1 /* hci_core.c - HCI core Bluetooth handling */
2
3 /*
4 * Copyright (c) 2017-2025 Nordic Semiconductor ASA
5 * Copyright (c) 2015-2016 Intel Corporation
6 * Copyright 2025 NXP
7 *
8 * SPDX-License-Identifier: Apache-2.0
9 */
10
11 #include <zephyr/autoconf.h>
12
13 #include <zephyr/bluetooth/hci_types.h>
14 #include <zephyr/kernel.h>
15 #include <string.h>
16 #include <stdio.h>
17 #include <errno.h>
18 #include <zephyr/net_buf.h>
19 #include <zephyr/sys/atomic.h>
20 #include <zephyr/sys/check.h>
21 #include <zephyr/sys/util_macro.h>
22 #include <zephyr/sys/util.h>
23 #include <zephyr/sys/slist.h>
24 #include <zephyr/sys/byteorder.h>
25 #include <zephyr/debug/stack.h>
26 #include <zephyr/sys/__assert.h>
27 #include <soc.h>
28
29 #include <zephyr/settings/settings.h>
30
31 #include <zephyr/bluetooth/bluetooth.h>
32 #include <zephyr/bluetooth/conn.h>
33 #include <zephyr/bluetooth/l2cap.h>
34 #include <zephyr/bluetooth/hci.h>
35 #include <zephyr/bluetooth/hci_vs.h>
36 #include <zephyr/bluetooth/testing.h>
37 #include <zephyr/drivers/bluetooth.h>
38
39 #include "common/hci_common_internal.h"
40 #include "common/bt_str.h"
41 #include "common/rpa.h"
42 #include "common/assert.h"
43
44 #include "keys.h"
45 #include "monitor.h"
46 #include "hci_core.h"
47 #include "ecc.h"
48 #include "id.h"
49 #include "adv.h"
50 #include "scan.h"
51
52 #include "addr_internal.h"
53 #include "conn_internal.h"
54 #include "iso_internal.h"
55 #include "l2cap_internal.h"
56 #include "gatt_internal.h"
57 #include "smp.h"
58 #include "crypto.h"
59 #include "settings.h"
60
61 #if defined(CONFIG_BT_CLASSIC)
62 #include "classic/br.h"
63 #endif
64
65 #if defined(CONFIG_BT_DF)
66 #include "direction_internal.h"
67 #endif /* CONFIG_BT_DF */
68
69 #define LOG_LEVEL CONFIG_BT_HCI_CORE_LOG_LEVEL
70 #include <zephyr/logging/log.h>
71 LOG_MODULE_REGISTER(bt_hci_core);
72
73 #if DT_HAS_CHOSEN(zephyr_bt_hci)
74 #define BT_HCI_NODE DT_CHOSEN(zephyr_bt_hci)
75 #define BT_HCI_DEV DEVICE_DT_GET(BT_HCI_NODE)
76 #define BT_HCI_BUS BT_DT_HCI_BUS_GET(BT_HCI_NODE)
77 #define BT_HCI_NAME BT_DT_HCI_NAME_GET(BT_HCI_NODE)
78 #define BT_HCI_QUIRKS BT_DT_HCI_QUIRKS_GET(BT_HCI_NODE)
79 #else
80 /* The zephyr,bt-hci chosen property is mandatory, except for unit tests */
81 BUILD_ASSERT(IS_ENABLED(CONFIG_ZTEST), "Missing DT chosen property for HCI");
82 #define BT_HCI_DEV NULL
83 #define BT_HCI_BUS 0
84 #define BT_HCI_NAME ""
85 #define BT_HCI_QUIRKS 0
86 #endif
87
88 void bt_tx_irq_raise(void);
89
90 #define HCI_CMD_TIMEOUT K_SECONDS(10)
91
92 /* Stacks for the threads */
93 static void rx_work_handler(struct k_work *work);
94 static K_WORK_DEFINE(rx_work, rx_work_handler);
95 #if defined(CONFIG_BT_RECV_WORKQ_BT)
96 static struct k_work_q bt_workq;
97 static K_KERNEL_STACK_DEFINE(rx_thread_stack, CONFIG_BT_RX_STACK_SIZE);
98 #endif /* CONFIG_BT_RECV_WORKQ_BT */
99
100 static void init_work(struct k_work *work);
101
102 struct bt_dev bt_dev = {
103 .init = Z_WORK_INITIALIZER(init_work),
104 #if defined(CONFIG_BT_PRIVACY)
105 .rpa_timeout = CONFIG_BT_RPA_TIMEOUT,
106 #endif
107 #if defined(CONFIG_BT_DEVICE_APPEARANCE_DYNAMIC)
108 .appearance = CONFIG_BT_DEVICE_APPEARANCE,
109 #endif
110 .hci = BT_HCI_DEV,
111 };
112
113 static bt_ready_cb_t ready_cb;
114
115 #if defined(CONFIG_BT_HCI_VS_EVT_USER)
116 static bt_hci_vnd_evt_cb_t *hci_vnd_evt_cb;
117 #endif /* CONFIG_BT_HCI_VS_EVT_USER */
118
119 struct cmd_data {
120 /** HCI status of the command completion */
121 uint8_t status;
122
123 /** The command OpCode that the buffer contains */
124 uint16_t opcode;
125
126 /** The state to update when command completes with success. */
127 struct bt_hci_cmd_state_set *state;
128
129 /** Used by bt_hci_cmd_send_sync. */
130 struct k_sem *sync;
131 };
132
133 static struct cmd_data cmd_data[BT_BUF_CMD_TX_COUNT];
134
135 #define cmd(buf) (&cmd_data[net_buf_id(buf)])
136 #define acl(buf) ((struct acl_data *)net_buf_user_data(buf))
137
drv_quirk_no_reset(void)138 static bool drv_quirk_no_reset(void)
139 {
140 return ((BT_HCI_QUIRKS & BT_HCI_QUIRK_NO_RESET) != 0);
141 }
142
bt_drv_quirk_no_auto_dle(void)143 bool bt_drv_quirk_no_auto_dle(void)
144 {
145 return ((BT_HCI_QUIRKS & BT_HCI_QUIRK_NO_AUTO_DLE) != 0);
146 }
147
bt_hci_cmd_state_set_init(struct net_buf * buf,struct bt_hci_cmd_state_set * state,atomic_t * target,int bit,bool val)148 void bt_hci_cmd_state_set_init(struct net_buf *buf,
149 struct bt_hci_cmd_state_set *state,
150 atomic_t *target, int bit, bool val)
151 {
152 state->target = target;
153 state->bit = bit;
154 state->val = val;
155 cmd(buf)->state = state;
156 }
157
158 /* HCI command buffers. Derive the needed size from both Command and Event
159 * buffer length since the buffer is also used for the response event i.e
160 * command complete or command status.
161 */
162 #define CMD_BUF_SIZE MAX(BT_BUF_EVT_RX_SIZE, BT_BUF_CMD_TX_SIZE)
163 NET_BUF_POOL_FIXED_DEFINE(hci_cmd_pool, BT_BUF_CMD_TX_COUNT,
164 CMD_BUF_SIZE, sizeof(struct bt_buf_data), NULL);
165
166 struct event_handler {
167 uint8_t event;
168 uint8_t min_len;
169 void (*handler)(struct net_buf *buf);
170 };
171
172 #define EVENT_HANDLER(_evt, _handler, _min_len) \
173 { \
174 .event = _evt, \
175 .handler = _handler, \
176 .min_len = _min_len, \
177 }
178
handle_event_common(uint8_t event,struct net_buf * buf,const struct event_handler * handlers,size_t num_handlers)179 static int handle_event_common(uint8_t event, struct net_buf *buf,
180 const struct event_handler *handlers, size_t num_handlers)
181 {
182 size_t i;
183
184 for (i = 0; i < num_handlers; i++) {
185 const struct event_handler *handler = &handlers[i];
186
187 if (handler->event != event) {
188 continue;
189 }
190
191 if (buf->len < handler->min_len) {
192 LOG_ERR("Too small (%u bytes) event 0x%02x", buf->len, event);
193 return -EINVAL;
194 }
195
196 handler->handler(buf);
197 return 0;
198 }
199
200 return -EOPNOTSUPP;
201 }
202
handle_event(uint8_t event,struct net_buf * buf,const struct event_handler * handlers,size_t num_handlers)203 static void handle_event(uint8_t event, struct net_buf *buf, const struct event_handler *handlers,
204 size_t num_handlers)
205 {
206 int err;
207
208 err = handle_event_common(event, buf, handlers, num_handlers);
209 if (err == -EOPNOTSUPP) {
210 LOG_WRN("Unhandled event 0x%02x len %u: %s", event, buf->len,
211 bt_hex(buf->data, buf->len));
212 }
213
214 /* Other possible errors are handled by handle_event_common function */
215 }
216
handle_vs_event(uint8_t event,struct net_buf * buf,const struct event_handler * handlers,size_t num_handlers)217 static void handle_vs_event(uint8_t event, struct net_buf *buf,
218 const struct event_handler *handlers, size_t num_handlers)
219 {
220 int err;
221
222 err = handle_event_common(event, buf, handlers, num_handlers);
223 if (err == -EOPNOTSUPP) {
224 LOG_WRN("Unhandled vendor-specific event 0x%02x len %u: %s", event, buf->len,
225 bt_hex(buf->data, buf->len));
226 }
227
228 /* Other possible errors are handled by handle_event_common function */
229 }
230
bt_acl_set_ncp_sent(struct net_buf * packet,bool value)231 void bt_acl_set_ncp_sent(struct net_buf *packet, bool value)
232 {
233 acl(packet)->host_ncp_sent = value;
234 }
235
bt_send_one_host_num_completed_packets(uint16_t handle)236 void bt_send_one_host_num_completed_packets(uint16_t handle)
237 {
238 if (!IS_ENABLED(CONFIG_BT_HCI_ACL_FLOW_CONTROL)) {
239 ARG_UNUSED(handle);
240 return;
241 }
242
243 struct bt_hci_cp_host_num_completed_packets *cp;
244 struct bt_hci_handle_count *hc;
245 struct net_buf *buf;
246 int err;
247
248 LOG_DBG("Reporting completed packet for handle %u", handle);
249
250 buf = bt_hci_cmd_create(BT_HCI_OP_HOST_NUM_COMPLETED_PACKETS,
251 sizeof(*cp) + sizeof(*hc));
252 BT_ASSERT_MSG(buf, "Unable to alloc for Host NCP");
253
254 cp = net_buf_add(buf, sizeof(*cp));
255 cp->num_handles = 1;
256
257 hc = net_buf_add(buf, sizeof(*hc));
258 hc->handle = sys_cpu_to_le16(handle);
259 hc->count = sys_cpu_to_le16(1);
260
261 err = bt_hci_cmd_send(BT_HCI_OP_HOST_NUM_COMPLETED_PACKETS, buf);
262 BT_ASSERT_MSG(err == 0, "Unable to send Host NCP (err %d)", err);
263 }
264
265 #if defined(CONFIG_BT_TESTING)
bt_testing_trace_event_acl_pool_destroy(struct net_buf * buf)266 __weak void bt_testing_trace_event_acl_pool_destroy(struct net_buf *buf)
267 {
268 }
269 #endif
270
271 #if defined(CONFIG_BT_HCI_ACL_FLOW_CONTROL)
bt_hci_host_num_completed_packets(struct net_buf * buf)272 void bt_hci_host_num_completed_packets(struct net_buf *buf)
273 {
274 uint16_t handle = acl(buf)->handle;
275 struct bt_conn *conn;
276 uint8_t index = acl(buf)->index;
277
278 if (IS_ENABLED(CONFIG_BT_TESTING)) {
279 bt_testing_trace_event_acl_pool_destroy(buf);
280 }
281
282 net_buf_destroy(buf);
283
284 if (acl(buf)->host_ncp_sent) {
285 return;
286 }
287
288 /* Do nothing if controller to host flow control is not supported */
289 if (!BT_CMD_TEST(bt_dev.supported_commands, 10, 5)) {
290 return;
291 }
292
293 conn = bt_conn_lookup_index(index);
294 if (!conn) {
295 LOG_WRN("Unable to look up conn with index 0x%02x", index);
296 return;
297 }
298
299 if (conn->state != BT_CONN_CONNECTED &&
300 conn->state != BT_CONN_DISCONNECTING) {
301 LOG_WRN("Not reporting packet for non-connected conn");
302 bt_conn_unref(conn);
303 return;
304 }
305
306 bt_conn_unref(conn);
307
308 bt_send_one_host_num_completed_packets(handle);
309 }
310 #endif /* defined(CONFIG_BT_HCI_ACL_FLOW_CONTROL) */
311
bt_hci_cmd_create(uint16_t opcode,uint8_t param_len)312 struct net_buf *bt_hci_cmd_create(uint16_t opcode, uint8_t param_len)
313 {
314 struct bt_hci_cmd_hdr *hdr;
315 struct net_buf *buf;
316
317 LOG_DBG("opcode 0x%04x param_len %u", opcode, param_len);
318
319 /* net_buf_alloc(K_FOREVER) can fail when run from the syswq */
320 buf = net_buf_alloc(&hci_cmd_pool, K_FOREVER);
321 if (!buf) {
322 LOG_DBG("Unable to allocate a command buffer");
323 return NULL;
324 }
325
326 LOG_DBG("buf %p", buf);
327
328 net_buf_reserve(buf, BT_BUF_RESERVE);
329
330 bt_buf_set_type(buf, BT_BUF_CMD);
331
332 cmd(buf)->opcode = opcode;
333 cmd(buf)->sync = NULL;
334 cmd(buf)->state = NULL;
335
336 hdr = net_buf_add(buf, sizeof(*hdr));
337 hdr->opcode = sys_cpu_to_le16(opcode);
338 hdr->param_len = param_len;
339
340 return buf;
341 }
342
bt_hci_cmd_send(uint16_t opcode,struct net_buf * buf)343 int bt_hci_cmd_send(uint16_t opcode, struct net_buf *buf)
344 {
345 if (!buf) {
346 buf = bt_hci_cmd_create(opcode, 0);
347 if (!buf) {
348 return -ENOBUFS;
349 }
350 }
351
352 LOG_DBG("opcode 0x%04x len %u", opcode, buf->len);
353
354 /* Host Number of Completed Packets can ignore the ncmd value
355 * and does not generate any cmd complete/status events.
356 */
357 if (opcode == BT_HCI_OP_HOST_NUM_COMPLETED_PACKETS) {
358 int err;
359
360 err = bt_send(buf);
361 if (err) {
362 LOG_ERR("Unable to send to driver (err %d)", err);
363 net_buf_unref(buf);
364 }
365
366 return err;
367 }
368
369 k_fifo_put(&bt_dev.cmd_tx_queue, buf);
370 bt_tx_irq_raise();
371
372 return 0;
373 }
374
375 static bool process_pending_cmd(k_timeout_t timeout);
bt_hci_cmd_send_sync(uint16_t opcode,struct net_buf * buf,struct net_buf ** rsp)376 int bt_hci_cmd_send_sync(uint16_t opcode, struct net_buf *buf,
377 struct net_buf **rsp)
378 {
379 struct k_sem sync_sem;
380 uint8_t status;
381 int err;
382
383 if (!buf) {
384 buf = bt_hci_cmd_create(opcode, 0);
385 if (!buf) {
386 return -ENOBUFS;
387 }
388 } else {
389 /* `cmd(buf)` depends on this */
390 if (net_buf_pool_get(buf->pool_id) != &hci_cmd_pool) {
391 __ASSERT_NO_MSG(false);
392 return -EINVAL;
393 }
394 }
395
396 LOG_DBG("buf %p opcode 0x%04x len %u", buf, opcode, buf->len);
397
398 /* This local sem is just for suspending the current thread until the
399 * command is processed by the LL. It is given (and we are awaken) by
400 * the cmd_complete/status handlers.
401 */
402 k_sem_init(&sync_sem, 0, 1);
403 cmd(buf)->sync = &sync_sem;
404
405 k_fifo_put(&bt_dev.cmd_tx_queue, net_buf_ref(buf));
406 bt_tx_irq_raise();
407
408 /* TODO: disallow sending sync commands from syswq altogether */
409
410 /* Since the commands are now processed in the syswq, we cannot suspend
411 * and wait. We have to send the command from the current context.
412 */
413 if (k_current_get() == &k_sys_work_q.thread) {
414 /* drain the command queue until we get to send the command of interest. */
415 struct net_buf *cmd = NULL;
416
417 do {
418 cmd = k_fifo_peek_head(&bt_dev.cmd_tx_queue);
419 LOG_DBG("process cmd %p want %p", cmd, buf);
420
421 /* Wait for a response from the Bluetooth Controller.
422 * The Controller may fail to respond if:
423 * - It was never programmed or connected.
424 * - There was a fatal error.
425 *
426 * See the `BT_HCI_OP_` macros in hci_types.h or
427 * Core_v5.4, Vol 4, Part E, Section 5.4.1 and Section 7
428 * to map the opcode to the HCI command documentation.
429 * Example: 0x0c03 represents HCI_Reset command.
430 */
431 __maybe_unused bool success = process_pending_cmd(HCI_CMD_TIMEOUT);
432
433 BT_ASSERT_MSG(success, "command opcode 0x%04x timeout", opcode);
434 } while (buf != cmd);
435 }
436
437 /* Now that we have sent the command, suspend until the LL replies */
438 err = k_sem_take(&sync_sem, HCI_CMD_TIMEOUT);
439 BT_ASSERT_MSG(err == 0,
440 "Controller unresponsive, command opcode 0x%04x timeout with err %d",
441 opcode, err);
442
443 status = cmd(buf)->status;
444 if (status) {
445 LOG_WRN("opcode 0x%04x status 0x%02x %s", opcode,
446 status, bt_hci_err_to_str(status));
447 net_buf_unref(buf);
448
449 switch (status) {
450 case BT_HCI_ERR_CONN_LIMIT_EXCEEDED:
451 return -ECONNREFUSED;
452 case BT_HCI_ERR_INSUFFICIENT_RESOURCES:
453 return -ENOMEM;
454 case BT_HCI_ERR_INVALID_PARAM:
455 return -EINVAL;
456 case BT_HCI_ERR_CMD_DISALLOWED:
457 return -EACCES;
458 default:
459 return -EIO;
460 }
461 }
462
463 LOG_DBG("rsp %p opcode 0x%04x len %u", buf, opcode, buf->len);
464
465 if (rsp) {
466 *rsp = buf;
467 } else {
468 net_buf_unref(buf);
469 }
470
471 return 0;
472 }
473
bt_hci_le_rand(void * buffer,size_t len)474 int bt_hci_le_rand(void *buffer, size_t len)
475 {
476 struct bt_hci_rp_le_rand *rp;
477 struct net_buf *rsp;
478 size_t count;
479 int err;
480
481 /* Check first that HCI_LE_Rand is supported */
482 if (!BT_CMD_TEST(bt_dev.supported_commands, 27, 7)) {
483 return -ENOTSUP;
484 }
485
486 while (len > 0) {
487 /* Number of bytes to fill on this iteration */
488 count = MIN(len, sizeof(rp->rand));
489 /* Request the next 8 bytes over HCI */
490 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_RAND, NULL, &rsp);
491 if (err) {
492 return err;
493 }
494 /* Copy random data into buffer */
495 rp = (void *)rsp->data;
496 memcpy(buffer, rp->rand, count);
497
498 net_buf_unref(rsp);
499 buffer = (uint8_t *)buffer + count;
500 len -= count;
501 }
502
503 return 0;
504 }
505
bt_hci_le_read_max_data_len(uint16_t * tx_octets,uint16_t * tx_time)506 int bt_hci_le_read_max_data_len(uint16_t *tx_octets, uint16_t *tx_time)
507 {
508 struct bt_hci_rp_le_read_max_data_len *rp;
509 struct net_buf *rsp;
510 int err;
511
512 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_MAX_DATA_LEN, NULL, &rsp);
513 if (err) {
514 LOG_ERR("Failed to read DLE max data len");
515 return err;
516 }
517
518 rp = (void *)rsp->data;
519 *tx_octets = sys_le16_to_cpu(rp->max_tx_octets);
520 *tx_time = sys_le16_to_cpu(rp->max_tx_time);
521 net_buf_unref(rsp);
522
523 if (!IN_RANGE(*tx_octets, BT_HCI_LE_MAX_TX_OCTETS_MIN, BT_HCI_LE_MAX_TX_OCTETS_MAX)) {
524 LOG_WRN("tx_octets exceeds the valid range %u", *tx_octets);
525 }
526 if (!IN_RANGE(*tx_time, BT_HCI_LE_MAX_TX_TIME_MIN, BT_HCI_LE_MAX_TX_TIME_MAX)) {
527 LOG_WRN("tx_time exceeds the valid range %u", *tx_time);
528 }
529
530 return 0;
531 }
532
bt_get_phy(uint8_t hci_phy)533 uint8_t bt_get_phy(uint8_t hci_phy)
534 {
535 switch (hci_phy) {
536 case BT_HCI_LE_PHY_1M:
537 return BT_GAP_LE_PHY_1M;
538 case BT_HCI_LE_PHY_2M:
539 return BT_GAP_LE_PHY_2M;
540 case BT_HCI_LE_PHY_CODED:
541 return BT_GAP_LE_PHY_CODED;
542 default:
543 return 0;
544 }
545 }
546
bt_get_df_cte_type(uint8_t hci_cte_type)547 int bt_get_df_cte_type(uint8_t hci_cte_type)
548 {
549 switch (hci_cte_type) {
550 case BT_HCI_LE_AOA_CTE:
551 return BT_DF_CTE_TYPE_AOA;
552 case BT_HCI_LE_AOD_CTE_1US:
553 return BT_DF_CTE_TYPE_AOD_1US;
554 case BT_HCI_LE_AOD_CTE_2US:
555 return BT_DF_CTE_TYPE_AOD_2US;
556 case BT_HCI_LE_NO_CTE:
557 return BT_DF_CTE_TYPE_NONE;
558 default:
559 return BT_DF_CTE_TYPE_NONE;
560 }
561 }
562
563 #if defined(CONFIG_BT_CONN_TX)
hci_num_completed_packets(struct net_buf * buf)564 static void hci_num_completed_packets(struct net_buf *buf)
565 {
566 struct bt_hci_evt_num_completed_packets *evt = (void *)buf->data;
567 int i;
568
569 if (sizeof(*evt) + sizeof(evt->h[0]) * evt->num_handles > buf->len) {
570 LOG_ERR("evt num_handles (=%u) too large (%zu > %u)",
571 evt->num_handles,
572 sizeof(*evt) + sizeof(evt->h[0]) * evt->num_handles,
573 buf->len);
574 return;
575 }
576
577 LOG_DBG("num_handles %u", evt->num_handles);
578
579 for (i = 0; i < evt->num_handles; i++) {
580 uint16_t handle, count;
581 struct bt_conn *conn;
582
583 handle = sys_le16_to_cpu(evt->h[i].handle);
584 count = sys_le16_to_cpu(evt->h[i].count);
585
586 LOG_DBG("handle %u count %u", handle, count);
587
588 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
589 if (!conn) {
590 LOG_ERR("No connection for handle %u", handle);
591 continue;
592 }
593
594 while (count--) {
595 sys_snode_t *node;
596
597 k_sem_give(bt_conn_get_pkts(conn));
598
599 /* move the next TX context from the `pending` list to
600 * the `complete` list.
