1 /* hci_core.c - HCI core Bluetooth handling */
2
3 /*
4 * Copyright (c) 2017-2021 Nordic Semiconductor ASA
5 * Copyright (c) 2015-2016 Intel Corporation
6 *
7 * SPDX-License-Identifier: Apache-2.0
8 */
9
10 #include <zephyr/bluetooth/hci_types.h>
11 #include <zephyr/kernel.h>
12 #include <string.h>
13 #include <stdio.h>
14 #include <errno.h>
15 #include <zephyr/net_buf.h>
16 #include <zephyr/sys/atomic.h>
17 #include <zephyr/sys/check.h>
18 #include <zephyr/sys/util_macro.h>
19 #include <zephyr/sys/util.h>
20 #include <zephyr/sys/slist.h>
21 #include <zephyr/sys/byteorder.h>
22 #include <zephyr/debug/stack.h>
23 #include <zephyr/sys/__assert.h>
24 #include <soc.h>
25
26 #include <zephyr/settings/settings.h>
27
28 #include <zephyr/bluetooth/bluetooth.h>
29 #include <zephyr/bluetooth/conn.h>
30 #include <zephyr/bluetooth/l2cap.h>
31 #include <zephyr/bluetooth/hci.h>
32 #include <zephyr/bluetooth/hci_vs.h>
33 #include <zephyr/bluetooth/testing.h>
34 #include <zephyr/drivers/bluetooth.h>
35
36 #include "common/bt_str.h"
37 #include "common/assert.h"
38
39 #include "common/rpa.h"
40 #include "keys.h"
41 #include "monitor.h"
42 #include "hci_core.h"
43 #include "hci_ecc.h"
44 #include "ecc.h"
45 #include "id.h"
46 #include "adv.h"
47 #include "scan.h"
48
49 #include "addr_internal.h"
50 #include "conn_internal.h"
51 #include "iso_internal.h"
52 #include "l2cap_internal.h"
53 #include "gatt_internal.h"
54 #include "smp.h"
55 #include "crypto.h"
56 #include "settings.h"
57
58 #if defined(CONFIG_BT_CLASSIC)
59 #include "classic/br.h"
60 #endif
61
62 #if defined(CONFIG_BT_DF)
63 #include "direction_internal.h"
64 #endif /* CONFIG_BT_DF */
65
66 #define LOG_LEVEL CONFIG_BT_HCI_CORE_LOG_LEVEL
67 #include <zephyr/logging/log.h>
68 LOG_MODULE_REGISTER(bt_hci_core);
69
70 #if DT_HAS_CHOSEN(zephyr_bt_hci)
71 #define BT_HCI_NODE DT_CHOSEN(zephyr_bt_hci)
72 #define BT_HCI_DEV DEVICE_DT_GET(BT_HCI_NODE)
73 #define BT_HCI_BUS BT_DT_HCI_BUS_GET(BT_HCI_NODE)
74 #define BT_HCI_NAME BT_DT_HCI_NAME_GET(BT_HCI_NODE)
75 #define BT_HCI_QUIRKS BT_DT_HCI_QUIRKS_GET(BT_HCI_NODE)
76 #else
77 /* The zephyr,bt-hci chosen property is mandatory, except for unit tests */
78 BUILD_ASSERT(IS_ENABLED(CONFIG_ZTEST), "Missing DT chosen property for HCI");
79 #define BT_HCI_DEV NULL
80 #define BT_HCI_BUS 0
81 #define BT_HCI_NAME ""
82 #define BT_HCI_QUIRKS 0
83 #endif
84
85 void bt_tx_irq_raise(void);
86
87 #define HCI_CMD_TIMEOUT K_SECONDS(10)
88
89 /* Stacks for the threads */
90 static void rx_work_handler(struct k_work *work);
91 static K_WORK_DEFINE(rx_work, rx_work_handler);
92 #if defined(CONFIG_BT_RECV_WORKQ_BT)
93 static struct k_work_q bt_workq;
94 static K_KERNEL_STACK_DEFINE(rx_thread_stack, CONFIG_BT_RX_STACK_SIZE);
95 #endif /* CONFIG_BT_RECV_WORKQ_BT */
96
97 static void init_work(struct k_work *work);
98
99 struct bt_dev bt_dev = {
100 .init = Z_WORK_INITIALIZER(init_work),
101 #if defined(CONFIG_BT_PRIVACY)
102 .rpa_timeout = CONFIG_BT_RPA_TIMEOUT,
103 #endif
104 #if defined(CONFIG_BT_DEVICE_APPEARANCE_DYNAMIC)
105 .appearance = CONFIG_BT_DEVICE_APPEARANCE,
106 #endif
107 .hci = BT_HCI_DEV,
108 };
109
110 static bt_ready_cb_t ready_cb;
111
112 #if defined(CONFIG_BT_HCI_VS_EVT_USER)
113 static bt_hci_vnd_evt_cb_t *hci_vnd_evt_cb;
114 #endif /* CONFIG_BT_HCI_VS_EVT_USER */
115
116 struct cmd_data {
117 /** HCI status of the command completion */
118 uint8_t status;
119
120 /** The command OpCode that the buffer contains */
121 uint16_t opcode;
122
123 /** The state to update when command completes with success. */
124 struct bt_hci_cmd_state_set *state;
125
126 /** Used by bt_hci_cmd_send_sync. */
127 struct k_sem *sync;
128 };
129
130 static struct cmd_data cmd_data[CONFIG_BT_BUF_CMD_TX_COUNT];
131
132 #define cmd(buf) (&cmd_data[net_buf_id(buf)])
133 #define acl(buf) ((struct acl_data *)net_buf_user_data(buf))
134
drv_quirk_no_reset(void)135 static bool drv_quirk_no_reset(void)
136 {
137 return ((BT_HCI_QUIRKS & BT_HCI_QUIRK_NO_RESET) != 0);
138 }
139
bt_drv_quirk_no_auto_dle(void)140 bool bt_drv_quirk_no_auto_dle(void)
141 {
142 return ((BT_HCI_QUIRKS & BT_HCI_QUIRK_NO_AUTO_DLE) != 0);
143 }
144
bt_hci_cmd_state_set_init(struct net_buf * buf,struct bt_hci_cmd_state_set * state,atomic_t * target,int bit,bool val)145 void bt_hci_cmd_state_set_init(struct net_buf *buf,
146 struct bt_hci_cmd_state_set *state,
147 atomic_t *target, int bit, bool val)
148 {
149 state->target = target;
150 state->bit = bit;
151 state->val = val;
152 cmd(buf)->state = state;
153 }
154
155 /* HCI command buffers. Derive the needed size from both Command and Event
156 * buffer length since the buffer is also used for the response event i.e
157 * command complete or command status.
