_pending_cmd(k_timeout_t timeout)4727 static bool process_pending_cmd(k_timeout_t timeout)
4728 {
4729 	if (!k_fifo_is_empty(&bt_dev.cmd_tx_queue)) {
4730 		if (k_sem_take(&bt_dev.ncmd_sem, timeout) == 0) {
4731 			hci_core_send_cmd();
4732 			return true;
4733 		}
4734 	}
4735 
4736 	return false;
4737 }
4738 
tx_processor(struct k_work * item)4739 static void tx_processor(struct k_work *item)
4740 {
4741 	LOG_DBG("TX process start");
4742 	if (process_pending_cmd(K_NO_WAIT)) {
4743 		/* If we processed a command, let the scheduler run before
4744 		 * processing another command (or data).
4745 		 */
4746 		bt_tx_irq_raise();
4747 		return;
4748 	}
4749 
4750 	/* Hand over control to conn to process pending data */
4751 	if (IS_ENABLED(CONFIG_BT_CONN_TX)) {
4752 		bt_conn_tx_processor();
4753 	}
4754 }
4755 
4756 static K_WORK_DEFINE(tx_work, tx_processor);
4757 
bt_tx_irq_raise(void)4758 void bt_tx_irq_raise(void)
4759 {
4760 	LOG_DBG("kick TX");
4761 	k_work_submit(&tx_work);
4762 }
4763