601 */
602 node = sys_slist_get(&conn->tx_pending);
603
604 if (!node) {
605 LOG_ERR("packets count mismatch");
606 __ASSERT_NO_MSG(0);
607 break;
608 }
609
610 sys_slist_append(&conn->tx_complete, node);
611
612 /* align the `pending` value */
613 __ASSERT_NO_MSG(atomic_get(&conn->in_ll));
614 atomic_dec(&conn->in_ll);
615
616 /* TX context free + callback happens in there */
617 bt_conn_tx_notify(conn, false);
618 }
619
620 bt_conn_unref(conn);
621 }
622 }
623 #endif /* CONFIG_BT_CONN_TX */
624
625 #if defined(CONFIG_BT_CONN)
hci_acl(struct net_buf * buf)626 static void hci_acl(struct net_buf *buf)
627 {
628 struct bt_hci_acl_hdr *hdr;
629 uint16_t handle, len;
630 struct bt_conn *conn;
631 uint8_t flags;
632
633 LOG_DBG("buf %p", buf);
634 if (buf->len < sizeof(*hdr)) {
635 LOG_ERR("Invalid HCI ACL packet size (%u)", buf->len);
636 net_buf_unref(buf);
637 return;
638 }
639
640 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
641 len = sys_le16_to_cpu(hdr->len);
642 handle = sys_le16_to_cpu(hdr->handle);
643 flags = bt_acl_flags(handle);
644
645 acl(buf)->handle = bt_acl_handle(handle);
646 acl(buf)->index = BT_CONN_INDEX_INVALID;
647
648 LOG_DBG("handle %u len %u flags %u", acl(buf)->handle, len, flags);
649
650 if (buf->len != len) {
651 LOG_ERR("ACL data length mismatch (%u != %u)", buf->len, len);
652 net_buf_unref(buf);
653 return;
654 }
655
656 conn = bt_conn_lookup_handle(acl(buf)->handle, BT_CONN_TYPE_ALL);
657 if (!conn) {
658 LOG_ERR("Unable to find conn for handle %u", acl(buf)->handle);
659 net_buf_unref(buf);
660 return;
661 }
662
663 acl(buf)->index = bt_conn_index(conn);
664
665 bt_conn_recv(conn, buf, flags);
666 bt_conn_unref(conn);
667 }
668
hci_data_buf_overflow(struct net_buf * buf)669 static void hci_data_buf_overflow(struct net_buf *buf)
670 {
671 struct bt_hci_evt_data_buf_overflow *evt = (void *)buf->data;
672
673 LOG_WRN("Data buffer overflow (link type 0x%02x)", evt->link_type);
674 }
675
676 #if defined(CONFIG_BT_CENTRAL)
set_phy_conn_param(const struct bt_conn * conn,struct bt_hci_ext_conn_phy * phy)677 static void set_phy_conn_param(const struct bt_conn *conn,
678 struct bt_hci_ext_conn_phy *phy)
679 {
680 phy->conn_interval_min = sys_cpu_to_le16(conn->le.interval_min);
681 phy->conn_interval_max = sys_cpu_to_le16(conn->le.interval_max);
682 phy->conn_latency = sys_cpu_to_le16(conn->le.latency);
683 phy->supervision_timeout = sys_cpu_to_le16(conn->le.timeout);
684
685 phy->min_ce_len = 0;
686 phy->max_ce_len = 0;
687 }
688
bt_le_create_conn_ext(const struct bt_conn * conn)689 int bt_le_create_conn_ext(const struct bt_conn *conn)
690 {
691 struct bt_hci_cp_le_ext_create_conn *cp;
692 struct bt_hci_ext_conn_phy *phy;
693 struct bt_hci_cmd_state_set state;
694 bool use_filter = false;
695 struct net_buf *buf;
696 uint8_t own_addr_type;
697 uint8_t num_phys;
698 int err;
699
700 if (IS_ENABLED(CONFIG_BT_FILTER_ACCEPT_LIST)) {
701 use_filter = atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT);
702 }
703
704 err = bt_id_set_create_conn_own_addr(use_filter, &own_addr_type);
705 if (err) {
706 return err;
707 }
708
709 num_phys = (!(bt_dev.create_param.options &
710 BT_CONN_LE_OPT_NO_1M) ? 1 : 0) +
711 ((bt_dev.create_param.options &
712 BT_CONN_LE_OPT_CODED) ? 1 : 0);
713
714 buf = bt_hci_cmd_create(BT_HCI_OP_LE_EXT_CREATE_CONN, sizeof(*cp) +
715 num_phys * sizeof(*phy));
716 if (!buf) {
717 return -ENOBUFS;
718 }
719
720 cp = net_buf_add(buf, sizeof(*cp));
721 (void)memset(cp, 0, sizeof(*cp));
722
723 if (use_filter) {
724 /* User Initiated procedure use fast scan parameters. */
725 bt_addr_le_copy(&cp->peer_addr, BT_ADDR_LE_ANY);
726 cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_FILTER;
727 } else {
728 const bt_addr_le_t *peer_addr = &conn->le.dst;
729
730 #if defined(CONFIG_BT_SMP)
731 if (bt_dev.le.rl_entries > bt_dev.le.rl_size) {
732 /* Host resolving is used, use the RPA directly. */
733 peer_addr = &conn->le.resp_addr;
734 }
735 #endif
736 bt_addr_le_copy(&cp->peer_addr, peer_addr);
737 cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_NO_FILTER;
738 }
739
740 cp->own_addr_type = own_addr_type;
741 cp->phys = 0;
742
743 if (!(bt_dev.create_param.options & BT_CONN_LE_OPT_NO_1M)) {
744 cp->phys |= BT_HCI_LE_EXT_SCAN_PHY_1M;
745 phy = net_buf_add(buf, sizeof(*phy));
746 phy->scan_interval = sys_cpu_to_le16(
747 bt_dev.create_param.interval);
748 phy->scan_window = sys_cpu_to_le16(
749 bt_dev.create_param.window);
750 set_phy_conn_param(conn, phy);
751 }
752
753 if (bt_dev.create_param.options & BT_CONN_LE_OPT_CODED) {
754 cp->phys |= BT_HCI_LE_EXT_SCAN_PHY_CODED;
755 phy = net_buf_add(buf, sizeof(*phy));
756 phy->scan_interval = sys_cpu_to_le16(
757 bt_dev.create_param.interval_coded);
758 phy->scan_window = sys_cpu_to_le16(
759 bt_dev.create_param.window_coded);
760 set_phy_conn_param(conn, phy);
761 }
762
763 bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags,
764 BT_DEV_INITIATING, true);
765
766 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_EXT_CREATE_CONN, buf, NULL);
767 }
768
bt_le_create_conn_synced(const struct bt_conn * conn,const struct bt_le_ext_adv * adv,uint8_t subevent)769 int bt_le_create_conn_synced(const struct bt_conn *conn, const struct bt_le_ext_adv *adv,
770 uint8_t subevent)
771 {
772 struct bt_hci_cp_le_ext_create_conn_v2 *cp;
773 struct bt_hci_ext_conn_phy *phy;
774 struct bt_hci_cmd_state_set state;
775 struct net_buf *buf;
776 uint8_t own_addr_type;
777 int err;
778
779 err = bt_id_set_create_conn_own_addr(false, &own_addr_type);
780 if (err) {
781 return err;
782 }
783
784 /* There shall only be one Initiating_PHYs */
785 buf = bt_hci_cmd_create(BT_HCI_OP_LE_EXT_CREATE_CONN_V2, sizeof(*cp) + sizeof(*phy));
786 if (!buf) {
787 return -ENOBUFS;
788 }
789
790 cp = net_buf_add(buf, sizeof(*cp));
791 (void)memset(cp, 0, sizeof(*cp));
792
793 cp->subevent = subevent;
794 cp->adv_handle = adv->handle;
795 bt_addr_le_copy(&cp->peer_addr, &conn->le.dst);
796 cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_NO_FILTER;
797 cp->own_addr_type = own_addr_type;
798
799 /* The Initiating_PHY is the secondary phy of the corresponding ext adv set */
800 if (adv->options & BT_LE_ADV_OPT_CODED) {
801 cp->phys = BT_HCI_LE_EXT_SCAN_PHY_CODED;
802 } else if (adv->options & BT_LE_ADV_OPT_NO_2M) {
803 cp->phys = BT_HCI_LE_EXT_SCAN_PHY_1M;
804 } else {
805 cp->phys = BT_HCI_LE_EXT_SCAN_PHY_2M;
806 }
807
808 phy = net_buf_add(buf, sizeof(*phy));
809 (void)memset(phy, 0, sizeof(*phy));
810 set_phy_conn_param(conn, phy);
811
812 bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags, BT_DEV_INITIATING, true);
813
814 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_EXT_CREATE_CONN_V2, buf, NULL);
815 }
816
bt_le_create_conn_legacy(const struct bt_conn * conn)817 static int bt_le_create_conn_legacy(const struct bt_conn *conn)
818 {
819 struct bt_hci_cp_le_create_conn *cp;
820 struct bt_hci_cmd_state_set state;
821 bool use_filter = false;
822 struct net_buf *buf;
823 uint8_t own_addr_type;
824 int err;
825
826 if (IS_ENABLED(CONFIG_BT_FILTER_ACCEPT_LIST)) {
827 use_filter = atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT);
828 }
829
830 err = bt_id_set_create_conn_own_addr(use_filter, &own_addr_type);
831 if (err) {
832 return err;
833 }
834
835 buf = bt_hci_cmd_create(BT_HCI_OP_LE_CREATE_CONN, sizeof(*cp));
836 if (!buf) {
837 return -ENOBUFS;
838 }
839
840 cp = net_buf_add(buf, sizeof(*cp));
841 memset(cp, 0, sizeof(*cp));
842 cp->own_addr_type = own_addr_type;
843
844 if (use_filter) {
845 /* User Initiated procedure use fast scan parameters. */
846 bt_addr_le_copy(&cp->peer_addr, BT_ADDR_LE_ANY);
847 cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_FILTER;
848 } else {
849 const bt_addr_le_t *peer_addr = &conn->le.dst;
850
851 #if defined(CONFIG_BT_SMP)
852 if (bt_dev.le.rl_entries > bt_dev.le.rl_size) {
853 /* Host resolving is used, use the RPA directly. */
854 peer_addr = &conn->le.resp_addr;
855 }
856 #endif
857 bt_addr_le_copy(&cp->peer_addr, peer_addr);
858 cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_NO_FILTER;
859 }
860
861 cp->scan_interval = sys_cpu_to_le16(bt_dev.create_param.interval);
862 cp->scan_window = sys_cpu_to_le16(bt_dev.create_param.window);
863
864 cp->conn_interval_min = sys_cpu_to_le16(conn->le.interval_min);
865 cp->conn_interval_max = sys_cpu_to_le16(conn->le.interval_max);
866 cp->conn_latency = sys_cpu_to_le16(conn->le.latency);
867 cp->supervision_timeout = sys_cpu_to_le16(conn->le.timeout);
868
869 bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags,
870 BT_DEV_INITIATING, true);
871
872 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_CREATE_CONN, buf, NULL);
873 }
874
bt_le_create_conn(const struct bt_conn * conn)875 int bt_le_create_conn(const struct bt_conn *conn)
876 {
877 if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
878 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
879 return bt_le_create_conn_ext(conn);
880 }
881
882 return bt_le_create_conn_legacy(conn);
883 }
884
bt_le_create_conn_cancel(void)885 int bt_le_create_conn_cancel(void)
886 {
887 struct net_buf *buf;
888 struct bt_hci_cmd_state_set state;
889
890 buf = bt_hci_cmd_create(BT_HCI_OP_LE_CREATE_CONN_CANCEL, 0);
891 if (!buf) {
892 return -ENOBUFS;
893 }
894
895 bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags,
896 BT_DEV_INITIATING, false);
897
898 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_CREATE_CONN_CANCEL, buf, NULL);
899 }
900 #endif /* CONFIG_BT_CENTRAL */
901
bt_hci_disconnect(uint16_t handle,uint8_t reason)902 int bt_hci_disconnect(uint16_t handle, uint8_t reason)
903 {
904 struct net_buf *buf;
905 struct bt_hci_cp_disconnect *disconn;
906
907 buf = bt_hci_cmd_create(BT_HCI_OP_DISCONNECT, sizeof(*disconn));
908 if (!buf) {
909 return -ENOBUFS;
910 }
911
912 disconn = net_buf_add(buf, sizeof(*disconn));
913 disconn->handle = sys_cpu_to_le16(handle);
914 disconn->reason = reason;
915
916 return bt_hci_cmd_send_sync(BT_HCI_OP_DISCONNECT, buf, NULL);
917 }
918
919 static uint16_t disconnected_handles[CONFIG_BT_MAX_CONN];
920 static uint8_t disconnected_handles_reason[CONFIG_BT_MAX_CONN];
921
disconnected_handles_reset(void)922 static void disconnected_handles_reset(void)
923 {
924 (void)memset(disconnected_handles, 0, sizeof(disconnected_handles));
925 }
926
conn_handle_disconnected(uint16_t handle,uint8_t disconnect_reason)927 static void conn_handle_disconnected(uint16_t handle, uint8_t disconnect_reason)
928 {
929 for (int i = 0; i < ARRAY_SIZE(disconnected_handles); i++) {
930 if (!disconnected_handles[i]) {
931 /* Use invalid connection handle bits so that connection
932 * handle 0 can be used as a valid non-zero handle.
933 */
934 disconnected_handles[i] = ~BT_ACL_HANDLE_MASK | handle;
935 disconnected_handles_reason[i] = disconnect_reason;
936
937 return;
938 }
939 }
940 }
941
942 /** @returns the disconnect reason. */
conn_handle_is_disconnected(uint16_t handle)943 static uint8_t conn_handle_is_disconnected(uint16_t handle)
944 {
945 handle |= ~BT_ACL_HANDLE_MASK;
946
947 for (int i = 0; i < ARRAY_SIZE(disconnected_handles); i++) {
948 if (disconnected_handles[i] == handle) {
949 disconnected_handles[i] = 0;
950 return disconnected_handles_reason[i];
951 }
952 }
953
954 return 0;
955 }
956
hci_disconn_complete_prio(struct net_buf * buf)957 static void hci_disconn_complete_prio(struct net_buf *buf)
958 {
959 struct bt_hci_evt_disconn_complete *evt = (void *)buf->data;
960 uint16_t handle = sys_le16_to_cpu(evt->handle);
961 struct bt_conn *conn;
962
963 LOG_DBG("status 0x%02x %s handle %u reason 0x%02x",
964 evt->status, bt_hci_err_to_str(evt->status), handle, evt->reason);
965
966 if (evt->status) {
967 return;
968 }
969
970 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
971 if (!conn) {
972 /* Priority disconnect complete event received before normal
973 * connection complete event.
974 */
975 conn_handle_disconnected(handle, evt->reason);
976 return;
977 }
978
979 conn->err = evt->reason;
980
981 bt_conn_set_state(conn, BT_CONN_DISCONNECT_COMPLETE);
982 bt_conn_unref(conn);
983 }
984
hci_disconn_complete(struct net_buf * buf)985 static void hci_disconn_complete(struct net_buf *buf)
986 {
987 struct bt_hci_evt_disconn_complete *evt = (void *)buf->data;
988 uint16_t handle = sys_le16_to_cpu(evt->handle);
989 struct bt_conn *conn;
990
991 LOG_DBG("status 0x%02x %s handle %u reason 0x%02x",
992 evt->status, bt_hci_err_to_str(evt->status), handle, evt->reason);
993
994 if (evt->status) {
995 return;
996 }
997
998 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
999 if (!conn) {
1000 LOG_ERR("Unable to look up conn with handle %u", handle);
1001 return;
1002 }
1003
1004 bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
1005
1006 if (conn->type != BT_CONN_TYPE_LE) {
1007 #if defined(CONFIG_BT_CLASSIC)
1008 if (conn->type == BT_CONN_TYPE_SCO) {
1009 bt_sco_cleanup(conn);
1010 return;
1011 }
1012 /*
1013 * If only for one connection session bond was set, clear keys
1014 * database row for this connection.
1015 */
1016 if (conn->type == BT_CONN_TYPE_BR &&
1017 atomic_test_and_clear_bit(conn->flags, BT_CONN_BR_NOBOND)) {
1018 bt_keys_link_key_clear(conn->br.link_key);
1019 }
1020 #endif
1021 bt_conn_unref(conn);
1022 return;
1023 }
1024
1025 #if defined(CONFIG_BT_CENTRAL) && !defined(CONFIG_BT_FILTER_ACCEPT_LIST)
1026 if (atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT)) {
1027 bt_conn_set_state(conn, BT_CONN_SCAN_BEFORE_INITIATING);
1028 /* Just a best-effort check if the scanner should be started. */
1029 int err = bt_le_scan_user_remove(BT_LE_SCAN_USER_NONE);
1030
1031 if (err) {
1032 LOG_WRN("Error while updating the scanner (%d)", err);
1033 }
1034 }
1035 #endif /* defined(CONFIG_BT_CENTRAL) && !defined(CONFIG_BT_FILTER_ACCEPT_LIST) */
1036
1037 bt_conn_unref(conn);
1038 }
1039
bt_hci_le_read_remote_features(struct bt_conn * conn)1040 int bt_hci_le_read_remote_features(struct bt_conn *conn)
1041 {
1042 struct bt_hci_cp_le_read_remote_features *cp;
1043 struct net_buf *buf;
1044
1045 buf = bt_hci_cmd_create(BT_HCI_OP_LE_READ_REMOTE_FEATURES,
1046 sizeof(*cp));
1047 if (!buf) {
1048 return -ENOBUFS;
1049 }
1050
1051 cp = net_buf_add(buf, sizeof(*cp));
1052 cp->handle = sys_cpu_to_le16(conn->handle);
1053 /* Results in BT_HCI_EVT_LE_REMOTE_FEAT_COMPLETE */
1054 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_REMOTE_FEATURES, buf, NULL);
1055 }
1056
bt_hci_read_remote_version(struct bt_conn * conn)1057 int bt_hci_read_remote_version(struct bt_conn *conn)
1058 {
1059 struct bt_hci_cp_read_remote_version_info *cp;
1060 struct net_buf *buf;
1061
1062 if (conn->state != BT_CONN_CONNECTED) {
1063 return -ENOTCONN;
1064 }
1065
1066 /* Remote version cannot change. */
1067 if (atomic_test_bit(conn->flags, BT_CONN_AUTO_VERSION_INFO)) {
1068 return 0;
1069 }
1070
1071 buf = bt_hci_cmd_create(BT_HCI_OP_READ_REMOTE_VERSION_INFO,
1072 sizeof(*cp));
1073 if (!buf) {
1074 return -ENOBUFS;
1075 }
1076
1077 cp = net_buf_add(buf, sizeof(*cp));
1078 cp->handle = sys_cpu_to_le16(conn->handle);
1079
1080 return bt_hci_cmd_send_sync(BT_HCI_OP_READ_REMOTE_VERSION_INFO, buf,
1081 NULL);
1082 }
1083
1084 /* LE Data Length Change Event is optional so this function just ignore
1085 * error and stack will continue to use default values.
1086 */
bt_le_set_data_len(struct bt_conn * conn,uint16_t tx_octets,uint16_t tx_time)1087 int bt_le_set_data_len(struct bt_conn *conn, uint16_t tx_octets, uint16_t tx_time)
1088 {
1089 struct bt_hci_cp_le_set_data_len *cp;
1090 struct net_buf *buf;
1091
1092 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_DATA_LEN, sizeof(*cp));
1093 if (!buf) {
1094 return -ENOBUFS;
1095 }
1096
1097 cp = net_buf_add(buf, sizeof(*cp));
1098 cp->handle = sys_cpu_to_le16(conn->handle);
1099 cp->tx_octets = sys_cpu_to_le16(tx_octets);
1100 cp->tx_time = sys_cpu_to_le16(tx_time);
1101
1102 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_DATA_LEN, buf, NULL);
1103 }
1104
1105 #if defined(CONFIG_BT_USER_PHY_UPDATE)
hci_le_read_phy(struct bt_conn * conn)1106 static int hci_le_read_phy(struct bt_conn *conn)
1107 {
1108 struct bt_hci_cp_le_read_phy *cp;
1109 struct bt_hci_rp_le_read_phy *rp;
1110 struct net_buf *buf, *rsp;
1111 int err;
1112
1113 buf = bt_hci_cmd_create(BT_HCI_OP_LE_READ_PHY, sizeof(*cp));
1114 if (!buf) {
1115 return -ENOBUFS;
1116 }
1117
1118 cp = net_buf_add(buf, sizeof(*cp));
1119 cp->handle = sys_cpu_to_le16(conn->handle);
1120
1121 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_PHY, buf, &rsp);
1122 if (err) {
1123 return err;
1124 }
1125
1126 rp = (void *)rsp->data;
1127 conn->le.phy.tx_phy = bt_get_phy(rp->tx_phy);
1128 conn->le.phy.rx_phy = bt_get_phy(rp->rx_phy);
1129 net_buf_unref(rsp);
1130
1131 return 0;
1132 }
1133 #endif /* defined(CONFIG_BT_USER_PHY_UPDATE) */
1134
bt_le_set_phy(struct bt_conn * conn,uint8_t all_phys,uint8_t pref_tx_phy,uint8_t pref_rx_phy,uint8_t phy_opts)1135 int bt_le_set_phy(struct bt_conn *conn, uint8_t all_phys,
1136 uint8_t pref_tx_phy, uint8_t pref_rx_phy, uint8_t phy_opts)
1137 {
1138 struct bt_hci_cp_le_set_phy *cp;
1139 struct net_buf *buf;
1140
1141 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_PHY, sizeof(*cp));
1142 if (!buf) {
1143 return -ENOBUFS;
1144 }
1145
1146 cp = net_buf_add(buf, sizeof(*cp));
1147 cp->handle = sys_cpu_to_le16(conn->handle);
1148 cp->all_phys = all_phys;
1149 cp->tx_phys = pref_tx_phy;
1150 cp->rx_phys = pref_rx_phy;
1151 cp->phy_opts = phy_opts;
1152
1153 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_PHY, buf, NULL);
1154 }
1155
find_pending_connect(uint8_t role,bt_addr_le_t * peer_addr)1156 static struct bt_conn *find_pending_connect(uint8_t role, bt_addr_le_t *peer_addr)
1157 {
1158 struct bt_conn *conn;
1159
1160 /*
1161 * Make lookup to check if there's a connection object in
1162 * CONNECT or CONNECT_AUTO state associated with passed peer LE address.
1163 */
1164 if (IS_ENABLED(CONFIG_BT_CENTRAL) && role == BT_HCI_ROLE_CENTRAL) {
1165 conn = bt_conn_lookup_state_le(BT_ID_DEFAULT, peer_addr,
1166 BT_CONN_INITIATING);
1167 if (IS_ENABLED(CONFIG_BT_FILTER_ACCEPT_LIST) && !conn) {
1168 conn = bt_conn_lookup_state_le(BT_ID_DEFAULT,
1169 BT_ADDR_LE_NONE,
1170 BT_CONN_INITIATING_FILTER_LIST);
1171 }
1172
1173 return conn;
1174 }
1175
1176 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) && role == BT_HCI_ROLE_PERIPHERAL) {
1177 conn = bt_conn_lookup_state_le(bt_dev.adv_conn_id, peer_addr,
1178 BT_CONN_ADV_DIR_CONNECTABLE);
1179 if (!conn) {
1180 conn = bt_conn_lookup_state_le(bt_dev.adv_conn_id,
1181 BT_ADDR_LE_NONE,
1182 BT_CONN_ADV_CONNECTABLE);
1183 }
1184
1185 return conn;
1186 }
1187
1188 return NULL;
1189 }
1190
le_conn_complete_cancel(uint8_t err)1191 static void le_conn_complete_cancel(uint8_t err)
1192 {
1193 int ret;
1194 struct bt_conn *conn;
1195
1196 /* Handle create connection cancel.
1197 *
1198 * There is no need to check ID address as only one
1199 * connection in central role can be in pending state.
1200 */
1201 conn = find_pending_connect(BT_HCI_ROLE_CENTRAL, NULL);
1202 if (!conn) {
1203 LOG_ERR("No pending central connection");
1204 return;
1205 }
1206
1207 if (atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT)) {
1208 if (!IS_ENABLED(CONFIG_BT_FILTER_ACCEPT_LIST)) {
1209 /* Restart passive scanner for device */
1210 bt_conn_set_state(conn, BT_CONN_SCAN_BEFORE_INITIATING);
1211 } else {
1212 /* Restart FAL initiator after RPA timeout. */
1213 ret = bt_le_create_conn(conn);
1214 if (ret) {
1215 LOG_ERR("Failed to restart initiator");
1216 }
1217 }
1218 } else {
1219 int busy_status = k_work_delayable_busy_get(&conn->deferred_work);
1220
1221 if (!(busy_status & (K_WORK_QUEUED | K_WORK_DELAYED))) {
1222 LOG_WRN("Connection creation timeout triggered");
1223 conn->err = err;
1224 bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
1225 } else {
1226 /* Restart initiator after RPA timeout. */
1227 ret = bt_le_create_conn(conn);
1228 if (ret) {
1229 LOG_ERR("Failed to restart initiator");
1230 }
1231 }
1232 }
1233
1234 bt_conn_unref(conn);
1235 }
1236
le_conn_complete_adv_timeout(void)1237 static void le_conn_complete_adv_timeout(void)
1238 {
1239 if (!(IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1240 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
1241 struct bt_le_ext_adv *adv = bt_le_adv_lookup_legacy();
1242 struct bt_conn *conn;
1243
1244 /* Handle advertising timeout after high duty cycle directed
1245 * advertising.
1246 */
1247
1248 atomic_clear_bit(adv->flags, BT_ADV_ENABLED);
1249
1250 if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1251 !BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
1252 /* No advertising set terminated event, must be a
1253 * legacy advertiser set.
1254 */
1255 bt_le_adv_delete_legacy();
1256 }
1257
1258 /* There is no need to check ID address as only one
1259 * connection in peripheral role can be in pending state.
1260 */
1261 conn = find_pending_connect(BT_HCI_ROLE_PERIPHERAL, NULL);
1262 if (!conn) {
1263 LOG_ERR("No pending peripheral connection");
1264 return;
1265 }
1266
1267 conn->err = BT_HCI_ERR_ADV_TIMEOUT;
1268 bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
1269
1270 bt_conn_unref(conn);
1271 }
1272 }
1273
enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete * evt)1274 static void enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete *evt)
1275 {
1276 #if defined(CONFIG_BT_CONN) && (CONFIG_BT_EXT_ADV_MAX_ADV_SET > 1)
1277 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
1278 evt->role == BT_HCI_ROLE_PERIPHERAL &&
1279 evt->status == BT_HCI_ERR_SUCCESS &&
1280 (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1281 BT_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
1282
1283 /* Cache the connection complete event. Process it later.
1284 * See bt_dev.cached_conn_complete.
1285 */
1286 for (int i = 0; i < ARRAY_SIZE(bt_dev.cached_conn_complete); i++) {
1287 if (!bt_dev.cached_conn_complete[i].valid) {
1288 (void)memcpy(&bt_dev.cached_conn_complete[i].evt,
1289 evt,
1290 sizeof(struct bt_hci_evt_le_enh_conn_complete));
1291 bt_dev.cached_conn_complete[i].valid = true;
1292 return;
1293 }
1294 }
1295
1296 __ASSERT(false, "No more cache entries available."