158 */
159 #define CMD_BUF_SIZE MAX(BT_BUF_EVT_RX_SIZE, BT_BUF_CMD_TX_SIZE)
160 NET_BUF_POOL_FIXED_DEFINE(hci_cmd_pool, CONFIG_BT_BUF_CMD_TX_COUNT,
161 CMD_BUF_SIZE, sizeof(struct bt_buf_data), NULL);
162
163 struct event_handler {
164 uint8_t event;
165 uint8_t min_len;
166 void (*handler)(struct net_buf *buf);
167 };
168
169 #define EVENT_HANDLER(_evt, _handler, _min_len) \
170 { \
171 .event = _evt, \
172 .handler = _handler, \
173 .min_len = _min_len, \
174 }
175
handle_event_common(uint8_t event,struct net_buf * buf,const struct event_handler * handlers,size_t num_handlers)176 static int handle_event_common(uint8_t event, struct net_buf *buf,
177 const struct event_handler *handlers, size_t num_handlers)
178 {
179 size_t i;
180
181 for (i = 0; i < num_handlers; i++) {
182 const struct event_handler *handler = &handlers[i];
183
184 if (handler->event != event) {
185 continue;
186 }
187
188 if (buf->len < handler->min_len) {
189 LOG_ERR("Too small (%u bytes) event 0x%02x", buf->len, event);
190 return -EINVAL;
191 }
192
193 handler->handler(buf);
194 return 0;
195 }
196
197 return -EOPNOTSUPP;
198 }
199
handle_event(uint8_t event,struct net_buf * buf,const struct event_handler * handlers,size_t num_handlers)200 static void handle_event(uint8_t event, struct net_buf *buf, const struct event_handler *handlers,
201 size_t num_handlers)
202 {
203 int err;
204
205 err = handle_event_common(event, buf, handlers, num_handlers);
206 if (err == -EOPNOTSUPP) {
207 LOG_WRN("Unhandled event 0x%02x len %u: %s", event, buf->len,
208 bt_hex(buf->data, buf->len));
209 }
210
211 /* Other possible errors are handled by handle_event_common function */
212 }
213
handle_vs_event(uint8_t event,struct net_buf * buf,const struct event_handler * handlers,size_t num_handlers)214 static void handle_vs_event(uint8_t event, struct net_buf *buf,
215 const struct event_handler *handlers, size_t num_handlers)
216 {
217 int err;
218
219 err = handle_event_common(event, buf, handlers, num_handlers);
220 if (err == -EOPNOTSUPP) {
221 LOG_WRN("Unhandled vendor-specific event 0x%02x len %u: %s", event, buf->len,
222 bt_hex(buf->data, buf->len));
223 }
224
225 /* Other possible errors are handled by handle_event_common function */
226 }
227
bt_acl_set_ncp_sent(struct net_buf * packet,bool value)228 void bt_acl_set_ncp_sent(struct net_buf *packet, bool value)
229 {
230 acl(packet)->host_ncp_sent = value;
231 }
232
bt_send_one_host_num_completed_packets(uint16_t handle)233 void bt_send_one_host_num_completed_packets(uint16_t handle)
234 {
235 if (!IS_ENABLED(CONFIG_BT_HCI_ACL_FLOW_CONTROL)) {
236 ARG_UNUSED(handle);
237 return;
238 }
239
240 struct bt_hci_cp_host_num_completed_packets *cp;
241 struct bt_hci_handle_count *hc;
242 struct net_buf *buf;
243 int err;
244
245 LOG_DBG("Reporting completed packet for handle %u", handle);
246
247 buf = bt_hci_cmd_create(BT_HCI_OP_HOST_NUM_COMPLETED_PACKETS,
248 sizeof(*cp) + sizeof(*hc));
249 BT_ASSERT_MSG(buf, "Unable to alloc for Host NCP");
250
251 cp = net_buf_add(buf, sizeof(*cp));
252 cp->num_handles = 1;
253
254 hc = net_buf_add(buf, sizeof(*hc));
255 hc->handle = sys_cpu_to_le16(handle);
256 hc->count = sys_cpu_to_le16(1);
257
258 err = bt_hci_cmd_send(BT_HCI_OP_HOST_NUM_COMPLETED_PACKETS, buf);
259 BT_ASSERT_MSG(err == 0, "Unable to send Host NCP (err %d)", err);
260 }
261
262 #if defined(CONFIG_BT_TESTING)
bt_testing_trace_event_acl_pool_destroy(struct net_buf * buf)263 __weak void bt_testing_trace_event_acl_pool_destroy(struct net_buf *buf)
264 {
265 }
266 #endif
267
268 #if defined(CONFIG_BT_HCI_ACL_FLOW_CONTROL)
bt_hci_host_num_completed_packets(struct net_buf * buf)269 void bt_hci_host_num_completed_packets(struct net_buf *buf)
270 {