1297 "This should not happen by design");
1298
1299 return;
1300 }
1301 #endif
1302 bt_hci_le_enh_conn_complete(evt);
1303 }
1304
translate_addrs(bt_addr_le_t * peer_addr,bt_addr_le_t * id_addr,const struct bt_hci_evt_le_enh_conn_complete * evt,uint8_t id)1305 static void translate_addrs(bt_addr_le_t *peer_addr, bt_addr_le_t *id_addr,
1306 const struct bt_hci_evt_le_enh_conn_complete *evt, uint8_t id)
1307 {
1308 if (bt_addr_le_is_resolved(&evt->peer_addr)) {
1309 bt_addr_le_copy_resolved(id_addr, &evt->peer_addr);
1310
1311 bt_addr_copy(&peer_addr->a, &evt->peer_rpa);
1312 peer_addr->type = BT_ADDR_LE_RANDOM;
1313 } else {
1314 bt_addr_le_copy(id_addr, bt_lookup_id_addr(id, &evt->peer_addr));
1315 bt_addr_le_copy(peer_addr, &evt->peer_addr);
1316 }
1317 }
1318
update_conn(struct bt_conn * conn,const bt_addr_le_t * id_addr,const struct bt_hci_evt_le_enh_conn_complete * evt)1319 static void update_conn(struct bt_conn *conn, const bt_addr_le_t *id_addr,
1320 const struct bt_hci_evt_le_enh_conn_complete *evt)
1321 {
1322 conn->handle = sys_le16_to_cpu(evt->handle);
1323 bt_addr_le_copy(&conn->le.dst, id_addr);
1324 conn->le.interval = sys_le16_to_cpu(evt->interval);
1325 conn->le.latency = sys_le16_to_cpu(evt->latency);
1326 conn->le.timeout = sys_le16_to_cpu(evt->supv_timeout);
1327 conn->role = evt->role;
1328 conn->err = 0U;
1329
1330 #if defined(CONFIG_BT_USER_DATA_LEN_UPDATE)
1331 conn->le.data_len.tx_max_len = BT_GAP_DATA_LEN_DEFAULT;
1332 conn->le.data_len.tx_max_time = BT_GAP_DATA_TIME_DEFAULT;
1333 conn->le.data_len.rx_max_len = BT_GAP_DATA_LEN_DEFAULT;
1334 conn->le.data_len.rx_max_time = BT_GAP_DATA_TIME_DEFAULT;
1335 #endif
1336 #if defined(CONFIG_BT_SUBRATING)
1337 conn->le.subrate.factor = 1; /* No subrating. */
1338 conn->le.subrate.continuation_number = 0;
1339 #endif
1340 }
1341
bt_hci_le_enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete * evt)1342 void bt_hci_le_enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete *evt)
1343 {
1344 __ASSERT_NO_MSG(evt->status == BT_HCI_ERR_SUCCESS);
1345
1346 uint16_t handle = sys_le16_to_cpu(evt->handle);
1347 uint8_t disconnect_reason = conn_handle_is_disconnected(handle);
1348 bt_addr_le_t peer_addr, id_addr;
1349 struct bt_conn *conn;
1350 uint8_t id;
1351
1352 LOG_DBG("status 0x%02x %s handle %u role %u peer %s peer RPA %s",
1353 evt->status, bt_hci_err_to_str(evt->status), handle,
1354 evt->role, bt_addr_le_str(&evt->peer_addr), bt_addr_str(&evt->peer_rpa));
1355 LOG_DBG("local RPA %s", bt_addr_str(&evt->local_rpa));
1356
1357 #if defined(CONFIG_BT_SMP)
1358 bt_id_pending_keys_update();
1359 #endif
1360
1361 id = evt->role == BT_HCI_ROLE_PERIPHERAL ? bt_dev.adv_conn_id : BT_ID_DEFAULT;
1362 translate_addrs(&peer_addr, &id_addr, evt, id);
1363
1364 conn = find_pending_connect(evt->role, &id_addr);
1365
1366 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
1367 evt->role == BT_HCI_ROLE_PERIPHERAL &&
1368 !(IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1369 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
1370 struct bt_le_ext_adv *adv = bt_le_adv_lookup_legacy();
1371 /* Clear advertising even if we are not able to add connection
1372 * object to keep host in sync with controller state.
1373 */
1374 atomic_clear_bit(adv->flags, BT_ADV_ENABLED);
1375 (void)bt_le_lim_adv_cancel_timeout(adv);
1376 }
1377
1378 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
1379 evt->role == BT_HCI_ROLE_CENTRAL) {
1380 /* Clear initiating even if we are not able to add connection
1381 * object to keep the host in sync with controller state.
1382 */
1383 atomic_clear_bit(bt_dev.flags, BT_DEV_INITIATING);
1384 }
1385
1386 if (!conn) {
1387 LOG_ERR("No pending conn for peer %s", bt_addr_le_str(&evt->peer_addr));
1388 bt_hci_disconnect(handle, BT_HCI_ERR_REMOTE_USER_TERM_CONN);
1389 return;
1390 }
1391
1392 update_conn(conn, &id_addr, evt);
1393
1394 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1395 conn->le.phy.tx_phy = BT_GAP_LE_PHY_1M;
1396 conn->le.phy.rx_phy = BT_GAP_LE_PHY_1M;
1397 #endif
1398 /*
1399 * Use connection address (instead of identity address) as initiator
1400 * or responder address. Only peripheral needs to be updated. For central all
1401 * was set during outgoing connection creation.
1402 */
1403 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
1404 conn->role == BT_HCI_ROLE_PERIPHERAL) {
1405 bt_addr_le_copy(&conn->le.init_addr, &peer_addr);
1406
1407 if (!(IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1408 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
1409 struct bt_le_ext_adv *adv = bt_le_adv_lookup_legacy();
1410
1411 if (IS_ENABLED(CONFIG_BT_PRIVACY) &&
1412 !atomic_test_bit(adv->flags, BT_ADV_USE_IDENTITY)) {
1413 conn->le.resp_addr.type = BT_ADDR_LE_RANDOM;
1414 if (!bt_addr_eq(&evt->local_rpa, BT_ADDR_ANY)) {
1415 bt_addr_copy(&conn->le.resp_addr.a,
1416 &evt->local_rpa);
1417 } else {
1418 bt_addr_copy(&conn->le.resp_addr.a,
1419 &bt_dev.random_addr.a);
1420 }
1421 } else {
1422 bt_addr_le_copy(&conn->le.resp_addr,
1423 &bt_dev.id_addr[conn->id]);
1424 }
1425 } else {
1426 /* Copy the local RPA and handle this in advertising set
1427 * terminated event.
1428 */
1429 bt_addr_copy(&conn->le.resp_addr.a, &evt->local_rpa);
1430 }
1431
1432 /* if the controller supports, lets advertise for another
1433 * peripheral connection.
1434 * check for connectable advertising state is sufficient as
1435 * this is how this le connection complete for peripheral occurred.
1436 */
1437 if (BT_LE_STATES_PER_CONN_ADV(bt_dev.le.states)) {
1438 bt_le_adv_resume();
1439 }
1440
1441 if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1442 !BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
1443 struct bt_le_ext_adv *adv = bt_le_adv_lookup_legacy();
1444 /* No advertising set terminated event, must be a
1445 * legacy advertiser set.
1446 */
1447 if (!atomic_test_bit(adv->flags, BT_ADV_PERSIST)) {
1448 bt_le_adv_delete_legacy();
1449 }
1450 }
1451 }
1452
1453 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
1454 conn->role == BT_HCI_ROLE_CENTRAL) {
1455 bt_addr_le_copy(&conn->le.resp_addr, &peer_addr);
1456
1457 if (IS_ENABLED(CONFIG_BT_PRIVACY)) {
1458 conn->le.init_addr.type = BT_ADDR_LE_RANDOM;
1459 if (!bt_addr_eq(&evt->local_rpa, BT_ADDR_ANY)) {
1460 bt_addr_copy(&conn->le.init_addr.a,
1461 &evt->local_rpa);
1462 } else {
1463 bt_addr_copy(&conn->le.init_addr.a,
1464 &bt_dev.random_addr.a);
1465 }
1466 } else {
1467 bt_addr_le_copy(&conn->le.init_addr,
1468 &bt_dev.id_addr[conn->id]);
1469 }
1470 }
1471
1472 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1473 if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1474 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
1475 int err;
1476
1477 err = hci_le_read_phy(conn);
1478 if (err) {
1479 LOG_WRN("Failed to read PHY (%d)", err);
1480 }
1481 }
1482 #endif /* defined(CONFIG_BT_USER_PHY_UPDATE) */
1483
1484 bt_conn_set_state(conn, BT_CONN_CONNECTED);
1485
1486 if (disconnect_reason) {
1487 /* Mark the connection as already disconnected before calling
1488 * the connected callback, so that the application cannot
1489 * start sending packets
1490 */
1491 conn->err = disconnect_reason;
1492 bt_conn_set_state(conn, BT_CONN_DISCONNECT_COMPLETE);
1493 }
1494
1495 bt_conn_connected(conn);
1496 bt_conn_unref(conn);
1497
1498 if (IS_ENABLED(CONFIG_BT_CENTRAL) && conn->role == BT_HCI_ROLE_CENTRAL) {
1499 int err;
1500
1501 /* Just a best-effort check if the scanner should be started. */
1502 err = bt_le_scan_user_remove(BT_LE_SCAN_USER_NONE);
1503 if (err) {
1504 LOG_WRN("Error while updating the scanner (%d)", err);
1505 }
1506 }
1507 }
1508
1509 #if defined(CONFIG_BT_PER_ADV_SYNC_RSP)
bt_hci_le_enh_conn_complete_sync(struct bt_hci_evt_le_enh_conn_complete_v2 * evt,struct bt_le_per_adv_sync * sync)1510 void bt_hci_le_enh_conn_complete_sync(struct bt_hci_evt_le_enh_conn_complete_v2 *evt,
1511 struct bt_le_per_adv_sync *sync)
1512 {
1513 __ASSERT_NO_MSG(evt->status == BT_HCI_ERR_SUCCESS);
1514
1515 uint16_t handle = sys_le16_to_cpu(evt->handle);
1516 uint8_t disconnect_reason = conn_handle_is_disconnected(handle);
1517 bt_addr_le_t peer_addr, id_addr;
1518 struct bt_conn *conn;
1519
1520 if (!sync->num_subevents) {
1521 LOG_ERR("Unexpected connection complete event");
1522
1523 return;
1524 }
1525
1526 conn = bt_conn_add_le(BT_ID_DEFAULT, BT_ADDR_LE_ANY);
1527 if (!conn) {
1528 LOG_ERR("Unable to allocate connection");
1529 /* Tell the controller to disconnect to keep it in sync with
1530 * the host state and avoid a "rogue" connection.
1531 */
1532 bt_hci_disconnect(handle, BT_HCI_ERR_REMOTE_USER_TERM_CONN);
1533
1534 return;
1535 }
1536
1537 LOG_DBG("status 0x%02x %s handle %u role %u peer %s peer RPA %s",
1538 evt->status, bt_hci_err_to_str(evt->status), handle,
1539 evt->role, bt_addr_le_str(&evt->peer_addr), bt_addr_str(&evt->peer_rpa));
1540 LOG_DBG("local RPA %s", bt_addr_str(&evt->local_rpa));
1541
1542 if (evt->role != BT_HCI_ROLE_PERIPHERAL) {
1543 LOG_ERR("PAwR sync always becomes peripheral");
1544
1545 return;
1546 }
1547
1548 #if defined(CONFIG_BT_SMP)
1549 bt_id_pending_keys_update();
1550 #endif
1551
1552 translate_addrs(&peer_addr, &id_addr, (const struct bt_hci_evt_le_enh_conn_complete *)evt,
1553 BT_ID_DEFAULT);
1554 update_conn(conn, &id_addr, (const struct bt_hci_evt_le_enh_conn_complete *)evt);
1555
1556 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1557 /* The connection is always initiated on the same phy as the PAwR advertiser */
1558 conn->le.phy.tx_phy = sync->phy;
1559 conn->le.phy.rx_phy = sync->phy;
1560 #endif
1561
1562 bt_addr_le_copy(&conn->le.init_addr, &peer_addr);
1563
1564 if (IS_ENABLED(CONFIG_BT_PRIVACY)) {
1565 conn->le.resp_addr.type = BT_ADDR_LE_RANDOM;
1566 bt_addr_copy(&conn->le.resp_addr.a, &evt->local_rpa);
1567 } else {
1568 bt_addr_le_copy(&conn->le.resp_addr, &bt_dev.id_addr[conn->id]);
1569 }
1570
1571 bt_conn_set_state(conn, BT_CONN_CONNECTED);
1572
1573 if (disconnect_reason) {
1574 /* Mark the connection as already disconnected before calling
1575 * the connected callback, so that the application cannot
1576 * start sending packets
1577 */
1578 conn->err = disconnect_reason;
1579 bt_conn_set_state(conn, BT_CONN_DISCONNECT_COMPLETE);
1580 }
1581
1582 bt_conn_connected(conn);
1583
1584 /* Since we don't give the application a reference to manage
1585 * for peripheral connections, we need to release this reference here.
1586 */
1587 bt_conn_unref(conn);
1588 }
1589 #endif /* CONFIG_BT_PER_ADV_SYNC_RSP */
1590
enh_conn_complete_error_handle(uint8_t status)1591 static void enh_conn_complete_error_handle(uint8_t status)
1592 {
1593 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) && status == BT_HCI_ERR_ADV_TIMEOUT) {
1594 le_conn_complete_adv_timeout();
1595 return;
1596 }
1597
1598 if (IS_ENABLED(CONFIG_BT_CENTRAL) && status == BT_HCI_ERR_UNKNOWN_CONN_ID) {
1599 le_conn_complete_cancel(status);
1600 int err = bt_le_scan_user_remove(BT_LE_SCAN_USER_NONE);
1601
1602 if (err) {
1603 LOG_WRN("Error while updating the scanner (%d)", err);
1604 }
1605 return;
1606 }
1607
1608 if (IS_ENABLED(CONFIG_BT_CENTRAL) && IS_ENABLED(CONFIG_BT_PER_ADV_RSP) &&
1609 status == BT_HCI_ERR_CONN_FAIL_TO_ESTAB) {
1610 le_conn_complete_cancel(status);
1611
1612 atomic_clear_bit(bt_dev.flags, BT_DEV_INITIATING);
1613
1614 return;
1615 }
1616
1617 LOG_WRN("Unexpected status 0x%02x %s", status, bt_hci_err_to_str(status));
1618 }
1619
le_enh_conn_complete(struct net_buf * buf)1620 static void le_enh_conn_complete(struct net_buf *buf)
1621 {
1622 struct bt_hci_evt_le_enh_conn_complete *evt =
1623 (struct bt_hci_evt_le_enh_conn_complete *)buf->data;
1624
1625 if (evt->status != BT_HCI_ERR_SUCCESS) {
1626 enh_conn_complete_error_handle(evt->status);
1627 return;
1628 }
1629
1630 enh_conn_complete(evt);
1631 }
1632
1633 #if defined(CONFIG_BT_PER_ADV_RSP) || defined(CONFIG_BT_PER_ADV_SYNC_RSP)
le_enh_conn_complete_v2(struct net_buf * buf)1634 static void le_enh_conn_complete_v2(struct net_buf *buf)
1635 {
1636 struct bt_hci_evt_le_enh_conn_complete_v2 *evt =
1637 (struct bt_hci_evt_le_enh_conn_complete_v2 *)buf->data;
1638
1639 if (evt->status != BT_HCI_ERR_SUCCESS) {
1640 enh_conn_complete_error_handle(evt->status);
1641 return;
1642 }
1643
1644 if (evt->adv_handle == BT_HCI_ADV_HANDLE_INVALID &&
1645 evt->sync_handle == BT_HCI_SYNC_HANDLE_INVALID) {
1646 /* The connection was not created via PAwR, handle the event like v1 */
1647 enh_conn_complete((struct bt_hci_evt_le_enh_conn_complete *)evt);
1648 }
1649 #if defined(CONFIG_BT_PER_ADV_RSP)
1650 else if (evt->adv_handle != BT_HCI_ADV_HANDLE_INVALID &&
1651 evt->sync_handle == BT_HCI_SYNC_HANDLE_INVALID) {
1652 /* The connection was created via PAwR advertiser, it can be handled like v1 */
1653 enh_conn_complete((struct bt_hci_evt_le_enh_conn_complete *)evt);
1654 }
1655 #endif /* CONFIG_BT_PER_ADV_RSP */
1656 #if defined(CONFIG_BT_PER_ADV_SYNC_RSP)
1657 else if (evt->adv_handle == BT_HCI_ADV_HANDLE_INVALID &&
1658 evt->sync_handle != BT_HCI_SYNC_HANDLE_INVALID) {
1659 /* Created via PAwR sync, no adv set terminated event, needs separate handling */
1660 struct bt_le_per_adv_sync *sync;
1661
1662 sync = bt_hci_per_adv_sync_lookup_handle(evt->sync_handle);
1663 if (!sync) {
1664 LOG_ERR("Unknown sync handle %d", evt->sync_handle);
1665
1666 return;
1667 }
1668
1669 bt_hci_le_enh_conn_complete_sync(evt, sync);
1670 }
1671 #endif /* CONFIG_BT_PER_ADV_SYNC_RSP */
1672 else {
1673 LOG_ERR("Invalid connection complete event");
1674 }
1675 }
1676 #endif /* CONFIG_BT_PER_ADV_RSP || CONFIG_BT_PER_ADV_SYNC_RSP */
1677
le_legacy_conn_complete(struct net_buf * buf)1678 static void le_legacy_conn_complete(struct net_buf *buf)
1679 {
1680 struct bt_hci_evt_le_conn_complete *evt = (void *)buf->data;
1681 struct bt_hci_evt_le_enh_conn_complete enh;
1682
1683 if (evt->status != BT_HCI_ERR_SUCCESS) {
1684 enh_conn_complete_error_handle(evt->status);
1685 return;
1686 }
1687
1688 LOG_DBG("status 0x%02x %s role %u %s",
1689 evt->status, bt_hci_err_to_str(evt->status), evt->role,
1690 bt_addr_le_str(&evt->peer_addr));
1691
1692 enh.status = evt->status;
1693 enh.handle = evt->handle;
1694 enh.role = evt->role;
1695 enh.interval = evt->interval;
1696 enh.latency = evt->latency;
1697 enh.supv_timeout = evt->supv_timeout;
1698 enh.clock_accuracy = evt->clock_accuracy;
1699
1700 bt_addr_le_copy(&enh.peer_addr, &evt->peer_addr);
1701
1702 if (IS_ENABLED(CONFIG_BT_PRIVACY)) {
1703 bt_addr_copy(&enh.local_rpa, &bt_dev.random_addr.a);
1704 } else {
1705 bt_addr_copy(&enh.local_rpa, BT_ADDR_ANY);
1706 }
1707
1708 bt_addr_copy(&enh.peer_rpa, BT_ADDR_ANY);
1709
1710 enh_conn_complete(&enh);
1711 }
1712
le_remote_feat_complete(struct net_buf * buf)1713 static void le_remote_feat_complete(struct net_buf *buf)
1714 {
1715 struct bt_hci_evt_le_remote_feat_complete *evt = (void *)buf->data;
1716 uint16_t handle = sys_le16_to_cpu(evt->handle);
1717 struct bt_conn *conn;
1718
1719 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1720 if (!conn) {
1721 LOG_ERR("Unable to lookup conn for handle %u", handle);
1722 return;
1723 }
1724
1725 if (!evt->status) {
1726 memcpy(conn->le.features, evt->features,
1727 sizeof(conn->le.features));
1728 }
1729
1730 atomic_set_bit(conn->flags, BT_CONN_LE_FEATURES_EXCHANGED);
1731
1732 if (IS_ENABLED(CONFIG_BT_REMOTE_INFO) &&
1733 !IS_ENABLED(CONFIG_BT_REMOTE_VERSION)) {
1734 notify_remote_info(conn);
1735 }
1736
1737 bt_conn_unref(conn);
1738 }
1739
1740 #if defined(CONFIG_BT_DATA_LEN_UPDATE)
le_data_len_change(struct net_buf * buf)1741 static void le_data_len_change(struct net_buf *buf)
1742 {
1743 struct bt_hci_evt_le_data_len_change *evt = (void *)buf->data;
1744 uint16_t handle = sys_le16_to_cpu(evt->handle);
1745 struct bt_conn *conn;
1746
1747 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1748 if (!conn) {
1749 LOG_ERR("Unable to lookup conn for handle %u", handle);
1750 return;
1751 }
1752
1753 #if defined(CONFIG_BT_USER_DATA_LEN_UPDATE)
1754 uint16_t max_tx_octets = sys_le16_to_cpu(evt->max_tx_octets);
1755 uint16_t max_rx_octets = sys_le16_to_cpu(evt->max_rx_octets);
1756 uint16_t max_tx_time = sys_le16_to_cpu(evt->max_tx_time);
1757 uint16_t max_rx_time = sys_le16_to_cpu(evt->max_rx_time);
1758
1759 if (!IN_RANGE(max_tx_octets, BT_HCI_LE_MAX_TX_OCTETS_MIN, BT_HCI_LE_MAX_TX_OCTETS_MAX)) {
1760 LOG_WRN("max_tx_octets exceeds the valid range %u", max_tx_octets);
1761 }
1762 if (!IN_RANGE(max_rx_octets, BT_HCI_LE_MAX_RX_OCTETS_MIN, BT_HCI_LE_MAX_RX_OCTETS_MAX)) {
1763 LOG_WRN("max_rx_octets exceeds the valid range %u", max_rx_octets);
1764 }
1765 if (!IN_RANGE(max_tx_time, BT_HCI_LE_MAX_TX_TIME_MIN, BT_HCI_LE_MAX_TX_TIME_MAX)) {
1766 LOG_WRN("max_tx_time exceeds the valid range %u", max_tx_time);
1767 }
1768 if (!IN_RANGE(max_rx_time, BT_HCI_LE_MAX_RX_TIME_MIN, BT_HCI_LE_MAX_RX_TIME_MAX)) {
1769 LOG_WRN("max_rx_time exceeds the valid range %u", max_rx_time);
1770 }
1771
1772 LOG_DBG("max. tx: %u (%uus), max. rx: %u (%uus)", max_tx_octets, max_tx_time, max_rx_octets,
1773 max_rx_time);
1774
1775 conn->le.data_len.tx_max_len = max_tx_octets;
1776 conn->le.data_len.tx_max_time = max_tx_time;
1777 conn->le.data_len.rx_max_len = max_rx_octets;
1778 conn->le.data_len.rx_max_time = max_rx_time;
1779 notify_le_data_len_updated(conn);
1780 #endif
1781
1782 bt_conn_unref(conn);
1783 }
1784 #endif /* CONFIG_BT_DATA_LEN_UPDATE */
1785
1786 #if defined(CONFIG_BT_PHY_UPDATE)
le_phy_update_complete(struct net_buf * buf)1787 static void le_phy_update_complete(struct net_buf *buf)
1788 {
1789 struct bt_hci_evt_le_phy_update_complete *evt = (void *)buf->data;
1790 uint16_t handle = sys_le16_to_cpu(evt->handle);
1791 struct bt_conn *conn;
1792
1793 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1794 if (!conn) {
1795 LOG_ERR("Unable to lookup conn for handle %u", handle);
1796 return;
1797 }
1798
1799 LOG_DBG("PHY updated: status: 0x%02x %s, tx: %u, rx: %u",
1800 evt->status, bt_hci_err_to_str(evt->status), evt->tx_phy,
1801 evt->rx_phy);
1802
1803 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1804 conn->le.phy.tx_phy = bt_get_phy(evt->tx_phy);
1805 conn->le.phy.rx_phy = bt_get_phy(evt->rx_phy);
1806 notify_le_phy_updated(conn);
1807 #endif
1808
1809 bt_conn_unref(conn);
1810 }
1811 #endif /* CONFIG_BT_PHY_UPDATE */
1812
bt_le_conn_params_valid(const struct bt_le_conn_param * param)1813 bool bt_le_conn_params_valid(const struct bt_le_conn_param *param)
1814 {
1815 if (IS_ENABLED(CONFIG_BT_CONN_PARAM_ANY)) {
1816 return true;
1817 }
1818
1819 /* All limits according to BT Core spec 5.0 [Vol 2, Part E, 7.8.12] */
1820
1821 if (param->interval_min > param->interval_max ||
1822 param->interval_min < 6 || param->interval_max > 3200) {
1823 return false;
1824 }
1825
1826 if (param->latency > 499) {
1827 return false;
1828 }
1829
1830 if (param->timeout < 10 || param->timeout > 3200 ||
1831 ((param->timeout * 4U) <=
1832 ((1U + param->latency) * param->interval_max))) {
1833 return false;
1834 }
1835
1836 return true;
1837 }
1838
le_conn_param_neg_reply(uint16_t handle,uint8_t reason)1839 static void le_conn_param_neg_reply(uint16_t handle, uint8_t reason)
1840 {
1841 struct bt_hci_cp_le_conn_param_req_neg_reply *cp;
1842 struct net_buf *buf;
1843
1844 buf = bt_hci_cmd_create(BT_HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY,
1845 sizeof(*cp));
1846 if (!buf) {
1847 LOG_ERR("Unable to allocate buffer");
1848 return;
1849 }
1850
1851 cp = net_buf_add(buf, sizeof(*cp));
1852 cp->handle = sys_cpu_to_le16(handle);
1853 cp->reason = sys_cpu_to_le16(reason);
1854
1855 bt_hci_cmd_send(BT_HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, buf);
1856 }
1857
le_conn_param_req_reply(uint16_t handle,const struct bt_le_conn_param * param)1858 static int le_conn_param_req_reply(uint16_t handle,
1859 const struct bt_le_conn_param *param)
1860 {
1861 struct bt_hci_cp_le_conn_param_req_reply *cp;
1862 struct net_buf *buf;
1863
1864 buf = bt_hci_cmd_create(BT_HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(*cp));
1865 if (!buf) {
1866 return -ENOBUFS;
1867 }
1868
1869 cp = net_buf_add(buf, sizeof(*cp));
1870 (void)memset(cp, 0, sizeof(*cp));
1871
1872 cp->handle = sys_cpu_to_le16(handle);
1873 cp->interval_min = sys_cpu_to_le16(param->interval_min);
1874 cp->interval_max = sys_cpu_to_le16(param->interval_max);
1875 cp->latency = sys_cpu_to_le16(param->latency);
1876 cp->timeout = sys_cpu_to_le16(param->timeout);
1877
1878 return bt_hci_cmd_send(BT_HCI_OP_LE_CONN_PARAM_REQ_REPLY, buf);
1879 }
1880
le_conn_param_req(struct net_buf * buf)1881 static void le_conn_param_req(struct net_buf *buf)
1882 {
1883 struct bt_hci_evt_le_conn_param_req *evt = (void *)buf->data;
1884 struct bt_le_conn_param param;
1885 struct bt_conn *conn;
1886 uint16_t handle;
1887
1888 handle = sys_le16_to_cpu(evt->handle);
1889 param.interval_min = sys_le16_to_cpu(evt->interval_min);
1890 param.interval_max = sys_le16_to_cpu(evt->interval_max);
1891 param.latency = sys_le16_to_cpu(evt->latency);
1892 param.timeout = sys_le16_to_cpu(evt->timeout);
1893
1894 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1895 if (!conn) {
1896 LOG_ERR("Unable to lookup conn for handle %u", handle);
1897 le_conn_param_neg_reply(handle, BT_HCI_ERR_UNKNOWN_CONN_ID);
1898 return;
1899 }
1900
1901 if (!le_param_req(conn, ¶m)) {
1902 le_conn_param_neg_reply(handle, BT_HCI_ERR_INVALID_LL_PARAM);
1903 } else {
1904 le_conn_param_req_reply(handle, ¶m);
1905 }
1906
1907 bt_conn_unref(conn);
1908 }
1909
le_conn_update_complete(struct net_buf * buf)1910 static void le_conn_update_complete(struct net_buf *buf)
1911 {
1912 struct bt_hci_evt_le_conn_update_complete *evt = (void *)buf->data;
1913 struct bt_conn *conn;
1914 uint16_t handle;
1915
1916 handle = sys_le16_to_cpu(evt->handle);
1917
1918 LOG_DBG("status 0x%02x %s, handle %u",
1919 evt->status, bt_hci_err_to_str(evt->status), handle);
1920
1921 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1922 if (!conn) {
1923 LOG_ERR("Unable to lookup conn for handle %u", handle);
1924 return;
1925 }
1926
1927 if (evt->status == BT_HCI_ERR_UNSUPP_REMOTE_FEATURE &&
1928 conn->role == BT_HCI_ROLE_PERIPHERAL &&
1929 !atomic_test_and_set_bit(conn->flags,
1930 BT_CONN_PERIPHERAL_PARAM_L2CAP)) {
1931 /* CPR not supported, let's try L2CAP CPUP instead */
1932 struct bt_le_conn_param param;
1933
1934 param.interval_min = conn->le.interval_min;
1935 param.interval_max = conn->le.interval_max;
1936 param.latency = conn->le.pending_latency;
1937 param.timeout = conn->le.pending_timeout;
1938
1939 bt_l2cap_update_conn_param(conn, ¶m);
1940 } else {
1941 if (!evt->status) {
1942 conn->le.interval = sys_le16_to_cpu(evt->interval);
1943 conn->le.latency = sys_le16_to_cpu(evt->latency);
1944 conn->le.timeout = sys_le16_to_cpu(evt->supv_timeout);
1945
1946 if (!IS_ENABLED(CONFIG_BT_CONN_PARAM_ANY)) {
1947 if (!IN_RANGE(conn->le.interval, BT_HCI_LE_INTERVAL_MIN,
1948 BT_HCI_LE_INTERVAL_MAX)) {
1949 LOG_WRN("interval exceeds the valid range 0x%04x",
1950 conn->le.interval);
1951 }
1952 if (conn->le.latency > BT_HCI_LE_PERIPHERAL_LATENCY_MAX) {
1953 LOG_WRN("latency exceeds the valid range 0x%04x",
1954 conn->le.latency);
1955 }
1956 if (!IN_RANGE(conn->le.timeout, BT_HCI_LE_SUPERVISON_TIMEOUT_MIN,
1957 BT_HCI_LE_SUPERVISON_TIMEOUT_MAX)) {
1958 LOG_WRN("supv_timeout exceeds the valid range 0x%04x",
1959 conn->le.timeout);
1960 }
1961 }
1962
1963 #if defined(CONFIG_BT_GAP_AUTO_UPDATE_CONN_PARAMS)
1964 atomic_clear_bit(conn->flags,
1965 BT_CONN_PERIPHERAL_PARAM_AUTO_UPDATE);
1966 } else if (atomic_test_bit(conn->flags,
1967 BT_CONN_PERIPHERAL_PARAM_AUTO_UPDATE) &&
1968 evt->status == BT_HCI_ERR_UNSUPP_LL_PARAM_VAL &&
1969 conn->le.conn_param_retry_countdown) {
1970 conn->le.conn_param_retry_countdown--;
1971 k_work_schedule(&conn->deferred_work,
1972 K_MSEC(CONFIG_BT_CONN_PARAM_RETRY_TIMEOUT));
1973 } else {
1974 atomic_clear_bit(conn->flags,
1975 BT_CONN_PERIPHERAL_PARAM_AUTO_UPDATE);
1976 #endif /* CONFIG_BT_GAP_AUTO_UPDATE_CONN_PARAMS */
1977
1978 }
1979
1980 notify_le_param_updated(conn);
1981 }
1982
1983 bt_conn_unref(conn);
1984 }
1985
1986 #if defined(CONFIG_BT_HCI_ACL_FLOW_CONTROL)
set_flow_control(void)1987 static int set_flow_control(void)
1988 {
1989 struct bt_hci_cp_host_buffer_size *hbs;
1990 struct net_buf *buf;
1991 int err;
1992
1993 /* Check if host flow control is actually supported */
1994 if (!BT_CMD_TEST(bt_dev.supported_commands, 10, 5)) {
1995 LOG_WRN("Controller to host flow control not supported");
1996 return 0;
1997 }
1998
1999 buf = bt_hci_cmd_create(BT_HCI_OP_HOST_BUFFER_SIZE,
2000 sizeof(*hbs));
2001 if (!buf) {
2002 return -ENOBUFS;
2003 }
2004
2005 hbs = net_buf_add(buf, sizeof(*hbs));
2006 (void)memset(hbs, 0, sizeof(*hbs));
2007 hbs->acl_mtu = sys_cpu_to_le16(CONFIG_BT_BUF_ACL_RX_SIZE);
2008 hbs->acl_pkts = sys_cpu_to_le16(BT_BUF_HCI_ACL_RX_COUNT);
2009
2010 err = bt_hci_cmd_send_sync(BT_HCI_OP_HOST_BUFFER_SIZE, buf, NULL);
2011 if (err) {
2012 return err;
2013 }
2014
2015 buf = bt_hci_cmd_create(BT_HCI_OP_SET_CTL_TO_HOST_FLOW, 1);
2016 if (!buf) {
2017 return -ENOBUFS;
2018 }
2019
2020 net_buf_add_u8(buf, BT_HCI_CTL_TO_HOST_FLOW_ENABLE);
2021 return bt_hci_cmd_send_sync(BT_HCI_OP_SET_CTL_TO_HOST_FLOW, buf, NULL);
2022 }
2023 #endif /* CONFIG_BT_HCI_ACL_FLOW_CONTROL */
2024
unpair(uint8_t id,const bt_addr_le_t * addr)2025 static void unpair(uint8_t id, const bt_addr_le_t *addr)
2026 {
2027 struct bt_keys *keys = NULL;
2028 struct bt_conn *conn = bt_conn_lookup_addr_le(id, addr);
2029
2030 if (conn) {
2031 /* Clear the conn->le.keys pointer since we'll invalidate it,
2032 * and don't want any subsequent code (like disconnected
2033 * callbacks) accessing it.
2034 */
2035 if (conn->type == BT_CONN_TYPE_LE) {
2036 keys = conn->le.keys;
2037 conn->le.keys = NULL;
2038 }
2039
2040 bt_conn_disconnect(conn, BT_HCI_ERR_REMOTE_USER_TERM_CONN);
2041 bt_conn_unref(conn);
2042 }
2043
2044 if (IS_ENABLED(CONFIG_BT_CLASSIC)) {
2045 /* LE Public may indicate BR/EDR as well */
2046 if (addr->type == BT_ADDR_LE_PUBLIC) {
2047 bt_keys_link_key_clear_addr(&addr->a);
2048 }
2049 }
2050
2051 if (IS_ENABLED(CONFIG_BT_SMP)) {
2052 if (!keys) {
2053 keys = bt_keys_find_addr(id, addr);
2054 }
2055
2056 if (keys) {
2057 bt_keys_clear(keys);
2058 }
2059 }
2060
2061 bt_gatt_clear(id, addr);
2062
2063 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC)
2064 struct bt_conn_auth_info_cb *listener, *next;
2065
2066 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs, listener,
2067 next, node) {
2068 if (listener->bond_deleted) {
2069 listener->bond_deleted(id, addr);
2070 }
2071 }
2072 #endif /* defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC) */
2073 }
2074
unpair_remote(const struct bt_bond_info * info,void * data)2075 static void unpair_remote(const struct bt_bond_info *info, void *data)
2076 {
2077 uint8_t *id = (uint8_t *) data;
2078
2079 unpair(*id, &info->addr);
2080 }
2081
bt_unpair(uint8_t id,const bt_addr_le_t * addr)2082 int bt_unpair(uint8_t id, const bt_addr_le_t *addr)
2083 {
2084 if (id >= CONFIG_BT_ID_MAX) {
2085 return -EINVAL;
2086 }
2087
2088 if (IS_ENABLED(CONFIG_BT_SMP)) {
2089 if (!addr || bt_addr_le_eq(addr, BT_ADDR_LE_ANY)) {
2090 bt_foreach_bond(id, unpair_remote, &id);
2091 } else {
2092 unpair(id, addr);
2093 }
2094 } else {
2095 CHECKIF(addr == NULL) {
2096 LOG_DBG("addr is NULL");
2097 return -EINVAL;
2098 }
2099
2100 unpair(id, addr);
2101 }
2102
2103 return 0;
2104 }
2105
2106 #endif /* CONFIG_BT_CONN */
2107
2108 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC)
bt_security_err_get(uint8_t hci_err)2109 enum bt_security_err bt_security_err_get(uint8_t hci_err)
2110 {
2111 switch (hci_err) {
2112 case BT_HCI_ERR_SUCCESS:
2113 return BT_SECURITY_ERR_SUCCESS;
2114 case BT_HCI_ERR_AUTH_FAIL:
2115 return BT_SECURITY_ERR_AUTH_FAIL;
2116 case BT_HCI_ERR_PIN_OR_KEY_MISSING:
2117 return BT_SECURITY_ERR_PIN_OR_KEY_MISSING;
2118 case BT_HCI_ERR_PAIRING_NOT_SUPPORTED:
2119 return BT_SECURITY_ERR_PAIR_NOT_SUPPORTED;
2120 case BT_HCI_ERR_PAIRING_NOT_ALLOWED:
2121 return BT_SECURITY_ERR_PAIR_NOT_ALLOWED;
2122 case BT_HCI_ERR_INVALID_PARAM:
2123 return BT_SECURITY_ERR_INVALID_PARAM;
2124 default:
2125 return BT_SECURITY_ERR_UNSPECIFIED;
2126 }
2127 }
2128 #endif /* defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC) */
2129
2130 #if defined(CONFIG_BT_SMP)
update_sec_level(struct bt_conn * conn)2131 static bool update_sec_level(struct bt_conn *conn)
2132 {
2133 if (conn->le.keys && (conn->le.keys->flags & BT_KEYS_AUTHENTICATED)) {
2134 if (conn->le.keys->flags & BT_KEYS_SC &&
2135 conn->le.keys->enc_size == BT_SMP_MAX_ENC_KEY_SIZE) {
2136 conn->sec_level = BT_SECURITY_L4;
2137 } else {
2138 conn->sec_level = BT_SECURITY_L3;
2139 }
2140 } else {
2141 conn->sec_level = BT_SECURITY_L2;
2142 }
2143
2144 return !(conn->required_sec_level > conn->sec_level);
2145 }
2146 #endif /* CONFIG_BT_SMP */
2147
2148 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC)
hci_encrypt_change(struct net_buf * buf)2149 static void hci_encrypt_change(struct net_buf *buf)
2150 {
2151 struct bt_hci_evt_encrypt_change *evt = (void *)buf->data;
2152 uint16_t handle = sys_le16_to_cpu(evt->handle);
2153 uint8_t status = evt->status;
2154 struct bt_conn *conn;
2155
2156 LOG_DBG("status 0x%02x %s handle %u encrypt 0x%02x",
2157 evt->status, bt_hci_err_to_str(evt->status), handle, evt->encrypt);
2158
2159 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
2160 if (!conn) {
2161 LOG_ERR("Unable to look up conn with handle %u", handle);
2162 return;
2163 }
2164
2165 if (status) {
2166 bt_conn_security_changed(conn, status,
2167 bt_security_err_get(status));
2168 bt_conn_unref(conn);
2169 return;
2170 }
2171
2172 if (conn->encrypt == evt->encrypt) {
2173 LOG_WRN("No change to encryption state (encrypt 0x%02x)", evt->encrypt);
2174 bt_conn_unref(conn);
2175 return;
2176 }
2177
2178 conn->encrypt = evt->encrypt;
2179
2180 #if defined(CONFIG_BT_SMP)
2181 if (conn->type == BT_CONN_TYPE_LE) {
2182 /*
2183 * we update keys properties only on successful encryption to
2184 * avoid losing valid keys if encryption was not successful.
2185 *
2186 * Update keys with last pairing info for proper sec level
2187 * update. This is done only for LE transport, for BR/EDR keys
2188 * are updated on HCI 'Link Key Notification Event'
2189 */
2190 if (conn->encrypt) {
2191 bt_smp_update_keys(conn);
2192 }
2193
2194 if (!update_sec_level(conn)) {
2195 status = BT_HCI_ERR_AUTH_FAIL;
2196 }
2197 }
2198 #endif /* CONFIG_BT_SMP */
2199 #if defined(CONFIG_BT_CLASSIC)
2200 if (conn->type == BT_CONN_TYPE_BR) {
2201 if (!bt_br_update_sec_level(conn)) {
2202 bt_conn_unref(conn);
2203 return;
2204 }
2205
2206 if (IS_ENABLED(CONFIG_BT_SMP)) {
2207 /*
2208 * Start SMP over BR/EDR if we are pairing and are
2209 * central on the link
2210 */
2211 if (atomic_test_bit(conn->flags, BT_CONN_BR_PAIRED) &&
2212 conn->role == BT_CONN_ROLE_CENTRAL) {
2213 bt_smp_br_send_pairing_req(conn);
2214 }
2215 }
2216 }
2217 #endif /* CONFIG_BT_CLASSIC */
2218
2219 bt_conn_security_changed(conn, status, bt_security_err_get(status));
2220
2221 if (status) {
2222 LOG_ERR("Failed to set required security level");
2223 bt_conn_disconnect(conn, status);
2224 }
2225
2226 bt_conn_unref(conn);
2227 }
2228
hci_encrypt_key_refresh_complete(struct net_buf * buf)2229 static void hci_encrypt_key_refresh_complete(struct net_buf *buf)
2230 {
2231 struct bt_hci_evt_encrypt_key_refresh_complete *evt = (void *)buf->data;
2232 uint8_t status = evt->status;
2233 struct bt_conn *conn;
2234 uint16_t handle;
2235
2236 handle = sys_le16_to_cpu(evt->handle);
2237
2238 LOG_DBG("status 0x%02x %s handle %u",
2239 evt->status, bt_hci_err_to_str(evt->status), handle);
2240
2241 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
2242 if (!conn) {
2243 LOG_ERR("Unable to look up conn with handle %u", handle);
2244 return;
2245 }
2246
2247 if (status) {
2248 bt_conn_security_changed(conn, status,
2249 bt_security_err_get(status));
2250 bt_conn_unref(conn);
2251 return;
2252 }
2253
2254 /*
2255 * Update keys with last pairing info for proper sec level update.
2256 * This is done only for LE transport. For BR/EDR transport keys are
2257 * updated on HCI 'Link Key Notification Event', therefore update here
2258 * only security level based on available keys and encryption state.
2259 */
2260 #if defined(CONFIG_BT_SMP)
2261 if (conn->type == BT_CONN_TYPE_LE) {
2262 bt_smp_update_keys(conn);
2263
2264 if (!update_sec_level(conn)) {
2265 status = BT_HCI_ERR_AUTH_FAIL;
2266 }
2267 }
2268 #endif /* CONFIG_BT_SMP */
2269 #if defined(CONFIG_BT_CLASSIC)
2270 if (conn->type == BT_CONN_TYPE_BR) {
2271 if (!bt_br_update_sec_level(conn)) {
2272 bt_conn_unref(conn);
2273 return;
2274 }
2275
2276 if (IS_ENABLED(CONFIG_BT_SMP)) {
2277 /*
2278 * Start SMP over BR/EDR if we are pairing and are
2279 * central on the link
2280 */
2281 if (atomic_test_bit(conn->flags, BT_CONN_BR_PAIRED) &&
2282 conn->role == BT_CONN_ROLE_CENTRAL) {
2283 bt_smp_br_send_pairing_req(conn);
2284 }
2285 }
2286 }
2287 #endif /* CONFIG_BT_CLASSIC */
2288
2289 bt_conn_security_changed(conn, status, bt_security_err_get(status));
2290 if (status) {
2291 LOG_ERR("Failed to set required security level");
2292 bt_conn_disconnect(conn, status);
2293 }
2294
2295 bt_conn_unref(conn);
2296 }
2297 #endif /* CONFIG_BT_SMP || CONFIG_BT_CLASSIC */
2298
2299 #if defined(CONFIG_BT_REMOTE_VERSION)
bt_hci_evt_read_remote_version_complete(struct net_buf * buf)2300 static void bt_hci_evt_read_remote_version_complete(struct net_buf *buf)
2301 {
2302 struct bt_hci_evt_remote_version_info *evt;
2303 struct bt_conn *conn;
2304 uint16_t handle;
2305
2306 evt = net_buf_pull_mem(buf, sizeof(*evt));
2307 handle = sys_le16_to_cpu(evt->handle);
2308 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
2309 if (!conn) {
2310 LOG_ERR("No connection for handle %u", handle);
2311 return;
2312 }
2313
2314 if (!evt->status) {
2315 conn->rv.version = evt->version;
2316 conn->rv.manufacturer = sys_le16_to_cpu(evt->manufacturer);
2317 conn->rv.subversion = sys_le16_to_cpu(evt->subversion);
2318 }
2319
2320 atomic_set_bit(conn->flags, BT_CONN_AUTO_VERSION_INFO);
2321
2322 if (IS_ENABLED(CONFIG_BT_REMOTE_INFO)) {
2323 /* Remote features is already present */
2324 notify_remote_info(conn);
2325 }
2326
2327 bt_conn_unref(conn);
2328 }
2329 #endif /* CONFIG_BT_REMOTE_VERSION */
2330
hci_hardware_error(struct net_buf * buf)2331 static void hci_hardware_error(struct net_buf *buf)
2332 {
2333 struct bt_hci_evt_hardware_error *evt;
2334
2335 evt = net_buf_pull_mem(buf, sizeof(*evt));
2336
2337 LOG_ERR("Hardware error, hardware code: %d", evt->hardware_code);
2338 }
2339
2340 #if defined(CONFIG_BT_SMP)
le_ltk_neg_reply(uint16_t handle)2341 static void le_ltk_neg_reply(uint16_t handle)
2342 {
2343 struct bt_hci_cp_le_ltk_req_neg_reply *cp;
2344 struct net_buf *buf;
2345
2346 buf = bt_hci_cmd_create(BT_HCI_OP_LE_LTK_REQ_NEG_REPLY, sizeof(*cp));
2347 if (!buf) {
2348 LOG_ERR("Out of command buffers");
2349
2350 return;
2351 }
2352
2353 cp = net_buf_add(buf, sizeof(*cp));
2354 cp->handle = sys_cpu_to_le16(handle);
2355
2356 bt_hci_cmd_send(BT_HCI_OP_LE_LTK_REQ_NEG_REPLY, buf);
2357 }
2358
le_ltk_reply(uint16_t handle,uint8_t * ltk)2359 static void le_ltk_reply(uint16_t handle, uint8_t *ltk)
2360 {
2361 struct bt_hci_cp_le_ltk_req_reply *cp;
2362 struct net_buf *buf;
2363
2364 buf = bt_hci_cmd_create(BT_HCI_OP_LE_LTK_REQ_REPLY,
2365 sizeof(*cp));
2366 if (!buf) {
2367 LOG_ERR("Out of command buffers");
2368 return;
2369 }
2370
2371 cp = net_buf_add(buf, sizeof(*cp));
2372 cp->handle = sys_cpu_to_le16(handle);
2373 memcpy(cp->ltk, ltk, sizeof(cp->ltk));
2374
2375 bt_hci_cmd_send(BT_HCI_OP_LE_LTK_REQ_REPLY, buf);
2376 }
2377
le_ltk_request(struct net_buf * buf)2378 static void le_ltk_request(struct net_buf *buf)
2379 {
2380 struct bt_hci_evt_le_ltk_request *evt = (void *)buf->data;
2381 struct bt_conn *conn;
2382 uint16_t handle;
2383 uint8_t ltk[16];
2384
2385 handle = sys_le16_to_cpu(evt->handle);
2386
2387 LOG_DBG("handle %u", handle);
2388
2389 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
2390 if (!conn) {
2391 LOG_ERR("Unable to lookup conn for handle %u", handle);
2392 return;
2393 }
2394
2395 if (bt_smp_request_ltk(conn, evt->rand, evt->ediv, ltk)) {
2396 le_ltk_reply(handle, ltk);
2397 } else {
2398 le_ltk_neg_reply(handle);
2399 }
2400
2401 bt_conn_unref(conn);
2402 }
2403 #endif /* CONFIG_BT_SMP */
2404
hci_reset_complete(void)2405 static void hci_reset_complete(void)
2406 {
2407 atomic_t flags;
2408
2409 if (IS_ENABLED(CONFIG_BT_OBSERVER)) {
2410 bt_scan_reset();
2411 }
2412
2413 #if defined(CONFIG_BT_CLASSIC)
2414 bt_br_discovery_reset();
2415 #endif /* CONFIG_BT_CLASSIC */
2416
2417 flags = (atomic_get(bt_dev.flags) & BT_DEV_PERSISTENT_FLAGS);
2418 atomic_set(bt_dev.flags, flags);
2419 }
2420
hci_cmd_done(uint16_t opcode,uint8_t status,struct net_buf * evt_buf)2421 static void hci_cmd_done(uint16_t opcode, uint8_t status, struct net_buf *evt_buf)
2422 {
2423 /* Original command buffer. */
2424 struct net_buf *buf = NULL;
2425
2426 LOG_DBG("opcode 0x%04x status 0x%02x %s buf %p", opcode,
2427 status, bt_hci_err_to_str(status), evt_buf);
2428
2429 /* Unsolicited cmd complete. This does not complete a command.
2430 * The controller can send these for effect of the `ncmd` field.
2431 */
2432 if (opcode == 0) {
2433 goto exit;
2434 }
2435
2436 /* Take the original command buffer reference. */
2437 buf = atomic_ptr_clear((atomic_ptr_t *)&bt_dev.sent_cmd);
2438
2439 if (!buf) {
2440 LOG_ERR("No command sent for cmd complete 0x%04x", opcode);
2441 goto exit;
2442 }
2443
2444 if (cmd(buf)->opcode != opcode) {
2445 LOG_ERR("OpCode 0x%04x completed instead of expected 0x%04x", opcode,
2446 cmd(buf)->opcode);
2447 buf = atomic_ptr_set((atomic_ptr_t *)&bt_dev.sent_cmd, buf);
2448 __ASSERT_NO_MSG(!buf);
2449 goto exit;
2450 }
2451
2452 /* Response data is to be delivered in the original command
2453 * buffer.
2454 */
2455 if (evt_buf != buf) {
2456 net_buf_reset(buf);
2457 bt_buf_set_type(buf, BT_BUF_EVT);
2458 net_buf_reserve(buf, BT_BUF_RESERVE);
2459 net_buf_add_mem(buf, evt_buf->data, evt_buf->len);
2460 }
2461
2462 if (cmd(buf)->state && !status) {
2463 struct bt_hci_cmd_state_set *update = cmd(buf)->state;
2464
2465 atomic_set_bit_to(update->target, update->bit, update->val);
2466 }
2467
2468 /* If the command was synchronous wake up bt_hci_cmd_send_sync() */
2469 if (cmd(buf)->sync) {
2470 LOG_DBG("sync cmd released");
2471 cmd(buf)->status = status;
2472 k_sem_give(cmd(buf)->sync);
2473 }
2474
2475 exit:
2476 if (buf) {
2477 net_buf_unref(buf);
2478 }
2479 }
2480
hci_cmd_complete(struct net_buf * buf)2481 static void hci_cmd_complete(struct net_buf *buf)
2482 {
2483 struct bt_hci_evt_cmd_complete *evt;
2484 uint8_t status, ncmd;
2485 uint16_t opcode;
2486
2487 evt = net_buf_pull_mem(buf, sizeof(*evt));
2488 ncmd = evt->ncmd;
2489 opcode = sys_le16_to_cpu(evt->opcode);
2490
2491 LOG_DBG("opcode 0x%04x", opcode);
2492
2493 /* All command return parameters have a 1-byte status in the
2494 * beginning, so we can safely make this generalization.
2495 */
2496 status = buf->data[0];
2497
2498 /* HOST_NUM_COMPLETED_PACKETS should not generate a response under normal operation.
2499 * The generation of this command ignores `ncmd_sem`, so should not be given here.