271 uint16_t handle = acl(buf)->handle;
272 struct bt_conn *conn;
273 uint8_t index = acl(buf)->index;
274
275 if (IS_ENABLED(CONFIG_BT_TESTING)) {
276 bt_testing_trace_event_acl_pool_destroy(buf);
277 }
278
279 net_buf_destroy(buf);
280
281 if (acl(buf)->host_ncp_sent) {
282 return;
283 }
284
285 /* Do nothing if controller to host flow control is not supported */
286 if (!BT_CMD_TEST(bt_dev.supported_commands, 10, 5)) {
287 return;
288 }
289
290 conn = bt_conn_lookup_index(index);
291 if (!conn) {
292 LOG_WRN("Unable to look up conn with index 0x%02x", index);
293 return;
294 }
295
296 if (conn->state != BT_CONN_CONNECTED &&
297 conn->state != BT_CONN_DISCONNECTING) {
298 LOG_WRN("Not reporting packet for non-connected conn");
299 bt_conn_unref(conn);
300 return;
301 }
302
303 bt_conn_unref(conn);
304
305 bt_send_one_host_num_completed_packets(handle);
306 }
307 #endif /* defined(CONFIG_BT_HCI_ACL_FLOW_CONTROL) */
308
bt_hci_cmd_create(uint16_t opcode,uint8_t param_len)309 struct net_buf *bt_hci_cmd_create(uint16_t opcode, uint8_t param_len)
310 {
311 struct bt_hci_cmd_hdr *hdr;
312 struct net_buf *buf;
313
314 LOG_DBG("opcode 0x%04x param_len %u", opcode, param_len);
315
316 /* net_buf_alloc(K_FOREVER) can fail when run from the syswq */
317 buf = net_buf_alloc(&hci_cmd_pool, K_FOREVER);
318 if (!buf) {
319 LOG_DBG("Unable to allocate a command buffer");
320 return NULL;
321 }
322
323 LOG_DBG("buf %p", buf);
324
325 net_buf_reserve(buf, BT_BUF_RESERVE);
326
327 bt_buf_set_type(buf, BT_BUF_CMD);
328
329 cmd(buf)->opcode = opcode;
330 cmd(buf)->sync = NULL;
331 cmd(buf)->state = NULL;
332
333 hdr = net_buf_add(buf, sizeof(*hdr));
334 hdr->opcode = sys_cpu_to_le16(opcode);
335 hdr->param_len = param_len;
336
337 return buf;
338 }
339
bt_hci_cmd_send(uint16_t opcode,struct net_buf * buf)340 int bt_hci_cmd_send(uint16_t opcode, struct net_buf *buf)
341 {
342 if (!buf) {
343 buf = bt_hci_cmd_create(opcode, 0);
344 if (!buf) {
345 return -ENOBUFS;
346 }
347 }
348
349 LOG_DBG("opcode 0x%04x len %u", opcode, buf->len);
350
351 /* Host Number of Completed Packets can ignore the ncmd value
352 * and does not generate any cmd complete/status events.
353 */
354 if (opcode == BT_HCI_OP_HOST_NUM_COMPLETED_PACKETS) {
355 int err;
356
357 err = bt_send(buf);
358 if (err) {
359 LOG_ERR("Unable to send to driver (err %d)", err);
360 net_buf_unref(buf);
361 }
362
363 return err;
364 }
365
366 k_fifo_put(&bt_dev.cmd_tx_queue, buf);
367 bt_tx_irq_raise();
368
369 return 0;
370 }
371
372 static bool process_pending_cmd(k_timeout_t timeout);
bt_hci_cmd_send_sync(uint16_t opcode,struct net_buf * buf,struct net_buf ** rsp)373 int bt_hci_cmd_send_sync(uint16_t opcode, struct net_buf *buf,
374 struct net_buf **rsp)
375 {
376 struct k_sem sync_sem;
377 uint8_t status;
378 int err;
379
380 if (!buf) {
381 buf = bt_hci_cmd_create(opcode, 0);
382 if (!buf) {
383 return -ENOBUFS;
384 }
385 } else {
386 /* `cmd(buf)` depends on this */
387 if (net_buf_pool_get(buf->pool_id) != &hci_cmd_pool) {
388 __ASSERT_NO_MSG(false);
389 return -EINVAL;
390 }
391 }
392
393 LOG_DBG("buf %p opcode 0x%04x len %u", buf, opcode, buf->len);
394
395 /* This local sem is just for suspending the current thread until the
396 * command is processed by the LL. It is given (and we are awaken) by
397 * the cmd_complete/status handlers.
398 */
399 k_sem_init(&sync_sem, 0, 1);
400 cmd(buf)->sync = &sync_sem;
401
402 k_fifo_put(&bt_dev.cmd_tx_queue, net_buf_ref(buf));
403 bt_tx_irq_raise();
404
405 /* TODO: disallow sending sync commands from syswq altogether */
406
407 /* Since the commands are now processed in the syswq, we cannot suspend
408 * and wait. We have to send the command from the current context.