2500 */
2501 if (opcode == BT_HCI_OP_HOST_NUM_COMPLETED_PACKETS) {
2502 LOG_WRN("Unexpected HOST_NUM_COMPLETED_PACKETS, status 0x%02x %s",
2503 status, bt_hci_err_to_str(status));
2504 return;
2505 }
2506
2507 hci_cmd_done(opcode, status, buf);
2508
2509 /* Allow next command to be sent */
2510 if (ncmd) {
2511 k_sem_give(&bt_dev.ncmd_sem);
2512 bt_tx_irq_raise();
2513 }
2514 }
2515
hci_cmd_status(struct net_buf * buf)2516 static void hci_cmd_status(struct net_buf *buf)
2517 {
2518 struct bt_hci_evt_cmd_status *evt;
2519 uint16_t opcode;
2520 uint8_t ncmd;
2521
2522 evt = net_buf_pull_mem(buf, sizeof(*evt));
2523 opcode = sys_le16_to_cpu(evt->opcode);
2524 ncmd = evt->ncmd;
2525
2526 LOG_DBG("opcode 0x%04x", opcode);
2527
2528 hci_cmd_done(opcode, evt->status, buf);
2529
2530 /* Allow next command to be sent */
2531 if (ncmd) {
2532 k_sem_give(&bt_dev.ncmd_sem);
2533 bt_tx_irq_raise();
2534 }
2535 }
2536
bt_hci_get_conn_handle(const struct bt_conn * conn,uint16_t * conn_handle)2537 int bt_hci_get_conn_handle(const struct bt_conn *conn, uint16_t *conn_handle)
2538 {
2539 if (conn->state != BT_CONN_CONNECTED) {
2540 return -ENOTCONN;
2541 }
2542
2543 *conn_handle = conn->handle;
2544 return 0;
2545 }
2546
2547 #if defined(CONFIG_BT_EXT_ADV)
bt_hci_get_adv_handle(const struct bt_le_ext_adv * adv,uint8_t * adv_handle)2548 int bt_hci_get_adv_handle(const struct bt_le_ext_adv *adv, uint8_t *adv_handle)
2549 {
2550 if (!atomic_test_bit(adv->flags, BT_ADV_CREATED)) {
2551 return -EINVAL;
2552 }
2553
2554 *adv_handle = adv->handle;
2555 return 0;
2556 }
2557 #endif /* CONFIG_BT_EXT_ADV */
2558
2559 #if defined(CONFIG_BT_PER_ADV_SYNC)
bt_hci_get_adv_sync_handle(const struct bt_le_per_adv_sync * sync,uint16_t * sync_handle)2560 int bt_hci_get_adv_sync_handle(const struct bt_le_per_adv_sync *sync, uint16_t *sync_handle)
2561 {
2562 if (!atomic_test_bit(sync->flags, BT_PER_ADV_SYNC_CREATED)) {
2563 return -EINVAL;
2564 }
2565
2566 *sync_handle = sync->handle;
2567
2568 return 0;
2569 }
2570 #endif
2571
2572 #if defined(CONFIG_BT_HCI_VS_EVT_USER)
bt_hci_register_vnd_evt_cb(bt_hci_vnd_evt_cb_t cb)2573 int bt_hci_register_vnd_evt_cb(bt_hci_vnd_evt_cb_t cb)
2574 {
2575 hci_vnd_evt_cb = cb;
2576 return 0;
2577 }
2578 #endif /* CONFIG_BT_HCI_VS_EVT_USER */
2579
2580 #if defined(CONFIG_BT_TRANSMIT_POWER_CONTROL)
bt_hci_le_transmit_power_report(struct net_buf * buf)2581 void bt_hci_le_transmit_power_report(struct net_buf *buf)
2582 {
2583 struct bt_hci_evt_le_transmit_power_report *evt;
2584 struct bt_conn_le_tx_power_report report;
2585 struct bt_conn *conn;
2586
2587 evt = net_buf_pull_mem(buf, sizeof(*evt));
2588 conn = bt_conn_lookup_handle(sys_le16_to_cpu(evt->handle), BT_CONN_TYPE_LE);
2589 if (!conn) {
2590 LOG_ERR("Unknown conn handle 0x%04X for transmit power report",
2591 sys_le16_to_cpu(evt->handle));
2592 return;
2593 }
2594
2595 report.reason = evt->reason;
2596 report.phy = evt->phy;
2597 report.tx_power_level = evt->tx_power_level;
2598 report.tx_power_level_flag = evt->tx_power_level_flag;
2599 report.delta = evt->delta;
2600
2601 notify_tx_power_report(conn, report);
2602
2603 bt_conn_unref(conn);
2604 }
2605 #endif /* CONFIG_BT_TRANSMIT_POWER_CONTROL */
2606
2607 #if defined(CONFIG_BT_PATH_LOSS_MONITORING)
bt_hci_le_path_loss_threshold_event(struct net_buf * buf)2608 void bt_hci_le_path_loss_threshold_event(struct net_buf *buf)
2609 {
2610 struct bt_hci_evt_le_path_loss_threshold *evt;
2611 struct bt_conn_le_path_loss_threshold_report report;
2612 struct bt_conn *conn;
2613
2614 evt = net_buf_pull_mem(buf, sizeof(*evt));
2615
2616 if (evt->zone_entered > BT_CONN_LE_PATH_LOSS_ZONE_ENTERED_HIGH) {
2617 LOG_ERR("Invalid zone %u in bt_hci_evt_le_path_loss_threshold",
2618 evt->zone_entered);
2619 return;
2620 }
2621
2622 conn = bt_conn_lookup_handle(sys_le16_to_cpu(evt->handle), BT_CONN_TYPE_LE);
2623 if (!conn) {
2624 LOG_ERR("Unknown conn handle 0x%04X for path loss threshold report",
2625 sys_le16_to_cpu(evt->handle));
2626 return;
2627 }
2628
2629 if (evt->current_path_loss == BT_HCI_LE_PATH_LOSS_UNAVAILABLE) {
2630 report.zone = BT_CONN_LE_PATH_LOSS_ZONE_UNAVAILABLE;
2631 report.path_loss = BT_HCI_LE_PATH_LOSS_UNAVAILABLE;
2632 } else {
2633 report.zone = evt->zone_entered;
2634 report.path_loss = evt->current_path_loss;
2635 }
2636
2637 notify_path_loss_threshold_report(conn, report);
2638
2639 bt_conn_unref(conn);
2640 }
2641 #endif /* CONFIG_BT_PATH_LOSS_MONITORING */
2642
2643 #if defined(CONFIG_BT_SUBRATING)
bt_hci_le_subrate_change_event(struct net_buf * buf)2644 void bt_hci_le_subrate_change_event(struct net_buf *buf)
2645 {
2646 struct bt_hci_evt_le_subrate_change *evt;
2647 struct bt_conn_le_subrate_changed params;
2648 struct bt_conn *conn;
2649
2650 evt = net_buf_pull_mem(buf, sizeof(*evt));
2651
2652 conn = bt_conn_lookup_handle(sys_le16_to_cpu(evt->handle), BT_CONN_TYPE_LE);
2653 if (!conn) {
2654 LOG_ERR("Unknown conn handle 0x%04X for subrating event",
2655 sys_le16_to_cpu(evt->handle));
2656 return;
2657 }
2658
2659 if (evt->status == BT_HCI_ERR_SUCCESS) {
2660 conn->le.subrate.factor = sys_le16_to_cpu(evt->subrate_factor);
2661 conn->le.subrate.continuation_number = sys_le16_to_cpu(evt->continuation_number);
2662 conn->le.latency = sys_le16_to_cpu(evt->peripheral_latency);
2663 conn->le.timeout = sys_le16_to_cpu(evt->supervision_timeout);
2664
2665 if (!IS_ENABLED(CONFIG_BT_CONN_PARAM_ANY)) {
2666 if (!IN_RANGE(conn->le.subrate.factor, BT_HCI_LE_SUBRATE_FACTOR_MIN,
2667 BT_HCI_LE_SUBRATE_FACTOR_MAX)) {
2668 LOG_WRN("subrate_factor exceeds the valid range %d",
2669 conn->le.subrate.factor);
2670 }
2671 if (conn->le.latency > BT_HCI_LE_PERIPHERAL_LATENCY_MAX) {
2672 LOG_WRN("peripheral_latency exceeds the valid range 0x%04x",
2673 conn->le.latency);
2674 }
2675 if (conn->le.subrate.continuation_number > BT_HCI_LE_CONTINUATION_NUM_MAX) {
2676 LOG_WRN("continuation_number exceeds the valid range %d",
2677 conn->le.subrate.continuation_number);
2678 }
2679 if (!IN_RANGE(conn->le.timeout, BT_HCI_LE_SUPERVISON_TIMEOUT_MIN,
2680 BT_HCI_LE_SUPERVISON_TIMEOUT_MAX)) {
2681 LOG_WRN("supervision_timeout exceeds the valid range 0x%04x",
2682 conn->le.timeout);
2683 }
2684 }
2685 }
2686
2687 params.status = evt->status;
2688 params.factor = conn->le.subrate.factor;
2689 params.continuation_number = conn->le.subrate.continuation_number;
2690 params.peripheral_latency = conn->le.latency;
2691 params.supervision_timeout = conn->le.timeout;
2692
2693 notify_subrate_change(conn, params);
2694
2695 bt_conn_unref(conn);
2696 }
2697 #endif /* CONFIG_BT_SUBRATING */
2698
2699 static const struct event_handler vs_events[] = {
2700 #if defined(CONFIG_BT_DF_VS_CL_IQ_REPORT_16_BITS_IQ_SAMPLES)
2701 EVENT_HANDLER(BT_HCI_EVT_VS_LE_CONNECTIONLESS_IQ_REPORT,
2702 bt_hci_le_vs_df_connectionless_iq_report,
2703 sizeof(struct bt_hci_evt_vs_le_connectionless_iq_report)),
2704 #endif /* CONFIG_BT_DF_VS_CL_IQ_REPORT_16_BITS_IQ_SAMPLES */
2705 #if defined(CONFIG_BT_DF_VS_CONN_IQ_REPORT_16_BITS_IQ_SAMPLES)
2706 EVENT_HANDLER(BT_HCI_EVT_VS_LE_CONNECTION_IQ_REPORT, bt_hci_le_vs_df_connection_iq_report,
2707 sizeof(struct bt_hci_evt_vs_le_connection_iq_report)),
2708 #endif /* CONFIG_BT_DF_VS_CONN_IQ_REPORT_16_BITS_IQ_SAMPLES */
2709 };
2710
hci_vendor_event(struct net_buf * buf)2711 static void hci_vendor_event(struct net_buf *buf)
2712 {
2713 bool handled = false;
2714
2715 #if defined(CONFIG_BT_HCI_VS_EVT_USER)
2716 if (hci_vnd_evt_cb) {
2717 struct net_buf_simple_state state;
2718
2719 net_buf_simple_save(&buf->b, &state);
2720
2721 handled = hci_vnd_evt_cb(&buf->b);
2722
2723 net_buf_simple_restore(&buf->b, &state);
2724 }
2725 #endif /* CONFIG_BT_HCI_VS_EVT_USER */
2726
2727 if (IS_ENABLED(CONFIG_BT_HCI_VS) && !handled) {
2728 struct bt_hci_evt_vs *evt;
2729
2730 evt = net_buf_pull_mem(buf, sizeof(*evt));
2731
2732 LOG_DBG("subevent 0x%02x", evt->subevent);
2733
2734 handle_vs_event(evt->subevent, buf, vs_events, ARRAY_SIZE(vs_events));
2735 }
2736 }
2737
2738 static const struct event_handler meta_events[] = {
2739 #if defined(CONFIG_BT_OBSERVER)
2740 EVENT_HANDLER(BT_HCI_EVT_LE_ADVERTISING_REPORT, bt_hci_le_adv_report,
2741 sizeof(struct bt_hci_evt_le_advertising_report)),
2742 #endif /* CONFIG_BT_OBSERVER */
2743 #if defined(CONFIG_BT_CONN)
2744 EVENT_HANDLER(BT_HCI_EVT_LE_CONN_COMPLETE, le_legacy_conn_complete,
2745 sizeof(struct bt_hci_evt_le_conn_complete)),
2746 EVENT_HANDLER(BT_HCI_EVT_LE_ENH_CONN_COMPLETE, le_enh_conn_complete,
2747 sizeof(struct bt_hci_evt_le_enh_conn_complete)),
2748 EVENT_HANDLER(BT_HCI_EVT_LE_CONN_UPDATE_COMPLETE,
2749 le_conn_update_complete,
2750 sizeof(struct bt_hci_evt_le_conn_update_complete)),
2751 EVENT_HANDLER(BT_HCI_EVT_LE_REMOTE_FEAT_COMPLETE,
2752 le_remote_feat_complete,
2753 sizeof(struct bt_hci_evt_le_remote_feat_complete)),
2754 EVENT_HANDLER(BT_HCI_EVT_LE_CONN_PARAM_REQ, le_conn_param_req,
2755 sizeof(struct bt_hci_evt_le_conn_param_req)),
2756 #if defined(CONFIG_BT_DATA_LEN_UPDATE)
2757 EVENT_HANDLER(BT_HCI_EVT_LE_DATA_LEN_CHANGE, le_data_len_change,
2758 sizeof(struct bt_hci_evt_le_data_len_change)),
2759 #endif /* CONFIG_BT_DATA_LEN_UPDATE */
2760 #if defined(CONFIG_BT_PHY_UPDATE)
2761 EVENT_HANDLER(BT_HCI_EVT_LE_PHY_UPDATE_COMPLETE,
2762 le_phy_update_complete,
2763 sizeof(struct bt_hci_evt_le_phy_update_complete)),
2764 #endif /* CONFIG_BT_PHY_UPDATE */
2765 #endif /* CONFIG_BT_CONN */
2766 #if defined(CONFIG_BT_SMP)
2767 EVENT_HANDLER(BT_HCI_EVT_LE_LTK_REQUEST, le_ltk_request,
2768 sizeof(struct bt_hci_evt_le_ltk_request)),
2769 #endif /* CONFIG_BT_SMP */
2770 #if defined(CONFIG_BT_EXT_ADV)
2771 #if defined(CONFIG_BT_BROADCASTER)
2772 EVENT_HANDLER(BT_HCI_EVT_LE_ADV_SET_TERMINATED, bt_hci_le_adv_set_terminated,
2773 sizeof(struct bt_hci_evt_le_adv_set_terminated)),
2774 EVENT_HANDLER(BT_HCI_EVT_LE_SCAN_REQ_RECEIVED, bt_hci_le_scan_req_received,
2775 sizeof(struct bt_hci_evt_le_scan_req_received)),
2776 #endif
2777 #if defined(CONFIG_BT_OBSERVER)
2778 EVENT_HANDLER(BT_HCI_EVT_LE_SCAN_TIMEOUT, bt_hci_le_scan_timeout,
2779 0),
2780 EVENT_HANDLER(BT_HCI_EVT_LE_EXT_ADVERTISING_REPORT, bt_hci_le_adv_ext_report,
2781 sizeof(struct bt_hci_evt_le_ext_advertising_report)),
2782 #endif /* defined(CONFIG_BT_OBSERVER) */
2783 #if defined(CONFIG_BT_PER_ADV_SYNC)
2784 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_SYNC_ESTABLISHED,
2785 bt_hci_le_per_adv_sync_established,
2786 sizeof(struct bt_hci_evt_le_per_adv_sync_established)),
2787 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADVERTISING_REPORT, bt_hci_le_per_adv_report,
2788 sizeof(struct bt_hci_evt_le_per_advertising_report)),
2789 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_SYNC_LOST, bt_hci_le_per_adv_sync_lost,
2790 sizeof(struct bt_hci_evt_le_per_adv_sync_lost)),
2791 #if defined(CONFIG_BT_PER_ADV_SYNC_TRANSFER_RECEIVER)
2792 EVENT_HANDLER(BT_HCI_EVT_LE_PAST_RECEIVED, bt_hci_le_past_received,
2793 sizeof(struct bt_hci_evt_le_past_received)),
2794 #endif /* CONFIG_BT_PER_ADV_SYNC_TRANSFER_RECEIVER */
2795 #endif /* defined(CONFIG_BT_PER_ADV_SYNC) */
2796 #endif /* defined(CONFIG_BT_EXT_ADV) */
2797 #if defined(CONFIG_BT_ISO_UNICAST)
2798 EVENT_HANDLER(BT_HCI_EVT_LE_CIS_ESTABLISHED, hci_le_cis_established,
2799 sizeof(struct bt_hci_evt_le_cis_established)),
2800 EVENT_HANDLER(BT_HCI_EVT_LE_CIS_ESTABLISHED_V2, hci_le_cis_established_v2,
2801 sizeof(struct bt_hci_evt_le_cis_established_v2)),
2802 #if defined(CONFIG_BT_ISO_PERIPHERAL)
2803 EVENT_HANDLER(BT_HCI_EVT_LE_CIS_REQ, hci_le_cis_req,
2804 sizeof(struct bt_hci_evt_le_cis_req)),
2805 #endif /* (CONFIG_BT_ISO_PERIPHERAL) */
2806 #endif /* (CONFIG_BT_ISO_UNICAST) */
2807 #if defined(CONFIG_BT_ISO_BROADCASTER)
2808 EVENT_HANDLER(BT_HCI_EVT_LE_BIG_COMPLETE,
2809 hci_le_big_complete,
2810 sizeof(struct bt_hci_evt_le_big_complete)),
2811 EVENT_HANDLER(BT_HCI_EVT_LE_BIG_TERMINATE,
2812 hci_le_big_terminate,
2813 sizeof(struct bt_hci_evt_le_big_terminate)),
2814 #endif /* CONFIG_BT_ISO_BROADCASTER */
2815 #if defined(CONFIG_BT_ISO_SYNC_RECEIVER)
2816 EVENT_HANDLER(BT_HCI_EVT_LE_BIG_SYNC_ESTABLISHED,
2817 hci_le_big_sync_established,
2818 sizeof(struct bt_hci_evt_le_big_sync_established)),
2819 EVENT_HANDLER(BT_HCI_EVT_LE_BIG_SYNC_LOST,
2820 hci_le_big_sync_lost,
2821 sizeof(struct bt_hci_evt_le_big_sync_lost)),
2822 EVENT_HANDLER(BT_HCI_EVT_LE_BIGINFO_ADV_REPORT,
2823 bt_hci_le_biginfo_adv_report,
2824 sizeof(struct bt_hci_evt_le_biginfo_adv_report)),
2825 #endif /* CONFIG_BT_ISO_SYNC_RECEIVER */
2826 #if defined(CONFIG_BT_DF_CONNECTIONLESS_CTE_RX)
2827 EVENT_HANDLER(BT_HCI_EVT_LE_CONNECTIONLESS_IQ_REPORT, bt_hci_le_df_connectionless_iq_report,
2828 sizeof(struct bt_hci_evt_le_connectionless_iq_report)),
2829 #endif /* CONFIG_BT_DF_CONNECTIONLESS_CTE_RX */
2830 #if defined(CONFIG_BT_DF_CONNECTION_CTE_RX)
2831 EVENT_HANDLER(BT_HCI_EVT_LE_CONNECTION_IQ_REPORT, bt_hci_le_df_connection_iq_report,
2832 sizeof(struct bt_hci_evt_le_connection_iq_report)),
2833 #endif /* CONFIG_BT_DF_CONNECTION_CTE_RX */
2834 #if defined(CONFIG_BT_DF_CONNECTION_CTE_REQ)
2835 EVENT_HANDLER(BT_HCI_EVT_LE_CTE_REQUEST_FAILED, bt_hci_le_df_cte_req_failed,
2836 sizeof(struct bt_hci_evt_le_cte_req_failed)),
2837 #endif /* CONFIG_BT_DF_CONNECTION_CTE_REQ */
2838 #if defined(CONFIG_BT_TRANSMIT_POWER_CONTROL)
2839 EVENT_HANDLER(BT_HCI_EVT_LE_TRANSMIT_POWER_REPORT, bt_hci_le_transmit_power_report,
2840 sizeof(struct bt_hci_evt_le_transmit_power_report)),
2841 #endif /* CONFIG_BT_TRANSMIT_POWER_CONTROL */
2842 #if defined(CONFIG_BT_PATH_LOSS_MONITORING)
2843 EVENT_HANDLER(BT_HCI_EVT_LE_PATH_LOSS_THRESHOLD, bt_hci_le_path_loss_threshold_event,
2844 sizeof(struct bt_hci_evt_le_path_loss_threshold)),
2845 #endif /* CONFIG_BT_PATH_LOSS_MONITORING */
2846 #if defined(CONFIG_BT_SUBRATING)
2847 EVENT_HANDLER(BT_HCI_EVT_LE_SUBRATE_CHANGE, bt_hci_le_subrate_change_event,
2848 sizeof(struct bt_hci_evt_le_subrate_change)),
2849 #endif /* CONFIG_BT_PATH_LOSS_MONITORING */
2850 #if defined(CONFIG_BT_PER_ADV_SYNC_RSP)
2851 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADVERTISING_REPORT_V2, bt_hci_le_per_adv_report_v2,
2852 sizeof(struct bt_hci_evt_le_per_advertising_report_v2)),
2853 #if defined(CONFIG_BT_PER_ADV_SYNC_TRANSFER_RECEIVER)
2854 EVENT_HANDLER(BT_HCI_EVT_LE_PAST_RECEIVED_V2, bt_hci_le_past_received_v2,
2855 sizeof(struct bt_hci_evt_le_past_received_v2)),
2856 #endif /* CONFIG_BT_PER_ADV_SYNC_TRANSFER_RECEIVER */
2857 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_SYNC_ESTABLISHED_V2,
2858 bt_hci_le_per_adv_sync_established_v2,
2859 sizeof(struct bt_hci_evt_le_per_adv_sync_established_v2)),
2860 #endif /* CONFIG_BT_PER_ADV_SYNC_RSP */
2861 #if defined(CONFIG_BT_PER_ADV_RSP)
2862 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_SUBEVENT_DATA_REQUEST,
2863 bt_hci_le_per_adv_subevent_data_request,
2864 sizeof(struct bt_hci_evt_le_per_adv_subevent_data_request)),
2865 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_RESPONSE_REPORT, bt_hci_le_per_adv_response_report,
2866 sizeof(struct bt_hci_evt_le_per_adv_response_report)),
2867 #endif /* CONFIG_BT_PER_ADV_RSP */
2868 #if defined(CONFIG_BT_CONN)
2869 #if defined(CONFIG_BT_PER_ADV_RSP) || defined(CONFIG_BT_PER_ADV_SYNC_RSP)
2870 EVENT_HANDLER(BT_HCI_EVT_LE_ENH_CONN_COMPLETE_V2, le_enh_conn_complete_v2,
2871 sizeof(struct bt_hci_evt_le_enh_conn_complete_v2)),
2872 #endif /* CONFIG_BT_PER_ADV_RSP || CONFIG_BT_PER_ADV_SYNC_RSP */
2873 #endif /* CONFIG_BT_CONN */
2874 #if defined(CONFIG_BT_CHANNEL_SOUNDING)
2875 EVENT_HANDLER(BT_HCI_EVT_LE_CS_READ_REMOTE_SUPPORTED_CAPABILITIES_COMPLETE,
2876 bt_hci_le_cs_read_remote_supported_capabilities_complete,
2877 sizeof(struct bt_hci_evt_le_cs_read_remote_supported_capabilities_complete)),
2878 EVENT_HANDLER(BT_HCI_EVT_LE_CS_READ_REMOTE_FAE_TABLE_COMPLETE,
2879 bt_hci_le_cs_read_remote_fae_table_complete,
2880 sizeof(struct bt_hci_evt_le_cs_read_remote_fae_table_complete)),
2881 EVENT_HANDLER(BT_HCI_EVT_LE_CS_CONFIG_COMPLETE, bt_hci_le_cs_config_complete_event,
2882 sizeof(struct bt_hci_evt_le_cs_config_complete)),
2883 EVENT_HANDLER(BT_HCI_EVT_LE_CS_SECURITY_ENABLE_COMPLETE,
2884 bt_hci_le_cs_security_enable_complete,
2885 sizeof(struct bt_hci_evt_le_cs_security_enable_complete)),
2886 EVENT_HANDLER(BT_HCI_EVT_LE_CS_PROCEDURE_ENABLE_COMPLETE,
2887 bt_hci_le_cs_procedure_enable_complete,
2888 sizeof(struct bt_hci_evt_le_cs_procedure_enable_complete)),
2889 EVENT_HANDLER(BT_HCI_EVT_LE_CS_SUBEVENT_RESULT,
2890 bt_hci_le_cs_subevent_result,
2891 sizeof(struct bt_hci_evt_le_cs_subevent_result)),
2892 EVENT_HANDLER(BT_HCI_EVT_LE_CS_SUBEVENT_RESULT_CONTINUE,
2893 bt_hci_le_cs_subevent_result_continue,
2894 sizeof(struct bt_hci_evt_le_cs_subevent_result_continue)),
2895 #if defined(CONFIG_BT_CHANNEL_SOUNDING_TEST)
2896 EVENT_HANDLER(BT_HCI_EVT_LE_CS_TEST_END_COMPLETE,
2897 bt_hci_le_cs_test_end_complete,
2898 sizeof(struct bt_hci_evt_le_cs_test_end_complete)),
2899 #endif /* CONFIG_BT_CHANNEL_SOUNDING_TEST */
2900 #endif /* CONFIG_BT_CHANNEL_SOUNDING */
2901
2902 };
2903
hci_le_meta_event(struct net_buf * buf)2904 static void hci_le_meta_event(struct net_buf *buf)
2905 {
2906 struct bt_hci_evt_le_meta_event *evt;
2907
2908 evt = net_buf_pull_mem(buf, sizeof(*evt));
2909
2910 LOG_DBG("subevent 0x%02x", evt->subevent);
2911
2912 handle_event(evt->subevent, buf, meta_events, ARRAY_SIZE(meta_events));
2913 }
2914
2915 static const struct event_handler normal_events[] = {
2916 EVENT_HANDLER(BT_HCI_EVT_VENDOR, hci_vendor_event,
2917 sizeof(struct bt_hci_evt_vs)),
2918 EVENT_HANDLER(BT_HCI_EVT_LE_META_EVENT, hci_le_meta_event,
2919 sizeof(struct bt_hci_evt_le_meta_event)),
2920 #if defined(CONFIG_BT_CLASSIC)
2921 EVENT_HANDLER(BT_HCI_EVT_CONN_REQUEST, bt_hci_conn_req,
2922 sizeof(struct bt_hci_evt_conn_request)),
2923 EVENT_HANDLER(BT_HCI_EVT_CONN_COMPLETE, bt_hci_conn_complete,
2924 sizeof(struct bt_hci_evt_conn_complete)),
2925 EVENT_HANDLER(BT_HCI_EVT_PIN_CODE_REQ, bt_hci_pin_code_req,
2926 sizeof(struct bt_hci_evt_pin_code_req)),
2927 EVENT_HANDLER(BT_HCI_EVT_LINK_KEY_NOTIFY, bt_hci_link_key_notify,
2928 sizeof(struct bt_hci_evt_link_key_notify)),
2929 EVENT_HANDLER(BT_HCI_EVT_LINK_KEY_REQ, bt_hci_link_key_req,
2930 sizeof(struct bt_hci_evt_link_key_req)),
2931 EVENT_HANDLER(BT_HCI_EVT_IO_CAPA_RESP, bt_hci_io_capa_resp,
2932 sizeof(struct bt_hci_evt_io_capa_resp)),
2933 EVENT_HANDLER(BT_HCI_EVT_IO_CAPA_REQ, bt_hci_io_capa_req,
2934 sizeof(struct bt_hci_evt_io_capa_req)),
2935 EVENT_HANDLER(BT_HCI_EVT_SSP_COMPLETE, bt_hci_ssp_complete,
2936 sizeof(struct bt_hci_evt_ssp_complete)),
2937 EVENT_HANDLER(BT_HCI_EVT_USER_CONFIRM_REQ, bt_hci_user_confirm_req,
2938 sizeof(struct bt_hci_evt_user_confirm_req)),
2939 EVENT_HANDLER(BT_HCI_EVT_USER_PASSKEY_NOTIFY,
2940 bt_hci_user_passkey_notify,
2941 sizeof(struct bt_hci_evt_user_passkey_notify)),
2942 EVENT_HANDLER(BT_HCI_EVT_USER_PASSKEY_REQ, bt_hci_user_passkey_req,
2943 sizeof(struct bt_hci_evt_user_passkey_req)),
2944 EVENT_HANDLER(BT_HCI_EVT_INQUIRY_COMPLETE, bt_hci_inquiry_complete,
2945 sizeof(struct bt_hci_evt_inquiry_complete)),
2946 EVENT_HANDLER(BT_HCI_EVT_INQUIRY_RESULT_WITH_RSSI,
2947 bt_hci_inquiry_result_with_rssi,
2948 sizeof(struct bt_hci_evt_inquiry_result_with_rssi)),
2949 EVENT_HANDLER(BT_HCI_EVT_EXTENDED_INQUIRY_RESULT,
2950 bt_hci_extended_inquiry_result,
2951 sizeof(struct bt_hci_evt_extended_inquiry_result)),
2952 EVENT_HANDLER(BT_HCI_EVT_REMOTE_NAME_REQ_COMPLETE,
2953 bt_hci_remote_name_request_complete,
2954 sizeof(struct bt_hci_evt_remote_name_req_complete)),
2955 EVENT_HANDLER(BT_HCI_EVT_AUTH_COMPLETE, bt_hci_auth_complete,
2956 sizeof(struct bt_hci_evt_auth_complete)),
2957 EVENT_HANDLER(BT_HCI_EVT_REMOTE_FEATURES,
2958 bt_hci_read_remote_features_complete,
2959 sizeof(struct bt_hci_evt_remote_features)),
2960 EVENT_HANDLER(BT_HCI_EVT_REMOTE_EXT_FEATURES,
2961 bt_hci_read_remote_ext_features_complete,
2962 sizeof(struct bt_hci_evt_remote_ext_features)),
2963 EVENT_HANDLER(BT_HCI_EVT_ROLE_CHANGE, bt_hci_role_change,
2964 sizeof(struct bt_hci_evt_role_change)),
2965 EVENT_HANDLER(BT_HCI_EVT_SYNC_CONN_COMPLETE, bt_hci_synchronous_conn_complete,
2966 sizeof(struct bt_hci_evt_sync_conn_complete)),
2967 #endif /* CONFIG_BT_CLASSIC */
2968 #if defined(CONFIG_BT_CONN)
2969 EVENT_HANDLER(BT_HCI_EVT_DISCONN_COMPLETE, hci_disconn_complete,
2970 sizeof(struct bt_hci_evt_disconn_complete)),
2971 #endif /* CONFIG_BT_CONN */
2972 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC)
2973 EVENT_HANDLER(BT_HCI_EVT_ENCRYPT_CHANGE, hci_encrypt_change,
2974 sizeof(struct bt_hci_evt_encrypt_change)),
2975 EVENT_HANDLER(BT_HCI_EVT_ENCRYPT_KEY_REFRESH_COMPLETE,
2976 hci_encrypt_key_refresh_complete,
2977 sizeof(struct bt_hci_evt_encrypt_key_refresh_complete)),
2978 #endif /* CONFIG_BT_SMP || CONFIG_BT_CLASSIC */
2979 #if defined(CONFIG_BT_REMOTE_VERSION)
2980 EVENT_HANDLER(BT_HCI_EVT_REMOTE_VERSION_INFO,
2981 bt_hci_evt_read_remote_version_complete,
2982 sizeof(struct bt_hci_evt_remote_version_info)),
2983 #endif /* CONFIG_BT_REMOTE_VERSION */
2984 EVENT_HANDLER(BT_HCI_EVT_HARDWARE_ERROR, hci_hardware_error,
2985 sizeof(struct bt_hci_evt_hardware_error)),
2986 };
2987
2988
2989 #define BT_HCI_EVT_FLAG_RECV_PRIO BIT(0)
2990 #define BT_HCI_EVT_FLAG_RECV BIT(1)
2991
2992 /** @brief Get HCI event flags.