409 */
410 if (k_current_get() == &k_sys_work_q.thread) {
411 /* drain the command queue until we get to send the command of interest. */
412 struct net_buf *cmd = NULL;
413
414 do {
415 cmd = k_fifo_peek_head(&bt_dev.cmd_tx_queue);
416 LOG_DBG("process cmd %p want %p", cmd, buf);
417
418 /* Wait for a response from the Bluetooth Controller.
419 * The Controller may fail to respond if:
420 * - It was never programmed or connected.
421 * - There was a fatal error.
422 *
423 * See the `BT_HCI_OP_` macros in hci_types.h or
424 * Core_v5.4, Vol 4, Part E, Section 5.4.1 and Section 7
425 * to map the opcode to the HCI command documentation.
426 * Example: 0x0c03 represents HCI_Reset command.
427 */
428 __maybe_unused bool success = process_pending_cmd(HCI_CMD_TIMEOUT);
429
430 BT_ASSERT_MSG(success, "command opcode 0x%04x timeout", opcode);
431 } while (buf != cmd);
432 }
433
434 /* Now that we have sent the command, suspend until the LL replies */
435 err = k_sem_take(&sync_sem, HCI_CMD_TIMEOUT);
436 BT_ASSERT_MSG(err == 0,
437 "Controller unresponsive, command opcode 0x%04x timeout with err %d",
438 opcode, err);
439
440 status = cmd(buf)->status;
441 if (status) {
442 LOG_WRN("opcode 0x%04x status 0x%02x %s", opcode,
443 status, bt_hci_err_to_str(status));
444 net_buf_unref(buf);
445
446 switch (status) {
447 case BT_HCI_ERR_CONN_LIMIT_EXCEEDED:
448 return -ECONNREFUSED;
449 case BT_HCI_ERR_INSUFFICIENT_RESOURCES:
450 return -ENOMEM;
451 case BT_HCI_ERR_INVALID_PARAM:
452 return -EINVAL;
453 case BT_HCI_ERR_CMD_DISALLOWED:
454 return -EACCES;
455 default:
456 return -EIO;
457 }
458 }
459
460 LOG_DBG("rsp %p opcode 0x%04x len %u", buf, opcode, buf->len);
461
462 if (rsp) {
463 *rsp = buf;
464 } else {
465 net_buf_unref(buf);
466 }
467
468 return 0;
469 }
470
bt_hci_le_rand(void * buffer,size_t len)471 int bt_hci_le_rand(void *buffer, size_t len)
472 {
473 struct bt_hci_rp_le_rand *rp;
474 struct net_buf *rsp;
475 size_t count;
476 int err;
477
478 /* Check first that HCI_LE_Rand is supported */
479 if (!BT_CMD_TEST(bt_dev.supported_commands, 27, 7)) {
480 return -ENOTSUP;
481 }
482
483 while (len > 0) {
484 /* Number of bytes to fill on this iteration */
485 count = MIN(len, sizeof(rp->rand));
486 /* Request the next 8 bytes over HCI */
487 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_RAND, NULL, &rsp);
488 if (err) {
489 return err;
490 }
491 /* Copy random data into buffer */
492 rp = (void *)rsp->data;
493 memcpy(buffer, rp->rand, count);
494
495 net_buf_unref(rsp);
496 buffer = (uint8_t *)buffer + count;
497 len -= count;
498 }
499
500 return 0;
501 }
502
bt_hci_le_read_max_data_len(uint16_t * tx_octets,uint16_t * tx_time)503 int bt_hci_le_read_max_data_len(uint16_t *tx_octets, uint16_t *tx_time)
504 {
505 struct bt_hci_rp_le_read_max_data_len *rp;
506 struct net_buf *rsp;
507 int err;
508
509 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_MAX_DATA_LEN, NULL, &rsp);
510 if (err) {
511 LOG_ERR("Failed to read DLE max data len");
512 return err;
513 }
514
515 rp = (void *)rsp->data;
516 *tx_octets = sys_le16_to_cpu(rp->max_tx_octets);
517 *tx_time = sys_le16_to_cpu(rp->max_tx_time);
518 net_buf_unref(rsp);
519
520 if (!IN_RANGE(*tx_octets, BT_HCI_LE_MAX_TX_OCTETS_MIN, BT_HCI_LE_MAX_TX_OCTETS_MAX)) {
521 LOG_WRN("tx_octets exceeds the valid range %u", *tx_octets);
522 }
523 if (!IN_RANGE(*tx_time, BT_HCI_LE_MAX_TX_TIME_MIN, BT_HCI_LE_MAX_TX_TIME_MAX)) {
524 LOG_WRN("tx_time exceeds the valid range %u", *tx_time);
525 }
526
527 return 0;
528 }
529
bt_get_phy(uint8_t hci_phy)530 uint8_t bt_get_phy(uint8_t hci_phy)
531 {
532 switch (hci_phy) {
533 case BT_HCI_LE_PHY_1M:
534 return BT_GAP_LE_PHY_1M;
535 case BT_HCI_LE_PHY_2M:
536 return BT_GAP_LE_PHY_2M;
537 case BT_HCI_LE_PHY_CODED:
538 return BT_GAP_LE_PHY_CODED;
539 default:
540 return 0;
541 }
542 }
543
bt_get_df_cte_type(uint8_t hci_cte_type)544 int bt_get_df_cte_type(uint8_t hci_cte_type)
545 {
546 switch (hci_cte_type) {
547 case BT_HCI_LE_AOA_CTE:
548 return BT_DF_CTE_TYPE_AOA;
549 case BT_HCI_LE_AOD_CTE_1US:
550 return BT_DF_CTE_TYPE_AOD_1US;
551 case BT_HCI_LE_AOD_CTE_2US:
552 return BT_DF_CTE_TYPE_AOD_2US;
553 case BT_HCI_LE_NO_CTE:
554 return BT_DF_CTE_TYPE_NONE;
555 default:
556 return BT_DF_CTE_TYPE_NONE;
557 }
558 }
559
560 #if defined(CONFIG_BT_CONN_TX)
hci_num_completed_packets(struct net_buf * buf)561 static void hci_num_completed_packets(struct net_buf *buf)
562 {
563 struct bt_hci_evt_num_completed_packets *evt = (void *)buf->data;
564 int i;
565
566 if (sizeof(*evt) + sizeof(evt->h[0]) * evt->num_handles > buf->len) {
567 LOG_ERR("evt num_handles (=%u) too large (%u > %u)",
568 evt->num_handles,
569 sizeof(*evt) + sizeof(evt->h[0]) * evt->num_handles,
570 buf->len);
571 return;
572 }
573
574 LOG_DBG("num_handles %u", evt->num_handles);
575
576 for (i = 0; i < evt->num_handles; i++) {
577 uint16_t handle, count;
578 struct bt_conn *conn;
579
580 handle = sys_le16_to_cpu(evt->h[i].handle);
581 count = sys_le16_to_cpu(evt->h[i].count);
582
583 LOG_DBG("handle %u count %u", handle, count);
584
585 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
586 if (!conn) {
587 LOG_ERR("No connection for handle %u", handle);
588 continue;
589 }
590
591 while (count--) {
592 sys_snode_t *node;
593
594 k_sem_give(bt_conn_get_pkts(conn));
595
596 /* move the next TX context from the `pending` list to
597 * the `complete` list.
598 */
599 node = sys_slist_get(&conn->tx_pending);
600
601 if (!node) {
602 LOG_ERR("packets count mismatch");
603 __ASSERT_NO_MSG(0);
604 break;
605 }
606
607 sys_slist_append(&conn->tx_complete, node);
608
609 /* align the `pending` value */
610 __ASSERT_NO_MSG(atomic_get(&conn->in_ll));
611 atomic_dec(&conn->in_ll);
612
613 /* TX context free + callback happens in there */
614 bt_conn_tx_notify(conn, false);
615 }
616
617 bt_conn_unref(conn);
618 }
619 }
620 #endif /* CONFIG_BT_CONN_TX */
621
622 #if defined(CONFIG_BT_CONN)
hci_acl(struct net_buf * buf)623 static void hci_acl(struct net_buf *buf)
624 {
625 struct bt_hci_acl_hdr *hdr;
626 uint16_t handle, len;
627 struct bt_conn *conn;
628 uint8_t flags;
629
630 LOG_DBG("buf %p", buf);
631 if (buf->len < sizeof(*hdr)) {
632 LOG_ERR("Invalid HCI ACL packet size (%u)", buf->len);
633 net_buf_unref(buf);
634 return;
635 }
636
637 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
638 len = sys_le16_to_cpu(hdr->len);
639 handle = sys_le16_to_cpu(hdr->handle);
640 flags = bt_acl_flags(handle);
641
642 acl(buf)->handle = bt_acl_handle(handle);
643 acl(buf)->index = BT_CONN_INDEX_INVALID;
644
645 LOG_DBG("handle %u len %u flags %u", acl(buf)->handle, len, flags);
646
647 if (buf->len != len) {
648 LOG_ERR("ACL data length mismatch (%u != %u)", buf->len, len);
649 net_buf_unref(buf);
650 return;
651 }
652
653 conn = bt_conn_lookup_handle(acl(buf)->handle, BT_CONN_TYPE_ALL);
654 if (!conn) {
655 LOG_ERR("Unable to find conn for handle %u", acl(buf)->handle);
656 net_buf_unref(buf);
657 return;
658 }
659
660 acl(buf)->index = bt_conn_index(conn);
661
662 bt_conn_recv(conn, buf, flags);
663 bt_conn_unref(conn);
664 }
665
hci_data_buf_overflow(struct net_buf * buf)666 static void hci_data_buf_overflow(struct net_buf *buf)
667 {
668 struct bt_hci_evt_data_buf_overflow *evt = (void *)buf->data;
669
670 LOG_WRN("Data buffer overflow (link type 0x%02x)", evt->link_type);
671 }
672
673 #if defined(CONFIG_BT_CENTRAL)
set_phy_conn_param(const struct bt_conn * conn,struct bt_hci_ext_conn_phy * phy)674 static void set_phy_conn_param(const struct bt_conn *conn,
675 struct bt_hci_ext_conn_phy *phy)
676 {
677 phy->conn_interval_min = sys_cpu_to_le16(conn->le.interval_min);
678 phy->conn_interval_max = sys_cpu_to_le16(conn->le.interval_max);
679 phy->conn_latency = sys_cpu_to_le16(conn->le.latency);
680 phy->supervision_timeout = sys_cpu_to_le16(conn->le.timeout);
681
682 phy->min_ce_len = 0;
683 phy->max_ce_len = 0;
684 }
685
bt_le_create_conn_ext(const struct bt_conn * conn)686 int bt_le_create_conn_ext(const struct bt_conn *conn)
687 {
688 struct bt_hci_cp_le_ext_create_conn *cp;
689 struct bt_hci_ext_conn_phy *phy;
690 struct bt_hci_cmd_state_set state;
691 bool use_filter = false;
692 struct net_buf *buf;
693 uint8_t own_addr_type;
694 uint8_t num_phys;
695 int err;
696
697 if (IS_ENABLED(CONFIG_BT_FILTER_ACCEPT_LIST)) {
698 use_filter = atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT);
699 }
700
701 err = bt_id_set_create_conn_own_addr(use_filter, &own_addr_type);
702 if (err) {
703 return err;
704 }
705
706 num_phys = (!(bt_dev.create_param.options &
707 BT_CONN_LE_OPT_NO_1M) ? 1 : 0) +
708 ((bt_dev.create_param.options &