2993 *
2994 * Helper for the HCI driver to get HCI event flags that describes rules that.
2995 * must be followed.
2996 *
2997 * @param evt HCI event code.
2998 *
2999 * @return HCI event flags for the specified event.
3000 */
bt_hci_evt_get_flags(uint8_t evt)3001 static inline uint8_t bt_hci_evt_get_flags(uint8_t evt)
3002 {
3003 switch (evt) {
3004 case BT_HCI_EVT_DISCONN_COMPLETE:
3005 return BT_HCI_EVT_FLAG_RECV | BT_HCI_EVT_FLAG_RECV_PRIO;
3006 /* fallthrough */
3007 #if defined(CONFIG_BT_CONN) || defined(CONFIG_BT_ISO)
3008 case BT_HCI_EVT_NUM_COMPLETED_PACKETS:
3009 #if defined(CONFIG_BT_CONN)
3010 case BT_HCI_EVT_DATA_BUF_OVERFLOW:
3011 __fallthrough;
3012 #endif /* defined(CONFIG_BT_CONN) */
3013 #endif /* CONFIG_BT_CONN || CONFIG_BT_ISO */
3014 case BT_HCI_EVT_CMD_COMPLETE:
3015 case BT_HCI_EVT_CMD_STATUS:
3016 return BT_HCI_EVT_FLAG_RECV_PRIO;
3017 default:
3018 return BT_HCI_EVT_FLAG_RECV;
3019 }
3020 }
3021
hci_event(struct net_buf * buf)3022 static void hci_event(struct net_buf *buf)
3023 {
3024 struct bt_hci_evt_hdr *hdr;
3025
3026 if (buf->len < sizeof(*hdr)) {
3027 LOG_ERR("Invalid HCI event size (%u)", buf->len);
3028 net_buf_unref(buf);
3029 return;
3030 }
3031
3032 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
3033 LOG_DBG("event 0x%02x", hdr->evt);
3034 BT_ASSERT(bt_hci_evt_get_flags(hdr->evt) & BT_HCI_EVT_FLAG_RECV);
3035
3036 handle_event(hdr->evt, buf, normal_events, ARRAY_SIZE(normal_events));
3037
3038 net_buf_unref(buf);
3039 }
3040
hci_core_send_cmd(void)3041 static void hci_core_send_cmd(void)
3042 {
3043 struct net_buf *buf;
3044 int err;
3045
3046 /* Get next command */
3047 LOG_DBG("fetch cmd");
3048 buf = k_fifo_get(&bt_dev.cmd_tx_queue, K_NO_WAIT);
3049 BT_ASSERT(buf);
3050
3051 /* Clear out any existing sent command */
3052 if (bt_dev.sent_cmd) {
3053 LOG_ERR("Uncleared pending sent_cmd");
3054 net_buf_unref(bt_dev.sent_cmd);
3055 bt_dev.sent_cmd = NULL;
3056 }
3057
3058 bt_dev.sent_cmd = net_buf_ref(buf);
3059
3060 LOG_DBG("Sending command 0x%04x (buf %p) to driver", cmd(buf)->opcode, buf);
3061
3062 err = bt_send(buf);
3063 if (err) {
3064 LOG_ERR("Unable to send to driver (err %d)", err);
3065 k_sem_give(&bt_dev.ncmd_sem);
3066 hci_cmd_done(cmd(buf)->opcode, BT_HCI_ERR_UNSPECIFIED, buf);
3067 net_buf_unref(buf);
3068 bt_tx_irq_raise();
3069 }
3070 }
3071
3072 #if defined(CONFIG_BT_CONN)
3073 #if defined(CONFIG_BT_ISO)
3074 /* command FIFO + conn_change signal + MAX_CONN + ISO_MAX_CHAN */
3075 #define EV_COUNT (2 + CONFIG_BT_MAX_CONN + CONFIG_BT_ISO_MAX_CHAN)
3076 #else
3077 /* command FIFO + conn_change signal + MAX_CONN */
3078 #define EV_COUNT (2 + CONFIG_BT_MAX_CONN)
3079 #endif /* CONFIG_BT_ISO */
3080 #else
3081 #if defined(CONFIG_BT_ISO)
3082 /* command FIFO + conn_change signal + ISO_MAX_CHAN */
3083 #define EV_COUNT (2 + CONFIG_BT_ISO_MAX_CHAN)
3084 #else
3085 /* command FIFO */
3086 #define EV_COUNT 1
3087 #endif /* CONFIG_BT_ISO */
3088 #endif /* CONFIG_BT_CONN */
3089
read_local_ver_complete(struct net_buf * buf)3090 static void read_local_ver_complete(struct net_buf *buf)
3091 {
3092 struct bt_hci_rp_read_local_version_info *rp = (void *)buf->data;
3093
3094 LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3095
3096 bt_dev.hci_version = rp->hci_version;
3097 bt_dev.hci_revision = sys_le16_to_cpu(rp->hci_revision);
3098 bt_dev.lmp_version = rp->lmp_version;
3099 bt_dev.lmp_subversion = sys_le16_to_cpu(rp->lmp_subversion);
3100 bt_dev.manufacturer = sys_le16_to_cpu(rp->manufacturer);
3101 }
3102
read_le_features_complete(struct net_buf * buf)3103 static void read_le_features_complete(struct net_buf *buf)
3104 {
3105 struct bt_hci_rp_le_read_local_features *rp = (void *)buf->data;
3106
3107 LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3108
3109 memcpy(bt_dev.le.features, rp->features, sizeof(bt_dev.le.features));
3110 }
3111
3112 #if defined(CONFIG_BT_CONN)
3113 #if !defined(CONFIG_BT_CLASSIC)
read_buffer_size_complete(struct net_buf * buf)3114 static void read_buffer_size_complete(struct net_buf *buf)
3115 {
3116 struct bt_hci_rp_read_buffer_size *rp = (void *)buf->data;
3117 uint16_t pkts;
3118
3119 LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3120
3121 /* If LE-side has buffers we can ignore the BR/EDR values */
3122 if (bt_dev.le.acl_mtu) {
3123 return;
3124 }
3125
3126 bt_dev.le.acl_mtu = sys_le16_to_cpu(rp->acl_max_len);
3127 pkts = sys_le16_to_cpu(rp->acl_max_num);
3128
3129 LOG_DBG("ACL BR/EDR buffers: pkts %u mtu %u", pkts, bt_dev.le.acl_mtu);
3130
3131 k_sem_init(&bt_dev.le.acl_pkts, pkts, pkts);
3132 }
3133 #endif /* !defined(CONFIG_BT_CLASSIC) */
3134 #endif /* CONFIG_BT_CONN */
3135
le_read_buffer_size_complete(struct net_buf * buf)3136 static void le_read_buffer_size_complete(struct net_buf *buf)
3137 {
3138 struct bt_hci_rp_le_read_buffer_size *rp = (void *)buf->data;
3139
3140 LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3141
3142 #if defined(CONFIG_BT_CONN)
3143 uint16_t acl_mtu = sys_le16_to_cpu(rp->le_max_len);
3144
3145 if (!acl_mtu || !rp->le_max_num) {
3146 return;
3147 }
3148
3149 bt_dev.le.acl_mtu = acl_mtu;
3150
3151 LOG_DBG("ACL LE buffers: pkts %u mtu %u", rp->le_max_num, bt_dev.le.acl_mtu);
3152
3153 k_sem_init(&bt_dev.le.acl_pkts, rp->le_max_num, rp->le_max_num);
3154 #endif /* CONFIG_BT_CONN */
3155 }
3156
read_buffer_size_v2_complete(struct net_buf * buf)3157 static void read_buffer_size_v2_complete(struct net_buf *buf)
3158 {
3159 #if defined(CONFIG_BT_ISO)
3160 struct bt_hci_rp_le_read_buffer_size_v2 *rp = (void *)buf->data;
3161
3162 LOG_DBG("status %u %s", rp->status, bt_hci_err_to_str(rp->status));
3163
3164 #if defined(CONFIG_BT_CONN)
3165 uint16_t acl_mtu = sys_le16_to_cpu(rp->acl_max_len);
3166
3167 if (acl_mtu && rp->acl_max_num) {
3168 bt_dev.le.acl_mtu = acl_mtu;
3169 LOG_DBG("ACL LE buffers: pkts %u mtu %u", rp->acl_max_num, bt_dev.le.acl_mtu);
3170
3171 k_sem_init(&bt_dev.le.acl_pkts, rp->acl_max_num, rp->acl_max_num);
3172 }
3173 #endif /* CONFIG_BT_CONN */
3174
3175 uint16_t iso_mtu = sys_le16_to_cpu(rp->iso_max_len);
3176
3177 if (!iso_mtu || !rp->iso_max_num) {
3178 LOG_ERR("ISO buffer size not set");
3179 return;
3180 }
3181
3182 bt_dev.le.iso_mtu = iso_mtu;
3183
3184 LOG_DBG("ISO buffers: pkts %u mtu %u", rp->iso_max_num, bt_dev.le.iso_mtu);
3185
3186 k_sem_init(&bt_dev.le.iso_pkts, rp->iso_max_num, rp->iso_max_num);
3187 bt_dev.le.iso_limit = rp->iso_max_num;
3188 #endif /* CONFIG_BT_ISO */
3189 }
3190
le_set_host_feature(uint8_t bit_number,uint8_t bit_value)3191 static int le_set_host_feature(uint8_t bit_number, uint8_t bit_value)
3192 {
3193 struct bt_hci_cp_le_set_host_feature *cp;
3194 struct net_buf *buf;
3195
3196 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_HOST_FEATURE, sizeof(*cp));
3197 if (!buf) {
3198 return -ENOBUFS;
3199 }
3200
3201 cp = net_buf_add(buf, sizeof(*cp));
3202 cp->bit_number = bit_number;
3203 cp->bit_value = bit_value;
3204
3205 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_HOST_FEATURE, buf, NULL);
3206 }
3207
read_supported_commands_complete(struct net_buf * buf)3208 static void read_supported_commands_complete(struct net_buf *buf)
3209 {
3210 struct bt_hci_rp_read_supported_commands *rp = (void *)buf->data;
3211
3212 LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3213
3214 memcpy(bt_dev.supported_commands, rp->commands, sizeof(bt_dev.supported_commands));
3215 }
3216
read_local_features_complete(struct net_buf * buf)3217 static void read_local_features_complete(struct net_buf *buf)
3218 {
3219 struct bt_hci_rp_read_local_features *rp = (void *)buf->data;
3220
3221 LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3222
3223 memcpy(bt_dev.features[0], rp->features, sizeof(bt_dev.features[0]));
3224 }
3225
le_read_supp_states_complete(struct net_buf * buf)3226 static void le_read_supp_states_complete(struct net_buf *buf)
3227 {
3228 struct bt_hci_rp_le_read_supp_states *rp = (void *)buf->data;
3229
3230 LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3231
3232 bt_dev.le.states = sys_get_le64(rp->le_states);
3233 }
3234
3235 #if defined(CONFIG_BT_BROADCASTER)
le_read_maximum_adv_data_len_complete(struct net_buf * buf)3236 static void le_read_maximum_adv_data_len_complete(struct net_buf *buf)
3237 {
3238 struct bt_hci_rp_le_read_max_adv_data_len *rp = (void *)buf->data;
3239
3240 LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3241
3242 bt_dev.le.max_adv_data_len = sys_le16_to_cpu(rp->max_adv_data_len);
3243 }
3244 #endif /* CONFIG_BT_BROADCASTER */
3245
3246 #if defined(CONFIG_BT_SMP)
le_read_resolving_list_size_complete(struct net_buf * buf)3247 static void le_read_resolving_list_size_complete(struct net_buf *buf)
3248 {
3249 struct bt_hci_rp_le_read_rl_size *rp = (void *)buf->data;
3250
3251 LOG_DBG("Resolving List size %u", rp->rl_size);
3252
3253 bt_dev.le.rl_size = rp->rl_size;
3254 }
3255 #endif /* defined(CONFIG_BT_SMP) */
3256
common_init(void)3257 static int common_init(void)
3258 {
3259 struct net_buf *rsp;
3260 int err;
3261
3262 if (!drv_quirk_no_reset()) {
3263 /* Send HCI_RESET */
3264 err = bt_hci_cmd_send_sync(BT_HCI_OP_RESET, NULL, NULL);
3265 if (err) {
3266 return err;
3267 }
3268
3269 hci_reset_complete();
3270 }
3271
3272 /* Read Local Supported Features */
3273 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_LOCAL_FEATURES, NULL, &rsp);
3274 if (err) {
3275 return err;
3276 }
3277 read_local_features_complete(rsp);
3278 net_buf_unref(rsp);
3279
3280 /* Read Local Version Information */
3281 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_LOCAL_VERSION_INFO, NULL,
3282 &rsp);
3283 if (err) {
3284 return err;
3285 }
3286 read_local_ver_complete(rsp);
3287 net_buf_unref(rsp);
3288
3289 /* Read Local Supported Commands */
3290 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_SUPPORTED_COMMANDS, NULL,
3291 &rsp);
3292 if (err) {
3293 return err;
3294 }
3295 read_supported_commands_complete(rsp);
3296 net_buf_unref(rsp);
3297
3298 if (IS_ENABLED(CONFIG_BT_HOST_CRYPTO)) {
3299 /* Initialize crypto for host */
3300 err = bt_crypto_init();
3301 if (err) {
3302 return err;
3303 }
3304 }
3305
3306 #if defined(CONFIG_BT_HCI_ACL_FLOW_CONTROL)
3307 err = set_flow_control();
3308 if (err) {
3309 return err;
3310 }
3311 #endif /* CONFIG_BT_HCI_ACL_FLOW_CONTROL */
3312
3313 return 0;
3314 }
3315
le_set_event_mask(void)3316 static int le_set_event_mask(void)
3317 {
3318 struct bt_hci_cp_le_set_event_mask *cp_mask;
3319 struct net_buf *buf;
3320 uint64_t mask = 0U;
3321
3322 /* Set LE event mask */
3323 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_EVENT_MASK, sizeof(*cp_mask));
3324 if (!buf) {
3325 return -ENOBUFS;
3326 }
3327
3328 cp_mask = net_buf_add(buf, sizeof(*cp_mask));
3329
3330 mask |= BT_EVT_MASK_LE_ADVERTISING_REPORT;
3331
3332 if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
3333 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
3334 mask |= BT_EVT_MASK_LE_ADV_SET_TERMINATED;
3335 mask |= BT_EVT_MASK_LE_SCAN_REQ_RECEIVED;
3336 mask |= BT_EVT_MASK_LE_EXT_ADVERTISING_REPORT;
3337 mask |= BT_EVT_MASK_LE_SCAN_TIMEOUT;
3338 if (IS_ENABLED(CONFIG_BT_PER_ADV_SYNC)) {
3339 mask |= BT_EVT_MASK_LE_PER_ADV_SYNC_ESTABLISHED;
3340 mask |= BT_EVT_MASK_LE_PER_ADVERTISING_REPORT;
3341 mask |= BT_EVT_MASK_LE_PER_ADV_SYNC_LOST;
3342 mask |= BT_EVT_MASK_LE_PAST_RECEIVED;
3343 }
3344 }
3345
3346 if (IS_ENABLED(CONFIG_BT_CONN)) {
3347 if ((IS_ENABLED(CONFIG_BT_SMP) &&
3348 BT_FEAT_LE_PRIVACY(bt_dev.le.features)) ||
3349 (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
3350 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
3351 /* C24:
3352 * Mandatory if the LE Controller supports Connection
3353 * State and either LE Feature (LL Privacy) or
3354 * LE Feature (Extended Advertising) is supported, ...
3355 */
3356 mask |= BT_EVT_MASK_LE_ENH_CONN_COMPLETE;
3357 } else {
3358 mask |= BT_EVT_MASK_LE_CONN_COMPLETE;
3359 }
3360
3361 mask |= BT_EVT_MASK_LE_CONN_UPDATE_COMPLETE;
3362 mask |= BT_EVT_MASK_LE_REMOTE_FEAT_COMPLETE;
3363
3364 if (BT_FEAT_LE_CONN_PARAM_REQ_PROC(bt_dev.le.features)) {
3365 mask |= BT_EVT_MASK_LE_CONN_PARAM_REQ;
3366 }
3367
3368 if (IS_ENABLED(CONFIG_BT_DATA_LEN_UPDATE) &&
3369 BT_FEAT_LE_DLE(bt_dev.le.features)) {
3370 mask |= BT_EVT_MASK_LE_DATA_LEN_CHANGE;
3371 }
3372
3373 if (IS_ENABLED(CONFIG_BT_PHY_UPDATE) &&
3374 (BT_FEAT_LE_PHY_2M(bt_dev.le.features) ||
3375 BT_FEAT_LE_PHY_CODED(bt_dev.le.features))) {
3376 mask |= BT_EVT_MASK_LE_PHY_UPDATE_COMPLETE;
3377 }
3378 if (IS_ENABLED(CONFIG_BT_TRANSMIT_POWER_CONTROL)) {
3379 mask |= BT_EVT_MASK_LE_TRANSMIT_POWER_REPORTING;
3380 }
3381
3382 if (IS_ENABLED(CONFIG_BT_PATH_LOSS_MONITORING)) {
3383 mask |= BT_EVT_MASK_LE_PATH_LOSS_THRESHOLD;
3384 }
3385
3386 if (IS_ENABLED(CONFIG_BT_SUBRATING) &&
3387 BT_FEAT_LE_CONN_SUBRATING(bt_dev.le.features)) {
3388 mask |= BT_EVT_MASK_LE_SUBRATE_CHANGE;
3389 }
3390 }
3391
3392 if (IS_ENABLED(CONFIG_BT_SMP) &&
3393 BT_FEAT_LE_ENCR(bt_dev.le.features)) {
3394 mask |= BT_EVT_MASK_LE_LTK_REQUEST;
3395 }
3396
3397 /*
3398 * Enable CIS events only if ISO connections are enabled and controller
3399 * support them.
3400 */
3401 if (IS_ENABLED(CONFIG_BT_ISO) &&
3402 BT_FEAT_LE_CIS(bt_dev.le.features)) {
3403 mask |= BT_EVT_MASK_LE_CIS_ESTABLISHED;
3404 mask |= BT_EVT_MASK_LE_CIS_ESTABLISHED_V2;
3405 if (BT_FEAT_LE_CIS_PERIPHERAL(bt_dev.le.features)) {
3406 mask |= BT_EVT_MASK_LE_CIS_REQ;
3407 }
3408 }
3409
3410 /* Enable BIS events for broadcaster and/or receiver */
3411 if (IS_ENABLED(CONFIG_BT_ISO) && BT_FEAT_LE_BIS(bt_dev.le.features)) {
3412 if (IS_ENABLED(CONFIG_BT_ISO_BROADCASTER) &&
3413 BT_FEAT_LE_ISO_BROADCASTER(bt_dev.le.features)) {
3414 mask |= BT_EVT_MASK_LE_BIG_COMPLETE;
3415 mask |= BT_EVT_MASK_LE_BIG_TERMINATED;
3416 }
3417 if (IS_ENABLED(CONFIG_BT_ISO_SYNC_RECEIVER) &&
3418 BT_FEAT_LE_SYNC_RECEIVER(bt_dev.le.features)) {
3419 mask |= BT_EVT_MASK_LE_BIG_SYNC_ESTABLISHED;
3420 mask |= BT_EVT_MASK_LE_BIG_SYNC_LOST;
3421 mask |= BT_EVT_MASK_LE_BIGINFO_ADV_REPORT;
3422 }
3423 }
3424
3425 /* Enable IQ samples report events receiver */
3426 if (IS_ENABLED(CONFIG_BT_DF_CONNECTIONLESS_CTE_RX)) {
3427 mask |= BT_EVT_MASK_LE_CONNECTIONLESS_IQ_REPORT;
3428 }
3429
3430 if (IS_ENABLED(CONFIG_BT_DF_CONNECTION_CTE_RX)) {
3431 mask |= BT_EVT_MASK_LE_CONNECTION_IQ_REPORT;
3432 mask |= BT_EVT_MASK_LE_CTE_REQUEST_FAILED;
3433 }
3434
3435 if (IS_ENABLED(CONFIG_BT_PER_ADV_RSP)) {
3436 mask |= BT_EVT_MASK_LE_PER_ADV_SUBEVENT_DATA_REQ;
3437 mask |= BT_EVT_MASK_LE_PER_ADV_RESPONSE_REPORT;
3438 }
3439
3440 if (IS_ENABLED(CONFIG_BT_PER_ADV_SYNC_RSP)) {
3441 mask |= BT_EVT_MASK_LE_PER_ADVERTISING_REPORT_V2;
3442 mask |= BT_EVT_MASK_LE_PER_ADV_SYNC_ESTABLISHED_V2;
3443 mask |= BT_EVT_MASK_LE_PAST_RECEIVED_V2;
3444 }
3445
3446 if (IS_ENABLED(CONFIG_BT_CONN) &&
3447 (IS_ENABLED(CONFIG_BT_PER_ADV_RSP) || IS_ENABLED(CONFIG_BT_PER_ADV_SYNC_RSP))) {
3448 mask |= BT_EVT_MASK_LE_ENH_CONN_COMPLETE_V2;
3449 }
3450
3451
3452 if (IS_ENABLED(CONFIG_BT_CHANNEL_SOUNDING) &&
3453 BT_FEAT_LE_CHANNEL_SOUNDING(bt_dev.le.features)) {
3454 mask |= BT_EVT_MASK_LE_CS_READ_REMOTE_SUPPORTED_CAPABILITIES_COMPLETE;
3455 mask |= BT_EVT_MASK_LE_CS_READ_REMOTE_FAE_TABLE_COMPLETE;
3456 mask |= BT_EVT_MASK_LE_CS_CONFIG_COMPLETE;
3457 mask |= BT_EVT_MASK_LE_CS_SECURITY_ENABLE_COMPLETE;
3458 mask |= BT_EVT_MASK_LE_CS_PROCEDURE_ENABLE_COMPLETE;
3459 mask |= BT_EVT_MASK_LE_CS_SUBEVENT_RESULT;
3460 mask |= BT_EVT_MASK_LE_CS_SUBEVENT_RESULT_CONTINUE;
3461 mask |= BT_EVT_MASK_LE_CS_TEST_END_COMPLETE;
3462 }
3463
3464 sys_put_le64(mask, cp_mask->events);
3465 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_EVENT_MASK, buf, NULL);
3466 }
3467
le_init_iso(void)3468 static int le_init_iso(void)
3469 {
3470 int err;
3471 struct net_buf *rsp;
3472
3473 if (IS_ENABLED(CONFIG_BT_ISO_UNICAST)) {
3474 /* Set Connected Isochronous Streams - Host support */
3475 err = le_set_host_feature(BT_LE_FEAT_BIT_ISO_CHANNELS, 1);
3476 if (err) {
3477 return err;
3478 }
3479 }
3480
3481 /* Octet 41, bit 5 is read buffer size V2 */
3482 if (BT_CMD_TEST(bt_dev.supported_commands, 41, 5)) {
3483 /* Read ISO Buffer Size V2 */
3484 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_BUFFER_SIZE_V2,
3485 NULL, &rsp);
3486 if (err) {
3487 return err;
3488 }
3489
3490 read_buffer_size_v2_complete(rsp);
3491
3492 net_buf_unref(rsp);
3493 } else if (IS_ENABLED(CONFIG_BT_CONN_TX)) {
3494 if (IS_ENABLED(CONFIG_BT_ISO_TX)) {
3495 LOG_WRN("Read Buffer Size V2 command is not supported. "
3496 "No ISO TX buffers will be available");
3497 }
3498
3499 /* Read LE Buffer Size in the case that we support ACL without TX ISO (e.g. if we
3500 * only support ISO sync receiver).
3501 */
3502 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_BUFFER_SIZE,
3503 NULL, &rsp);
3504 if (err) {
3505 return err;
3506 }
3507
3508 le_read_buffer_size_complete(rsp);
3509
3510 net_buf_unref(rsp);
3511 }
3512
3513 return 0;
3514 }
3515
le_init(void)3516 static int le_init(void)
3517 {
3518 struct bt_hci_cp_write_le_host_supp *cp_le;
3519 struct net_buf *buf, *rsp;
3520 int err;
3521
3522 /* For now we only support LE capable controllers */
3523 if (!BT_FEAT_LE(bt_dev.features)) {
3524 LOG_ERR("Non-LE capable controller detected!");
3525 return -ENODEV;
3526 }
3527
3528 /* Read Low Energy Supported Features */
3529 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_LOCAL_FEATURES, NULL,
3530 &rsp);
3531 if (err) {
3532 return err;
3533 }
3534
3535 read_le_features_complete(rsp);
3536 net_buf_unref(rsp);
3537
3538 if (IS_ENABLED(CONFIG_BT_ISO) &&
3539 BT_FEAT_LE_ISO(bt_dev.le.features)) {
3540 err = le_init_iso();
3541 if (err) {
3542 return err;
3543 }
3544 } else if (IS_ENABLED(CONFIG_BT_CONN)) {
3545 /* Read LE Buffer Size */
3546 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_BUFFER_SIZE,
3547 NULL, &rsp);
3548 if (err) {
3549 return err;
3550 }
3551
3552 le_read_buffer_size_complete(rsp);
3553
3554 net_buf_unref(rsp);
3555 }
3556
3557 #if defined(CONFIG_BT_BROADCASTER)
3558 if (IS_ENABLED(CONFIG_BT_EXT_ADV) && BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
3559 /* Read LE Max Adv Data Len */
3560 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_MAX_ADV_DATA_LEN, NULL, &rsp);
3561 if (err == 0) {
3562 le_read_maximum_adv_data_len_complete(rsp);
3563 net_buf_unref(rsp);
3564 } else if (err == -EIO) {
3565 LOG_WRN("Controller does not support 'LE_READ_MAX_ADV_DATA_LEN'. "
3566 "Assuming maximum length is 31 bytes.");
3567 bt_dev.le.max_adv_data_len = 31;
3568 } else {
3569 return err;
3570 }
3571 } else {
3572 bt_dev.le.max_adv_data_len = 31;
3573 }
3574 #endif /* CONFIG_BT_BROADCASTER */
3575
3576 if (BT_FEAT_BREDR(bt_dev.features)) {
3577 buf = bt_hci_cmd_create(BT_HCI_OP_LE_WRITE_LE_HOST_SUPP,
3578 sizeof(*cp_le));
3579 if (!buf) {
3580 return -ENOBUFS;
3581 }
3582
3583 cp_le = net_buf_add(buf, sizeof(*cp_le));
3584
3585 /* Explicitly enable LE for dual-mode controllers */
3586 cp_le->le = 0x01;
3587 cp_le->simul = 0x00;
3588 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_WRITE_LE_HOST_SUPP, buf,
3589 NULL);
3590 if (err) {
3591 return err;
3592 }
3593 }
3594
3595 /* Read LE Supported States */
3596 if (BT_CMD_LE_STATES(bt_dev.supported_commands)) {
3597 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_SUPP_STATES, NULL,
3598 &rsp);
3599 if (err) {
3600 return err;
3601 }
3602
3603 le_read_supp_states_complete(rsp);
3604 net_buf_unref(rsp);
3605 }
3606
3607 if (IS_ENABLED(CONFIG_BT_CONN) &&
3608 IS_ENABLED(CONFIG_BT_DATA_LEN_UPDATE) &&
3609 IS_ENABLED(CONFIG_BT_AUTO_DATA_LEN_UPDATE) &&
3610 BT_FEAT_LE_DLE(bt_dev.le.features)) {
3611 struct bt_hci_cp_le_write_default_data_len *cp;
3612 uint16_t tx_octets, tx_time;
3613
3614 err = bt_hci_le_read_max_data_len(&tx_octets, &tx_time);
3615 if (err) {
3616 return err;
3617 }
3618
3619 buf = bt_hci_cmd_create(BT_HCI_OP_LE_WRITE_DEFAULT_DATA_LEN,
3620 sizeof(*cp));
3621 if (!buf) {
3622 return -ENOBUFS;
3623 }
3624
3625 cp = net_buf_add(buf, sizeof(*cp));
3626 cp->max_tx_octets = sys_cpu_to_le16(tx_octets);
3627 cp->max_tx_time = sys_cpu_to_le16(tx_time);
3628
3629 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_WRITE_DEFAULT_DATA_LEN,
3630 buf, NULL);
3631 if (err) {
3632 return err;
3633 }
3634 }
3635
3636 #if defined(CONFIG_BT_SMP)
3637 if (BT_FEAT_LE_PRIVACY(bt_dev.le.features)) {
3638 #if defined(CONFIG_BT_PRIVACY)
3639 struct bt_hci_cp_le_set_rpa_timeout *cp;
3640
3641 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_RPA_TIMEOUT,
3642 sizeof(*cp));
3643 if (!buf) {
3644 return -ENOBUFS;
3645 }
3646
3647 cp = net_buf_add(buf, sizeof(*cp));
3648 cp->rpa_timeout = sys_cpu_to_le16(bt_dev.rpa_timeout);
3649 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_RPA_TIMEOUT, buf,
3650 NULL);
3651 if (err) {
3652 return err;
3653 }
3654 #endif /* defined(CONFIG_BT_PRIVACY) */
3655
3656 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_RL_SIZE, NULL,
3657 &rsp);
3658 if (err) {
3659 return err;
3660 }
3661 le_read_resolving_list_size_complete(rsp);
3662 net_buf_unref(rsp);
3663 }
3664 #endif
3665
3666 #if defined(CONFIG_BT_DF)
3667 if (BT_FEAT_LE_CONNECTIONLESS_CTE_TX(bt_dev.le.features) ||
3668 BT_FEAT_LE_CONNECTIONLESS_CTE_RX(bt_dev.le.features) ||
3669 BT_FEAT_LE_RX_CTE(bt_dev.le.features)) {
3670 err = le_df_init();
3671 if (err) {
3672 return err;
3673 }
3674 }
3675 #endif /* CONFIG_BT_DF */
3676
3677 if (IS_ENABLED(CONFIG_BT_SUBRATING) &&
3678 BT_FEAT_LE_CONN_SUBRATING(bt_dev.le.features)) {
3679 /* Connection Subrating (Host Support) */
3680 err = le_set_host_feature(BT_LE_FEAT_BIT_CONN_SUBRATING_HOST_SUPP, 1);
3681 if (err) {
3682 return err;
3683 }
3684 }
3685
3686 if (IS_ENABLED(CONFIG_BT_CHANNEL_SOUNDING) &&
3687 BT_FEAT_LE_CHANNEL_SOUNDING(bt_dev.le.features)) {
3688 err = le_set_host_feature(BT_LE_FEAT_BIT_CHANNEL_SOUNDING_HOST, 1);
3689 if (err) {
3690 return err;
3691 }
3692 }
3693
3694 if (IS_ENABLED(CONFIG_BT_EXT_ADV_CODING_SELECTION) &&
3695 IS_ENABLED(CONFIG_BT_OBSERVER) &&
3696 BT_FEAT_LE_ADV_CODING_SEL(bt_dev.le.features)) {
3697 err = le_set_host_feature(BT_LE_FEAT_BIT_ADV_CODING_SEL_HOST, 1);
3698 if (err) {
3699 return err;
3700 }
3701 }
3702
3703 return le_set_event_mask();
3704 }
3705
3706 #if !defined(CONFIG_BT_CLASSIC)
bt_br_init(void)3707 static int bt_br_init(void)
3708 {
3709 #if defined(CONFIG_BT_CONN)
3710 struct net_buf *rsp;
3711 int err;
3712
3713 if (bt_dev.le.acl_mtu) {
3714 return 0;
3715 }
3716
3717 /* Use BR/EDR buffer size if LE reports zero buffers */
3718 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_BUFFER_SIZE, NULL, &rsp);
3719 if (err) {
3720 return err;
3721 }
3722
3723 read_buffer_size_complete(rsp);
3724 net_buf_unref(rsp);
3725 #endif /* CONFIG_BT_CONN */
3726
3727 return 0;
3728 }
3729 #endif /* !defined(CONFIG_BT_CLASSIC) */
3730
set_event_mask(void)3731 static int set_event_mask(void)
3732 {
3733 struct bt_hci_cp_set_event_mask *ev;
3734 struct net_buf *buf;
3735 uint64_t mask = 0U;
3736
3737 buf = bt_hci_cmd_create(BT_HCI_OP_SET_EVENT_MASK, sizeof(*ev));
3738 if (!buf) {
3739 return -ENOBUFS;
3740 }
3741
3742 ev = net_buf_add(buf, sizeof(*ev));
3743
3744 if (IS_ENABLED(CONFIG_BT_CLASSIC)) {
3745 /* Since we require LE support, we can count on a
3746 * Bluetooth 4.0 feature set
3747 */
3748 mask |= BT_EVT_MASK_INQUIRY_COMPLETE;
3749 mask |= BT_EVT_MASK_CONN_COMPLETE;
3750 mask |= BT_EVT_MASK_CONN_REQUEST;
3751 mask |= BT_EVT_MASK_AUTH_COMPLETE;
3752 mask |= BT_EVT_MASK_REMOTE_NAME_REQ_COMPLETE;
3753 mask |= BT_EVT_MASK_REMOTE_FEATURES;
3754 mask |= BT_EVT_MASK_ROLE_CHANGE;
3755 mask |= BT_EVT_MASK_PIN_CODE_REQ;
3756 mask |= BT_EVT_MASK_LINK_KEY_REQ;
3757 mask |= BT_EVT_MASK_LINK_KEY_NOTIFY;
3758 mask |= BT_EVT_MASK_INQUIRY_RESULT_WITH_RSSI;
3759 mask |= BT_EVT_MASK_REMOTE_EXT_FEATURES;
3760 mask |= BT_EVT_MASK_SYNC_CONN_COMPLETE;
3761 mask |= BT_EVT_MASK_EXTENDED_INQUIRY_RESULT;
3762 mask |= BT_EVT_MASK_IO_CAPA_REQ;
3763 mask |= BT_EVT_MASK_IO_CAPA_RESP;
3764 mask |= BT_EVT_MASK_USER_CONFIRM_REQ;
3765 mask |= BT_EVT_MASK_USER_PASSKEY_REQ;
3766 mask |= BT_EVT_MASK_SSP_COMPLETE;
3767 mask |= BT_EVT_MASK_USER_PASSKEY_NOTIFY;
3768 }
3769
3770 mask |= BT_EVT_MASK_HARDWARE_ERROR;
3771 mask |= BT_EVT_MASK_DATA_BUFFER_OVERFLOW;
3772 mask |= BT_EVT_MASK_LE_META_EVENT;
3773
3774 if (IS_ENABLED(CONFIG_BT_CONN)) {
3775 mask |= BT_EVT_MASK_DISCONN_COMPLETE;
3776 mask |= BT_EVT_MASK_REMOTE_VERSION_INFO;
3777 }
3778
3779 if (IS_ENABLED(CONFIG_BT_SMP) &&
3780 BT_FEAT_LE_ENCR(bt_dev.le.features)) {
3781 mask |= BT_EVT_MASK_ENCRYPT_CHANGE;
3782 mask |= BT_EVT_MASK_ENCRYPT_KEY_REFRESH_COMPLETE;
3783 }
3784
3785 sys_put_le64(mask, ev->events);
3786 return bt_hci_cmd_send_sync(BT_HCI_OP_SET_EVENT_MASK, buf, NULL);
3787 }
3788
bt_hci_get_ver_str(uint8_t core_version)3789 const char *bt_hci_get_ver_str(uint8_t core_version)
3790 {
3791 const char * const str[] = {
3792 "1.0b", "1.1", "1.2", "2.0", "2.1", "3.0", "4.0", "4.1", "4.2",
3793 "5.0", "5.1", "5.2", "5.3", "5.4", "6.0"
3794 };
3795
3796 if (core_version < ARRAY_SIZE(str)) {
3797 return str[core_version];
3798 }
3799
3800 return "unknown";
3801 }
3802
bt_dev_show_info(void)3803 static void bt_dev_show_info(void)
3804 {
3805 int i;
3806
3807 LOG_INF("Identity%s: %s", bt_dev.id_count > 1 ? "[0]" : "",
3808 bt_addr_le_str(&bt_dev.id_addr[0]));
3809
3810 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
3811 #if defined(CONFIG_BT_PRIVACY)
3812 uint8_t irk[16];
3813
3814 sys_memcpy_swap(irk, bt_dev.irk[0], 16);
3815 LOG_INF("IRK%s: 0x%s", bt_dev.id_count > 1 ? "[0]" : "", bt_hex(irk, 16));
3816 #endif
3817 }
3818
3819 for (i = 1; i < bt_dev.id_count; i++) {
3820 LOG_INF("Identity[%d]: %s", i, bt_addr_le_str(&bt_dev.id_addr[i]));
3821
3822 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
3823 #if defined(CONFIG_BT_PRIVACY)
3824 uint8_t irk[16];
3825
3826 sys_memcpy_swap(irk, bt_dev.irk[i], 16);
3827 LOG_INF("IRK[%d]: 0x%s", i, bt_hex(irk, 16));
3828 #endif
3829 }
3830 }
3831
3832 if (IS_ENABLED(CONFIG_BT_SMP) &&
3833 IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
3834 bt_keys_foreach_type(BT_KEYS_ALL, bt_keys_show_sniffer_info, NULL);
3835 }
3836
3837 LOG_INF("HCI: version %s (0x%02x) revision 0x%04x, manufacturer 0x%04x",
3838 bt_hci_get_ver_str(bt_dev.hci_version), bt_dev.hci_version, bt_dev.hci_revision,
3839 bt_dev.manufacturer);
3840 LOG_INF("LMP: version %s (0x%02x) subver 0x%04x", bt_hci_get_ver_str(bt_dev.lmp_version),
3841 bt_dev.lmp_version, bt_dev.lmp_subversion);
3842 }
3843
3844 #if defined(CONFIG_BT_HCI_VS)
vs_hw_platform(uint16_t platform)3845 static const char *vs_hw_platform(uint16_t platform)
3846 {
3847 static const char * const plat_str[] = {
3848 "reserved", "Intel Corporation", "Nordic Semiconductor",
3849 "NXP Semiconductors" };
3850
3851 if (platform < ARRAY_SIZE(plat_str)) {
3852 return plat_str[platform];
3853 }
3854
3855 return "unknown";
3856 }
3857
vs_hw_variant(uint16_t platform,uint16_t variant)3858 static const char *vs_hw_variant(uint16_t platform, uint16_t variant)
3859 {
3860 static const char * const nordic_str[] = {
3861 "reserved", "nRF51x", "nRF52x", "nRF53x", "nRF54Hx", "nRF54Lx"
3862 };
3863
3864 if (platform != BT_HCI_VS_HW_PLAT_NORDIC) {
3865 return "unknown";
3866 }
3867
3868 if (variant < ARRAY_SIZE(nordic_str)) {
3869 return nordic_str[variant];
3870 }
3871
3872 return "unknown";
3873 }
3874
vs_fw_variant(uint8_t variant)3875 static const char *vs_fw_variant(uint8_t variant)
3876 {
3877 static const char * const var_str[] = {
3878 "Standard Bluetooth controller",
3879 "Vendor specific controller",
3880 "Firmware loader",
3881 "Rescue image",
3882 };
3883
3884 if (variant < ARRAY_SIZE(var_str)) {
3885 return var_str[variant];
3886 }
3887
3888 return "unknown";
3889 }
3890
hci_vs_init(void)3891 static void hci_vs_init(void)
3892 {
3893 union {
3894 struct bt_hci_rp_vs_read_version_info *info;
3895 struct bt_hci_rp_vs_read_supported_commands *cmds;
3896 struct bt_hci_rp_vs_read_supported_features *feat;
3897 } rp;
3898 struct net_buf *rsp;
3899 int err;
3900
3901 /* If heuristics is enabled, try to guess HCI VS support by looking
3902 * at the HCI version and identity address. We haven't set any addresses
3903 * at this point. So we need to read the public address.
3904 */
3905 if (IS_ENABLED(CONFIG_BT_HCI_VS_EXT_DETECT)) {
3906 bt_addr_le_t addr;
3907
3908 if ((bt_dev.hci_version < BT_HCI_VERSION_5_0) ||
3909 bt_id_read_public_addr(&addr)) {
3910 LOG_WRN("Controller doesn't seem to support "
3911 "Zephyr vendor HCI");
3912 return;
3913 }
3914 }
3915
3916 err = bt_hci_cmd_send_sync(BT_HCI_OP_VS_READ_VERSION_INFO, NULL, &rsp);
3917 if (err) {
3918 LOG_WRN("Vendor HCI extensions not available");
3919 return;
3920 }
3921
3922 if (IS_ENABLED(CONFIG_BT_HCI_VS_EXT_DETECT) &&
3923 rsp->len != sizeof(struct bt_hci_rp_vs_read_version_info)) {
3924 LOG_WRN("Invalid Vendor HCI extensions");
3925 net_buf_unref(rsp);
3926 return;
3927 }
3928
3929 rp.info = (void *)rsp->data;
3930 LOG_INF("HW Platform: %s (0x%04x)", vs_hw_platform(sys_le16_to_cpu(rp.info->hw_platform)),
3931 sys_le16_to_cpu(rp.info->hw_platform));
3932 LOG_INF("HW Variant: %s (0x%04x)",
3933 vs_hw_variant(sys_le16_to_cpu(rp.info->hw_platform),
3934 sys_le16_to_cpu(rp.info->hw_variant)),
3935 sys_le16_to_cpu(rp.info->hw_variant));
3936 LOG_INF("Firmware: %s (0x%02x) Version %u.%u Build %u", vs_fw_variant(rp.info->fw_variant),
3937 rp.info->fw_variant, rp.info->fw_version, sys_le16_to_cpu(rp.info->fw_revision),
3938 sys_le32_to_cpu(rp.info->fw_build));
3939
3940 net_buf_unref(rsp);
3941
3942 err = bt_hci_cmd_send_sync(BT_HCI_OP_VS_READ_SUPPORTED_COMMANDS,
3943 NULL, &rsp);
3944 if (err) {
3945 LOG_WRN("Failed to read supported vendor commands");
3946 return;
3947 }
3948
3949 if (IS_ENABLED(CONFIG_BT_HCI_VS_EXT_DETECT) &&
3950 rsp->len != sizeof(struct bt_hci_rp_vs_read_supported_commands)) {
3951 LOG_WRN("Invalid Vendor HCI extensions");
3952 net_buf_unref(rsp);
3953 return;
3954 }
3955
3956 rp.cmds = (void *)rsp->data;
3957 memcpy(bt_dev.vs_commands, rp.cmds->commands, BT_DEV_VS_CMDS_MAX);
3958 net_buf_unref(rsp);
3959
3960 if (BT_VS_CMD_SUP_FEAT(bt_dev.vs_commands)) {
3961 err = bt_hci_cmd_send_sync(BT_HCI_OP_VS_READ_SUPPORTED_FEATURES,
3962 NULL, &rsp);
3963 if (err) {
3964 LOG_WRN("Failed to read supported vendor features");
3965 return;
3966 }
3967
3968 if (IS_ENABLED(CONFIG_BT_HCI_VS_EXT_DETECT) &&
3969 rsp->len !=
3970 sizeof(struct bt_hci_rp_vs_read_supported_features)) {
3971 LOG_WRN("Invalid Vendor HCI extensions");
3972 net_buf_unref(rsp);
3973 return;
3974 }
3975
3976 rp.feat = (void *)rsp->data;
3977 memcpy(bt_dev.vs_features, rp.feat->features,
3978 BT_DEV_VS_FEAT_MAX);
3979 net_buf_unref(rsp);
3980 }
3981 }
3982 #endif /* CONFIG_BT_HCI_VS */
3983
hci_init(void)3984 static int hci_init(void)
3985 {
3986 int err;
3987
3988 #if defined(CONFIG_BT_HCI_SETUP)
3989 struct bt_hci_setup_params setup_params = { 0 };
3990
3991 bt_addr_copy(&setup_params.public_addr, BT_ADDR_ANY);
3992 #if defined(CONFIG_BT_HCI_SET_PUBLIC_ADDR)
3993 if (bt_dev.id_count > 0 && bt_dev.id_addr[BT_ID_DEFAULT].type == BT_ADDR_LE_PUBLIC) {
3994 bt_addr_copy(&setup_params.public_addr, &bt_dev.id_addr[BT_ID_DEFAULT].a);
3995 }
3996 #endif /* defined(CONFIG_BT_HCI_SET_PUBLIC_ADDR) */
3997
3998 err = bt_hci_setup(bt_dev.hci, &setup_params);
3999 if (err && err != -ENOSYS) {
4000 return err;
4001 }
4002 #endif /* defined(CONFIG_BT_HCI_SETUP) */
4003
4004 err = common_init();
4005 if (err) {
4006 return err;
4007 }
4008
4009 err = le_init();
4010 if (err) {
4011 return err;
4012 }
4013
4014 if (BT_FEAT_BREDR(bt_dev.features)) {
4015 err = bt_br_init();
4016 if (err) {
4017 return err;
4018 }
4019 } else if (IS_ENABLED(CONFIG_BT_CLASSIC)) {
4020 LOG_ERR("Non-BR/EDR controller detected");
4021 return -EIO;
4022 }
4023 #if defined(CONFIG_BT_CONN)
4024 else if (!bt_dev.le.acl_mtu) {
4025 LOG_ERR("ACL BR/EDR buffers not initialized");
4026 return -EIO;
4027 }
4028 #endif
4029
4030 err = set_event_mask();
4031 if (err) {
4032 return err;
4033 }
4034
4035 #if defined(CONFIG_BT_HCI_VS)
4036 hci_vs_init();
4037 #endif
4038 err = bt_id_init();
4039 if (err) {
4040 return err;
4041 }
4042
4043 return 0;
4044 }
4045
bt_send(struct net_buf * buf)4046 int bt_send(struct net_buf *buf)
4047 {
4048 LOG_DBG("buf %p len %u type %u", buf, buf->len, bt_buf_get_type(buf));
4049
4050 bt_monitor_send(bt_monitor_opcode(buf), buf->data, buf->len);
4051
4052 return bt_hci_send(bt_dev.hci, buf);
4053 }
4054
4055 static const struct event_handler prio_events[] = {
4056 EVENT_HANDLER(BT_HCI_EVT_CMD_COMPLETE, hci_cmd_complete,
4057 sizeof(struct bt_hci_evt_cmd_complete)),
4058 EVENT_HANDLER(BT_HCI_EVT_CMD_STATUS, hci_cmd_status,
4059 sizeof(struct bt_hci_evt_cmd_status)),
4060 #if defined(CONFIG_BT_CONN)
4061 EVENT_HANDLER(BT_HCI_EVT_DATA_BUF_OVERFLOW,
4062 hci_data_buf_overflow,
4063 sizeof(struct bt_hci_evt_data_buf_overflow)),
4064 EVENT_HANDLER(BT_HCI_EVT_DISCONN_COMPLETE, hci_disconn_complete_prio,
4065 sizeof(struct bt_hci_evt_disconn_complete)),
4066 #endif /* CONFIG_BT_CONN */
4067 #if defined(CONFIG_BT_CONN_TX)
4068 EVENT_HANDLER(BT_HCI_EVT_NUM_COMPLETED_PACKETS,
4069 hci_num_completed_packets,
4070 sizeof(struct bt_hci_evt_num_completed_packets)),
4071 #endif /* CONFIG_BT_CONN_TX */
4072 };
4073
hci_event_prio(struct net_buf * buf)4074 void hci_event_prio(struct net_buf *buf)
4075 {
4076 struct net_buf_simple_state state;
4077 struct bt_hci_evt_hdr *hdr;
4078 uint8_t evt_flags;
4079
4080 net_buf_simple_save(&buf->b, &state);
4081
4082 if (buf->len < sizeof(*hdr)) {
4083 LOG_ERR("Invalid HCI event size (%u)", buf->len);
4084 net_buf_unref(buf);
4085 return;
4086 }
4087
4088 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
4089 evt_flags = bt_hci_evt_get_flags(hdr->evt);
4090 BT_ASSERT(evt_flags & BT_HCI_EVT_FLAG_RECV_PRIO);
4091
4092 handle_event(hdr->evt, buf, prio_events, ARRAY_SIZE(prio_events));
4093
4094 if (evt_flags & BT_HCI_EVT_FLAG_RECV) {
4095 net_buf_simple_restore(&buf->b, &state);
4096 } else {
4097 net_buf_unref(buf);
4098 }
4099 }
4100
rx_queue_put(struct net_buf * buf)4101 static void rx_queue_put(struct net_buf *buf)
4102 {
4103 net_buf_slist_put(&bt_dev.rx_queue, buf);
4104
4105 #if defined(CONFIG_BT_RECV_WORKQ_SYS)
4106 const int err = k_work_submit(&rx_work);
4107 #elif defined(CONFIG_BT_RECV_WORKQ_BT)
4108 const int err = k_work_submit_to_queue(&bt_workq, &rx_work);
4109 #endif /* CONFIG_BT_RECV_WORKQ_SYS */
4110 if (err < 0) {
4111 LOG_ERR("Could not submit rx_work: %d", err);
4112 }
4113 }
4114
bt_recv_unsafe(struct net_buf * buf)4115 static int bt_recv_unsafe(struct net_buf *buf)
4116 {
4117 bt_monitor_send(bt_monitor_opcode(buf), buf->data, buf->len);
4118
4119 LOG_DBG("buf %p len %u", buf, buf->len);
4120
4121 switch (bt_buf_get_type(buf)) {
4122 #if defined(CONFIG_BT_CONN)
4123 case BT_BUF_ACL_IN:
4124 rx_queue_put(buf);
4125 return 0;
4126 #endif /* BT_CONN */
4127 case BT_BUF_EVT:
4128 {
4129 struct bt_hci_evt_hdr *hdr = (void *)buf->data;
4130 uint8_t evt_flags = bt_hci_evt_get_flags(hdr->evt);
4131
4132 if (evt_flags & BT_HCI_EVT_FLAG_RECV_PRIO) {
4133 hci_event_prio(buf);
4134 }
4135
4136 if (evt_flags & BT_HCI_EVT_FLAG_RECV) {
4137 rx_queue_put(buf);
4138 }
4139
4140 return 0;
4141 }
4142 #if defined(CONFIG_BT_ISO)
4143 case BT_BUF_ISO_IN:
4144 rx_queue_put(buf);
4145 return 0;
4146 #endif /* CONFIG_BT_ISO */
4147 default:
4148 LOG_ERR("Invalid buf type %u", bt_buf_get_type(buf));
4149 net_buf_unref(buf);
4150 return -EINVAL;
4151 }
4152 }
4153
bt_hci_recv(const struct device * dev,struct net_buf * buf)4154 int bt_hci_recv(const struct device *dev, struct net_buf *buf)
4155 {
4156 ARG_UNUSED(dev);
4157 int err;
4158
4159 k_sched_lock();
4160 err = bt_recv_unsafe(buf);
4161 k_sched_unlock();
4162
4163 return err;
4164 }
4165
bt_finalize_init(void)4166 void bt_finalize_init(void)
4167 {
4168 atomic_set_bit(bt_dev.flags, BT_DEV_READY);
4169
4170 if (IS_ENABLED(CONFIG_BT_OBSERVER)) {
4171 bt_scan_reset();
4172 }
4173
4174 bt_dev_show_info();
4175 }
4176
bt_init(void)4177 static int bt_init(void)
4178 {
4179 int err;
4180
4181 err = hci_init();
4182 if (err) {
4183 return err;
4184 }
4185
4186 if (IS_ENABLED(CONFIG_BT_CONN)) {
4187 err = bt_conn_init();
4188 if (err) {
4189 return err;
4190 }
4191 }
4192
4193 if (IS_ENABLED(CONFIG_BT_ISO)) {
4194 err = bt_conn_iso_init();
4195 if (err) {
4196 return err;
4197 }
4198 }
4199
4200 if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
4201 if (!bt_dev.id_count) {
4202 LOG_INF("No ID address. App must call settings_load()");
4203 return 0;
4204 }
4205
4206 atomic_set_bit(bt_dev.flags, BT_DEV_PRESET_ID);
4207 }
4208
4209 bt_finalize_init();
4210 return 0;
4211 }
4212
init_work(struct k_work * work)4213 static void init_work(struct k_work *work)
4214 {
4215 int err;
4216
4217 err = bt_init();
4218 if (ready_cb) {
4219 ready_cb(err);
4220 }
4221 }
4222
rx_work_handler(struct k_work * work)4223 static void rx_work_handler(struct k_work *work)
4224 {
4225 int err;
4226
4227 struct net_buf *buf;
4228
4229 LOG_DBG("Getting net_buf from queue");
4230 buf = net_buf_slist_get(&bt_dev.rx_queue);
4231 if (!buf) {
4232 return;
4233 }
4234
4235 LOG_DBG("buf %p type %u len %u", buf, bt_buf_get_type(buf), buf->len);
4236
4237 switch (bt_buf_get_type(buf)) {
4238 #if defined(CONFIG_BT_CONN)
4239 case BT_BUF_ACL_IN:
4240 hci_acl(buf);
4241 break;
4242 #endif /* CONFIG_BT_CONN */
4243 #if defined(CONFIG_BT_ISO)
4244 case BT_BUF_ISO_IN:
4245 hci_iso(buf);
4246 break;
4247 #endif /* CONFIG_BT_ISO */
4248 case BT_BUF_EVT:
4249 hci_event(buf);
4250 break;
4251 default:
4252 LOG_ERR("Unknown buf type %u", bt_buf_get_type(buf));
4253 net_buf_unref(buf);
4254 break;
4255 }
4256
4257 /* Schedule the work handler to be executed again if there are
4258 * additional items in the queue. This allows for other users of the
4259 * work queue to get a chance at running, which wouldn't be possible if
4260 * we used a while() loop with a k_yield() statement.