709 BT_CONN_LE_OPT_CODED) ? 1 : 0);
710
711 buf = bt_hci_cmd_create(BT_HCI_OP_LE_EXT_CREATE_CONN, sizeof(*cp) +
712 num_phys * sizeof(*phy));
713 if (!buf) {
714 return -ENOBUFS;
715 }
716
717 cp = net_buf_add(buf, sizeof(*cp));
718 (void)memset(cp, 0, sizeof(*cp));
719
720 if (use_filter) {
721 /* User Initiated procedure use fast scan parameters. */
722 bt_addr_le_copy(&cp->peer_addr, BT_ADDR_LE_ANY);
723 cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_FILTER;
724 } else {
725 const bt_addr_le_t *peer_addr = &conn->le.dst;
726
727 #if defined(CONFIG_BT_SMP)
728 if (bt_dev.le.rl_entries > bt_dev.le.rl_size) {
729 /* Host resolving is used, use the RPA directly. */
730 peer_addr = &conn->le.resp_addr;
731 }
732 #endif
733 bt_addr_le_copy(&cp->peer_addr, peer_addr);
734 cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_NO_FILTER;
735 }
736
737 cp->own_addr_type = own_addr_type;
738 cp->phys = 0;
739
740 if (!(bt_dev.create_param.options & BT_CONN_LE_OPT_NO_1M)) {
741 cp->phys |= BT_HCI_LE_EXT_SCAN_PHY_1M;
742 phy = net_buf_add(buf, sizeof(*phy));
743 phy->scan_interval = sys_cpu_to_le16(
744 bt_dev.create_param.interval);
745 phy->scan_window = sys_cpu_to_le16(
746 bt_dev.create_param.window);
747 set_phy_conn_param(conn, phy);
748 }
749
750 if (bt_dev.create_param.options & BT_CONN_LE_OPT_CODED) {
751 cp->phys |= BT_HCI_LE_EXT_SCAN_PHY_CODED;
752 phy = net_buf_add(buf, sizeof(*phy));
753 phy->scan_interval = sys_cpu_to_le16(
754 bt_dev.create_param.interval_coded);
755 phy->scan_window = sys_cpu_to_le16(
756 bt_dev.create_param.window_coded);
757 set_phy_conn_param(conn, phy);
758 }
759
760 bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags,
761 BT_DEV_INITIATING, true);
762
763 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_EXT_CREATE_CONN, buf, NULL);
764 }
765
bt_le_create_conn_synced(const struct bt_conn * conn,const struct bt_le_ext_adv * adv,uint8_t subevent)766 int bt_le_create_conn_synced(const struct bt_conn *conn, const struct bt_le_ext_adv *adv,
767 uint8_t subevent)
768 {
769 struct bt_hci_cp_le_ext_create_conn_v2 *cp;
770 struct bt_hci_ext_conn_phy *phy;
771 struct bt_hci_cmd_state_set state;
772 struct net_buf *buf;
773 uint8_t own_addr_type;
774 int err;
775
776 err = bt_id_set_create_conn_own_addr(false, &own_addr_type);
777 if (err) {
778 return err;
779 }
780
781 /* There shall only be one Initiating_PHYs */
782 buf = bt_hci_cmd_create(BT_HCI_OP_LE_EXT_CREATE_CONN_V2, sizeof(*cp) + sizeof(*phy));
783 if (!buf) {
784 return -ENOBUFS;
785 }
786
787 cp = net_buf_add(buf, sizeof(*cp));
788 (void)memset(cp, 0, sizeof(*cp));
789
790 cp->subevent = subevent;
791 cp->adv_handle = adv->handle;
792 bt_addr_le_copy(&cp->peer_addr, &conn->le.dst);
793 cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_NO_FILTER;
794 cp->own_addr_type = own_addr_type;
795
796 /* The Initiating_PHY is the secondary phy of the corresponding ext adv set */
797 if (adv->options & BT_LE_ADV_OPT_CODED) {
798 cp->phys = BT_HCI_LE_EXT_SCAN_PHY_CODED;
799 } else if (adv->options & BT_LE_ADV_OPT_NO_2M) {
800 cp->phys = BT_HCI_LE_EXT_SCAN_PHY_1M;
801 } else {
802 cp->phys = BT_HCI_LE_EXT_SCAN_PHY_2M;
803 }
804
805 phy = net_buf_add(buf, sizeof(*phy));
806 (void)memset(phy, 0, sizeof(*phy));
807 set_phy_conn_param(conn, phy);
808
809 bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags, BT_DEV_INITIATING, true);
810
811 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_EXT_CREATE_CONN_V2, buf, NULL);
812 }
813
bt_le_create_conn_legacy(const struct bt_conn * conn)814 static int bt_le_create_conn_legacy(const struct bt_conn *conn)
815 {
816 struct bt_hci_cp_le_create_conn *cp;
817 struct bt_hci_cmd_state_set state;
818 bool use_filter = false;
819 struct net_buf *buf;
820 uint8_t own_addr_type;
821 int err;
822
823 if (IS_ENABLED(CONFIG_BT_FILTER_ACCEPT_LIST)) {
824 use_filter = atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT);
825 }
826
827 err = bt_id_set_create_conn_own_addr(use_filter, &own_addr_type);
828 if (err) {
829 return err;
830 }
831
832 buf = bt_hci_cmd_create(BT_HCI_OP_LE_CREATE_CONN, sizeof(*cp));
833 if (!buf) {
834 return -ENOBUFS;
835 }
836
837 cp = net_buf_add(buf, sizeof(*cp));
838 memset(cp, 0, sizeof(*cp));
839 cp->own_addr_type = own_addr_type;
840
841 if (use_filter) {