4261 */
4262 if (!sys_slist_is_empty(&bt_dev.rx_queue)) {
4263
4264 #if defined(CONFIG_BT_RECV_WORKQ_SYS)
4265 err = k_work_submit(&rx_work);
4266 #elif defined(CONFIG_BT_RECV_WORKQ_BT)
4267 err = k_work_submit_to_queue(&bt_workq, &rx_work);
4268 #endif
4269 if (err < 0) {
4270 LOG_ERR("Could not submit rx_work: %d", err);
4271 }
4272 }
4273 }
4274
4275 #if defined(CONFIG_BT_TESTING)
bt_testing_tx_tid_get(void)4276 k_tid_t bt_testing_tx_tid_get(void)
4277 {
4278 /* We now TX everything from the syswq */
4279 return &k_sys_work_q.thread;
4280 }
4281
4282 #if defined(CONFIG_BT_ISO)
bt_testing_set_iso_mtu(uint16_t mtu)4283 void bt_testing_set_iso_mtu(uint16_t mtu)
4284 {
4285 bt_dev.le.iso_mtu = mtu;
4286 }
4287 #endif /* CONFIG_BT_ISO */
4288 #endif /* CONFIG_BT_TESTING */
4289
bt_enable(bt_ready_cb_t cb)4290 int bt_enable(bt_ready_cb_t cb)
4291 {
4292 int err;
4293
4294 if (IS_ENABLED(CONFIG_ZTEST) && bt_dev.hci == NULL) {
4295 LOG_ERR("No DT chosen property for HCI");
4296 return -ENODEV;
4297 }
4298
4299 if (!device_is_ready(bt_dev.hci)) {
4300 LOG_ERR("HCI driver is not ready");
4301 return -ENODEV;
4302 }
4303
4304 bt_monitor_new_index(BT_MONITOR_TYPE_PRIMARY, BT_HCI_BUS, BT_ADDR_ANY, BT_HCI_NAME);
4305
4306 atomic_clear_bit(bt_dev.flags, BT_DEV_DISABLE);
4307
4308 if (atomic_test_and_set_bit(bt_dev.flags, BT_DEV_ENABLE)) {
4309 return -EALREADY;
4310 }
4311
4312 if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
4313 err = bt_settings_init();
4314 if (err) {
4315 return err;
4316 }
4317 } else if (IS_ENABLED(CONFIG_BT_DEVICE_NAME_DYNAMIC)) {
4318 err = bt_set_name(CONFIG_BT_DEVICE_NAME);
4319 if (err) {
4320 LOG_WRN("Failed to set device name (%d)", err);
4321 }
4322 }
4323
4324 ready_cb = cb;
4325
4326 /* Give cmd_sem allowing to send first HCI_Reset cmd, the only
4327 * exception is if the controller requests to wait for an
4328 * initial Command Complete for NOP.
4329 */
4330 if (!IS_ENABLED(CONFIG_BT_WAIT_NOP)) {
4331 k_sem_init(&bt_dev.ncmd_sem, 1, 1);
4332 } else {
4333 k_sem_init(&bt_dev.ncmd_sem, 0, 1);
4334 }
4335 k_fifo_init(&bt_dev.cmd_tx_queue);
4336
4337 #if defined(CONFIG_BT_RECV_WORKQ_BT)
4338 /* RX thread */
4339 k_work_queue_init(&bt_workq);
4340 k_work_queue_start(&bt_workq, rx_thread_stack,
4341 CONFIG_BT_RX_STACK_SIZE,
4342 K_PRIO_COOP(CONFIG_BT_RX_PRIO), NULL);
4343 k_thread_name_set(&bt_workq.thread, "BT RX WQ");
4344 #endif
4345
4346 err = bt_hci_open(bt_dev.hci, bt_hci_recv);
4347 if (err) {
4348 LOG_ERR("HCI driver open failed (%d)", err);
4349 return err;
4350 }
4351
4352 bt_monitor_send(BT_MONITOR_OPEN_INDEX, NULL, 0);
4353
4354 if (!cb) {
4355 return bt_init();
4356 }
4357
4358 k_work_submit(&bt_dev.init);
4359 return 0;
4360 }
4361
bt_disable(void)4362 int bt_disable(void)
4363 {
4364 int err;
4365
4366 if (atomic_test_and_set_bit(bt_dev.flags, BT_DEV_DISABLE)) {
4367 return -EALREADY;
4368 }
4369
4370 /* Clear BT_DEV_READY before disabling HCI link */
4371 atomic_clear_bit(bt_dev.flags, BT_DEV_READY);
4372
4373 #if defined(CONFIG_BT_BROADCASTER)
4374 bt_adv_reset_adv_pool();
4375 #endif /* CONFIG_BT_BROADCASTER */
4376
4377 #if defined(CONFIG_BT_PRIVACY)
4378 k_work_cancel_delayable(&bt_dev.rpa_update);
4379 #endif /* CONFIG_BT_PRIVACY */
4380
4381 #if defined(CONFIG_BT_PER_ADV_SYNC)
4382 bt_periodic_sync_disable();
4383 #endif /* CONFIG_BT_PER_ADV_SYNC */
4384
4385 #if defined(CONFIG_BT_CONN)
4386 if (IS_ENABLED(CONFIG_BT_SMP)) {
4387 bt_pub_key_hci_disrupted();
4388 }
4389 bt_conn_cleanup_all();
4390 disconnected_handles_reset();
4391 #endif /* CONFIG_BT_CONN */
4392
4393 /* Reset the Controller */
4394 if (!drv_quirk_no_reset()) {
4395
4396 err = bt_hci_cmd_send_sync(BT_HCI_OP_RESET, NULL, NULL);
4397 if (err) {
4398 LOG_ERR("Failed to reset BLE controller");
4399 return err;
4400 }
4401
4402 hci_reset_complete();
4403 }
4404
4405 err = bt_hci_close(bt_dev.hci);
4406 if (err == -ENOSYS) {
4407 atomic_clear_bit(bt_dev.flags, BT_DEV_DISABLE);
4408 atomic_set_bit(bt_dev.flags, BT_DEV_READY);
4409 return -ENOTSUP;
4410 }
4411
4412 if (err) {
4413 LOG_ERR("HCI driver close failed (%d)", err);
4414
4415 /* Re-enable BT_DEV_READY to avoid inconsistent stack state */
4416 atomic_set_bit(bt_dev.flags, BT_DEV_READY);
4417
4418 return err;
4419 }
4420
4421 #if defined(CONFIG_BT_RECV_WORKQ_BT)
4422 /* Abort RX thread */
4423 k_thread_abort(&bt_workq.thread);
4424 #endif
4425
4426 /* Some functions rely on checking this bitfield */
4427 memset(bt_dev.supported_commands, 0x00, sizeof(bt_dev.supported_commands));
4428
4429 /* Reset IDs and corresponding keys. */
4430 bt_dev.id_count = 0;
4431 #if defined(CONFIG_BT_SMP)
4432 bt_dev.le.rl_entries = 0;
4433 bt_keys_reset();
4434 #endif
4435
4436 /* If random address was set up - clear it */
4437 bt_addr_le_copy(&bt_dev.random_addr, BT_ADDR_LE_ANY);
4438
4439 if (IS_ENABLED(CONFIG_BT_ISO)) {
4440 bt_iso_reset();
4441 }
4442
4443 bt_monitor_send(BT_MONITOR_CLOSE_INDEX, NULL, 0);
4444
4445 /* Clear BT_DEV_ENABLE here to prevent early bt_enable() calls, before disable is
4446 * completed.
4447 */
4448 atomic_clear_bit(bt_dev.flags, BT_DEV_ENABLE);
4449
4450 return 0;
4451 }
4452
bt_is_ready(void)4453 bool bt_is_ready(void)
4454 {
4455 return atomic_test_bit(bt_dev.flags, BT_DEV_READY);
4456 }
4457
4458 #define DEVICE_NAME_LEN (sizeof(CONFIG_BT_DEVICE_NAME) - 1)
4459 #if defined(CONFIG_BT_DEVICE_NAME_DYNAMIC)
4460 BUILD_ASSERT(DEVICE_NAME_LEN < CONFIG_BT_DEVICE_NAME_MAX);
4461 #else
4462 BUILD_ASSERT(DEVICE_NAME_LEN < 248);
4463 #endif
4464
bt_set_name(const char * name)4465 int bt_set_name(const char *name)
4466 {
4467 #if defined(CONFIG_BT_DEVICE_NAME_DYNAMIC)
4468 size_t len = strlen(name);
4469 int err;
4470
4471 if (len > CONFIG_BT_DEVICE_NAME_MAX) {
4472 return -ENOMEM;
4473 }
4474
4475 if (!strcmp(bt_dev.name, name)) {
4476 return 0;
4477 }
4478
4479 memcpy(bt_dev.name, name, len);
4480 bt_dev.name[len] = '\0';
4481
4482 if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
4483 err = bt_settings_store_name(bt_dev.name, len);
4484 if (err) {
4485 LOG_WRN("Unable to store name");
4486 }
4487 }
4488
4489 return 0;
4490 #else
4491 return -ENOMEM;
4492 #endif
4493 }
4494
bt_get_name(void)4495 const char *bt_get_name(void)
4496 {
4497 #if defined(CONFIG_BT_DEVICE_NAME_DYNAMIC)
4498 return bt_dev.name;
4499 #else
4500 return CONFIG_BT_DEVICE_NAME;
4501 #endif
4502 }
4503
bt_get_appearance(void)4504 uint16_t bt_get_appearance(void)
4505 {
4506 #if defined(CONFIG_BT_DEVICE_APPEARANCE_DYNAMIC)
4507 return bt_dev.appearance;
4508 #else
4509 return CONFIG_BT_DEVICE_APPEARANCE;
4510 #endif
4511 }
4512
4513 #if defined(CONFIG_BT_DEVICE_APPEARANCE_DYNAMIC)
bt_set_appearance(uint16_t appearance)4514 int bt_set_appearance(uint16_t appearance)
4515 {
4516 if (bt_dev.appearance != appearance) {
4517 if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
4518 int err = bt_settings_store_appearance(&appearance, sizeof(appearance));
4519 if (err) {
4520 LOG_ERR("Unable to save setting 'bt/appearance' (err %d).", err);
4521 return err;
4522 }
4523 }
4524
4525 bt_dev.appearance = appearance;
4526 }
4527
4528 return 0;
4529 }
4530 #endif
4531
bt_le_get_local_features(struct bt_le_local_features * remote_info)4532 int bt_le_get_local_features(struct bt_le_local_features *remote_info)
4533 {
4534 if (remote_info == NULL) {
4535 return -EINVAL;
4536 }
4537
4538 if (!atomic_test_bit(bt_dev.flags, BT_DEV_READY)) {
4539 return -EAGAIN;
4540 }
4541
4542 memcpy(remote_info->features, bt_dev.le.features, sizeof(remote_info->features));
4543 remote_info->states = bt_dev.le.states;
4544 remote_info->acl_mtu = COND_CODE_1(CONFIG_BT_CONN, (bt_dev.le.acl_mtu), (0));
4545 remote_info->acl_pkts = COND_CODE_1(CONFIG_BT_CONN, (bt_dev.le.acl_pkts.limit), (0));
4546 remote_info->iso_mtu = COND_CODE_1(CONFIG_BT_ISO, (bt_dev.le.iso_mtu), (0));
4547 remote_info->iso_pkts = COND_CODE_1(CONFIG_BT_ISO, (bt_dev.le.iso_limit), (0));
4548 remote_info->rl_size = COND_CODE_1(CONFIG_BT_SMP, (bt_dev.le.rl_size), (0));
4549 remote_info->max_adv_data_len =
4550 COND_CODE_1(CONFIG_BT_BROADCASTER, (bt_dev.le.max_adv_data_len), (0));
4551
4552 return 0;
4553 }
4554
bt_le_bond_exists(uint8_t id,const bt_addr_le_t * addr)4555 bool bt_le_bond_exists(uint8_t id, const bt_addr_le_t *addr)
4556 {
4557 if (IS_ENABLED(CONFIG_BT_SMP)) {
4558 struct bt_keys *keys = bt_keys_find_addr(id, addr);
4559
4560 /* if there are any keys stored then device is bonded */
4561 return keys && keys->keys;
4562 } else {
4563 return false;
4564 }
4565 }
4566
4567 #if defined(CONFIG_BT_FILTER_ACCEPT_LIST)
bt_le_filter_accept_list_add(const bt_addr_le_t * addr)4568 int bt_le_filter_accept_list_add(const bt_addr_le_t *addr)
4569 {
4570 struct bt_hci_cp_le_add_dev_to_fal *cp;
4571 struct net_buf *buf;
4572 int err;
4573
4574 if (!atomic_test_bit(bt_dev.flags, BT_DEV_READY)) {
4575 return -EAGAIN;
4576 }
4577
4578 buf = bt_hci_cmd_create(BT_HCI_OP_LE_ADD_DEV_TO_FAL, sizeof(*cp));
4579 if (!buf) {
4580 return -ENOBUFS;
4581 }
4582
4583 cp = net_buf_add(buf, sizeof(*cp));
4584 bt_addr_le_copy(&cp->addr, addr);
4585
4586 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_ADD_DEV_TO_FAL, buf, NULL);
4587 if (err) {
4588 LOG_ERR("Failed to add device to filter accept list");
4589
4590 return err;
4591 }
4592
4593 return 0;
4594 }
4595
bt_le_filter_accept_list_remove(const bt_addr_le_t * addr)4596 int bt_le_filter_accept_list_remove(const bt_addr_le_t *addr)
4597 {
4598 struct bt_hci_cp_le_rem_dev_from_fal *cp;
4599 struct net_buf *buf;
4600 int err;
4601
4602 if (!atomic_test_bit(bt_dev.flags, BT_DEV_READY)) {
4603 return -EAGAIN;
4604 }
4605
4606 buf = bt_hci_cmd_create(BT_HCI_OP_LE_REM_DEV_FROM_FAL, sizeof(*cp));
4607 if (!buf) {
4608 return -ENOBUFS;
4609 }
4610
4611 cp = net_buf_add(buf, sizeof(*cp));
4612 bt_addr_le_copy(&cp->addr, addr);
4613
4614 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_REM_DEV_FROM_FAL, buf, NULL);
4615 if (err) {
4616 LOG_ERR("Failed to remove device from filter accept list");
4617 return err;
4618 }
4619
4620 return 0;
4621 }
4622
bt_le_filter_accept_list_clear(void)4623 int bt_le_filter_accept_list_clear(void)
4624 {
4625 int err;
4626
4627 if (!atomic_test_bit(bt_dev.flags, BT_DEV_READY)) {
4628 return -EAGAIN;
4629 }
4630
4631 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_CLEAR_FAL, NULL, NULL);
4632 if (err) {
4633 LOG_ERR("Failed to clear filter accept list");
4634 return err;
4635 }
4636
4637 return 0;
4638 }
4639 #endif /* defined(CONFIG_BT_FILTER_ACCEPT_LIST) */
4640
bt_le_set_chan_map(uint8_t chan_map[5])4641 int bt_le_set_chan_map(uint8_t chan_map[5])
4642 {
4643 struct bt_hci_cp_le_set_host_chan_classif *cp;
4644 struct net_buf *buf;
4645
4646 if (!(IS_ENABLED(CONFIG_BT_CENTRAL) || IS_ENABLED(CONFIG_BT_BROADCASTER))) {
4647 return -ENOTSUP;
4648 }
4649
4650 if (!BT_CMD_TEST(bt_dev.supported_commands, 27, 3)) {
4651 LOG_WRN("Set Host Channel Classification command is "
4652 "not supported");
4653 return -ENOTSUP;
4654 }
4655
4656 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_HOST_CHAN_CLASSIF,
4657 sizeof(*cp));
4658 if (!buf) {
4659 return -ENOBUFS;
4660 }
4661
4662 cp = net_buf_add(buf, sizeof(*cp));
4663
4664 memcpy(&cp->ch_map[0], &chan_map[0], 4);
4665 cp->ch_map[4] = chan_map[4] & BIT_MASK(5);
4666
4667 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_HOST_CHAN_CLASSIF,
4668 buf, NULL);
4669 }
4670
4671 #if defined(CONFIG_BT_RPA_TIMEOUT_DYNAMIC)
bt_le_set_rpa_timeout(uint16_t new_rpa_timeout)4672 int bt_le_set_rpa_timeout(uint16_t new_rpa_timeout)
4673 {
4674 if ((new_rpa_timeout == 0) || (new_rpa_timeout > 3600)) {
4675 return -EINVAL;
4676 }
4677
4678 if (new_rpa_timeout == bt_dev.rpa_timeout) {
4679 return 0;
4680 }
4681
4682 bt_dev.rpa_timeout = new_rpa_timeout;
4683 atomic_set_bit(bt_dev.flags, BT_DEV_RPA_TIMEOUT_CHANGED);
4684
4685 return 0;
4686 }
4687 #endif
4688
bt_configure_data_path(uint8_t dir,uint8_t id,uint8_t vs_config_len,const uint8_t * vs_config)4689 int bt_configure_data_path(uint8_t dir, uint8_t id, uint8_t vs_config_len,
4690 const uint8_t *vs_config)
4691 {
4692 struct bt_hci_rp_configure_data_path *rp;
4693 struct bt_hci_cp_configure_data_path *cp;
4694 struct net_buf *rsp;
4695 struct net_buf *buf;
4696 int err;
4697
4698 buf = bt_hci_cmd_create(BT_HCI_OP_CONFIGURE_DATA_PATH, sizeof(*cp) +
4699 vs_config_len);
4700 if (!buf) {
4701 return -ENOBUFS;
4702 }
4703
4704 cp = net_buf_add(buf, sizeof(*cp));
4705 cp->data_path_dir = dir;
4706 cp->data_path_id = id;
4707 cp->vs_config_len = vs_config_len;
4708 if (vs_config_len) {
4709 (void)memcpy(cp->vs_config, vs_config, vs_config_len);
4710 }
4711
4712 err = bt_hci_cmd_send_sync(BT_HCI_OP_CONFIGURE_DATA_PATH, buf, &rsp);
4713 if (err) {
4714 return err;
4715 }
4716
4717 rp = (void *)rsp->data;
4718 if (rp->status) {
4719 err = -EIO;
4720 }
4721 net_buf_unref(rsp);
4722
4723 return err;
4724 }
4725
4726 /* Return `true` if a command was processed/sent */
process_pending_cmd(k_timeout_t timeout)4727 static bool process_pending_cmd(k_timeout_t timeout)
4728 {
4729 if (!k_fifo_is_empty(&bt_dev.cmd_tx_queue)) {
4730 if (k_sem_take(&bt_dev.ncmd_sem, timeout) == 0) {
4731 hci_core_send_cmd();
4732 return true;
4733 }
4734 }
4735
4736 return false;
4737 }
4738
tx_processor(struct k_work * item)4739 static void tx_processor(struct k_work *item)
4740 {
4741 LOG_DBG("TX process start");
4742 if (process_pending_cmd(K_NO_WAIT)) {
4743 /* If we processed a command, let the scheduler run before
4744 * processing another command (or data).
4745 */
4746 bt_tx_irq_raise();
4747 return;
4748 }
4749
4750 /* Hand over control to conn to process pending data */
4751 if (IS_ENABLED(CONFIG_BT_CONN_TX)) {
4752 bt_conn_tx_processor();
4753 }
4754 }
4755
4756 static K_WORK_DEFINE(tx_work, tx_processor);
4757
bt_tx_irq_raise(void)4758 void bt_tx_irq_raise(void)
4759 {
4760 LOG_DBG("kick TX");
4761 k_work_submit(&tx_work);
4762 }
4763