842 /* User Initiated procedure use fast scan parameters. */
843 bt_addr_le_copy(&cp->peer_addr, BT_ADDR_LE_ANY);
844 cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_FILTER;
845 } else {
846 const bt_addr_le_t *peer_addr = &conn->le.dst;
847
848 #if defined(CONFIG_BT_SMP)
849 if (bt_dev.le.rl_entries > bt_dev.le.rl_size) {
850 /* Host resolving is used, use the RPA directly. */
851 peer_addr = &conn->le.resp_addr;
852 }
853 #endif
854 bt_addr_le_copy(&cp->peer_addr, peer_addr);
855 cp->filter_policy = BT_HCI_LE_CREATE_CONN_FP_NO_FILTER;
856 }
857
858 cp->scan_interval = sys_cpu_to_le16(bt_dev.create_param.interval);
859 cp->scan_window = sys_cpu_to_le16(bt_dev.create_param.window);
860
861 cp->conn_interval_min = sys_cpu_to_le16(conn->le.interval_min);
862 cp->conn_interval_max = sys_cpu_to_le16(conn->le.interval_max);
863 cp->conn_latency = sys_cpu_to_le16(conn->le.latency);
864 cp->supervision_timeout = sys_cpu_to_le16(conn->le.timeout);
865
866 bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags,
867 BT_DEV_INITIATING, true);
868
869 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_CREATE_CONN, buf, NULL);
870 }
871
bt_le_create_conn(const struct bt_conn * conn)872 int bt_le_create_conn(const struct bt_conn *conn)
873 {
874 if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
875 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
876 return bt_le_create_conn_ext(conn);
877 }
878
879 return bt_le_create_conn_legacy(conn);
880 }
881
bt_le_create_conn_cancel(void)882 int bt_le_create_conn_cancel(void)
883 {
884 struct net_buf *buf;
885 struct bt_hci_cmd_state_set state;
886
887 buf = bt_hci_cmd_create(BT_HCI_OP_LE_CREATE_CONN_CANCEL, 0);
888
889 bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags,
890 BT_DEV_INITIATING, false);
891
892 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_CREATE_CONN_CANCEL, buf, NULL);
893 }
894 #endif /* CONFIG_BT_CENTRAL */
895
bt_hci_disconnect(uint16_t handle,uint8_t reason)896 int bt_hci_disconnect(uint16_t handle, uint8_t reason)
897 {
898 struct net_buf *buf;
899 struct bt_hci_cp_disconnect *disconn;
900
901 buf = bt_hci_cmd_create(BT_HCI_OP_DISCONNECT, sizeof(*disconn));
902 if (!buf) {
903 return -ENOBUFS;
904 }
905
906 disconn = net_buf_add(buf, sizeof(*disconn));
907 disconn->handle = sys_cpu_to_le16(handle);
908 disconn->reason = reason;
909
910 return bt_hci_cmd_send_sync(BT_HCI_OP_DISCONNECT, buf, NULL);
911 }
912
913 static uint16_t disconnected_handles[CONFIG_BT_MAX_CONN];
914 static uint8_t disconnected_handles_reason[CONFIG_BT_MAX_CONN];
915
disconnected_handles_reset(void)916 static void disconnected_handles_reset(void)
917 {
918 (void)memset(disconnected_handles, 0, sizeof(disconnected_handles));
919 }
920
conn_handle_disconnected(uint16_t handle,uint8_t disconnect_reason)921 static void conn_handle_disconnected(uint16_t handle, uint8_t disconnect_reason)
922 {
923 for (int i = 0; i < ARRAY_SIZE(disconnected_handles); i++) {
924 if (!disconnected_handles[i]) {
925 /* Use invalid connection handle bits so that connection
926 * handle 0 can be used as a valid non-zero handle.
927 */
928 disconnected_handles[i] = ~BT_ACL_HANDLE_MASK | handle;
929 disconnected_handles_reason[i] = disconnect_reason;
930
931 return;
932 }
933 }
934 }
935
936 /** @returns the disconnect reason. */
conn_handle_is_disconnected(uint16_t handle)937 static uint8_t conn_handle_is_disconnected(uint16_t handle)
938 {
939 handle |= ~BT_ACL_HANDLE_MASK;
940
941 for (int i = 0; i < ARRAY_SIZE(disconnected_handles); i++) {
942 if (disconnected_handles[i] == handle) {
943 disconnected_handles[i] = 0;
944 return disconnected_handles_reason[i];
945 }
946 }
947
948 return 0;
949 }
950
hci_disconn_complete_prio(struct net_buf * buf)951 static void hci_disconn_complete_prio(struct net_buf *buf)
952 {
953 struct bt_hci_evt_disconn_complete *evt = (void *)buf->data;
954 uint16_t handle = sys_le16_to_cpu(evt->handle);
955 struct bt_conn *conn;
956
957 LOG_DBG("status 0x%02x %s handle %u reason 0x%02x",
958 evt->status, bt_hci_err_to_str(evt->status), handle, evt->reason);
959
960 if (evt->status) {
961 return;
962 }
963
964 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
965 if (!conn) {
966 /* Priority disconnect complete event received before normal
967 * connection complete event.
968 */
969 conn_handle_disconnected(handle, evt->reason);
970 return;
971 }
972
973 conn->err = evt->reason;
974
975 bt_conn_set_state(conn, BT_CONN_DISCONNECT_COMPLETE);
976 bt_conn_unref(conn);
977 }
978
hci_disconn_complete(struct net_buf * buf)979 static void hci_disconn_complete(struct net_buf *buf)
980 {
981 struct bt_hci_evt_disconn_complete *evt = (void *)buf->data;
982 uint16_t handle = sys_le16_to_cpu(evt->handle);
983 struct bt_conn *conn;
984
985 LOG_DBG("status 0x%02x %s handle %u reason 0x%02x",
986 evt->status, bt_hci_err_to_str(evt->status), handle, evt->reason);
987
988 if (evt->status) {
989 return;
990 }
991
992 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
993 if (!conn) {
994 LOG_ERR("Unable to look up conn with handle %u", handle);
995 return;
996 }
997
998 bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
999
1000 if (conn->type != BT_CONN_TYPE_LE) {
1001 #if defined(CONFIG_BT_CLASSIC)
1002 if (conn->type == BT_CONN_TYPE_SCO) {
1003 bt_sco_cleanup(conn);
1004 return;
1005 }
1006 /*
1007 * If only for one connection session bond was set, clear keys
1008 * database row for this connection.
1009 */
1010 if (conn->type == BT_CONN_TYPE_BR &&
1011 atomic_test_and_clear_bit(conn->flags, BT_CONN_BR_NOBOND)) {
1012 bt_keys_link_key_clear(conn->br.link_key);
1013 }
1014 #endif
1015 bt_conn_unref(conn);
1016 return;
1017 }
1018
1019 #if defined(CONFIG_BT_CENTRAL) && !defined(CONFIG_BT_FILTER_ACCEPT_LIST)
1020 if (atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT)) {
1021 bt_conn_set_state(conn, BT_CONN_SCAN_BEFORE_INITIATING);
1022 /* Just a best-effort check if the scanner should be started. */
1023 int err = bt_le_scan_user_remove(BT_LE_SCAN_USER_NONE);
1024
1025 if (err) {
1026 LOG_WRN("Error while updating the scanner (%d)", err);
1027 }
1028 }
1029 #endif /* defined(CONFIG_BT_CENTRAL) && !defined(CONFIG_BT_FILTER_ACCEPT_LIST) */
1030
1031 bt_conn_unref(conn);
1032 }
1033
bt_hci_le_read_remote_features(struct bt_conn * conn)1034 int bt_hci_le_read_remote_features(struct bt_conn *conn)
1035 {
1036 struct bt_hci_cp_le_read_remote_features *cp;
1037 struct net_buf *buf;
1038
1039 buf = bt_hci_cmd_create(BT_HCI_OP_LE_READ_REMOTE_FEATURES,
1040 sizeof(*cp));
1041 if (!buf) {
1042 return -ENOBUFS;
1043 }
1044
1045 cp = net_buf_add(buf, sizeof(*cp));
1046 cp->handle = sys_cpu_to_le16(conn->handle);
1047 /* Results in BT_HCI_EVT_LE_REMOTE_FEAT_COMPLETE */
1048 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_REMOTE_FEATURES, buf, NULL);
1049 }
1050
bt_hci_read_remote_version(struct bt_conn * conn)1051 int bt_hci_read_remote_version(struct bt_conn *conn)
1052 {
1053 struct bt_hci_cp_read_remote_version_info *cp;
1054 struct net_buf *buf;
1055
1056 if (conn->state != BT_CONN_CONNECTED) {
1057 return -ENOTCONN;
1058 }
1059
1060 /* Remote version cannot change. */
1061 if (atomic_test_bit(conn->flags, BT_CONN_AUTO_VERSION_INFO)) {
1062 return 0;
1063 }
1064
1065 buf = bt_hci_cmd_create(BT_HCI_OP_READ_REMOTE_VERSION_INFO,
1066 sizeof(*cp));
1067 if (!buf) {
1068 return -ENOBUFS;
1069 }
1070
1071 cp = net_buf_add(buf, sizeof(*cp));
1072 cp->handle = sys_cpu_to_le16(conn->handle);
1073
1074 return bt_hci_cmd_send_sync(BT_HCI_OP_READ_REMOTE_VERSION_INFO, buf,
1075 NULL);
1076 }
1077
1078 /* LE Data Length Change Event is optional so this function just ignore
1079 * error and stack will continue to use default values.
1080 */
bt_le_set_data_len(struct bt_conn * conn,uint16_t tx_octets,uint16_t tx_time)1081 int bt_le_set_data_len(struct bt_conn *conn, uint16_t tx_octets, uint16_t tx_time)
1082 {
1083 struct bt_hci_cp_le_set_data_len *cp;
1084 struct net_buf *buf;
1085
1086 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_DATA_LEN, sizeof(*cp));
1087 if (!buf) {
1088 return -ENOBUFS;
1089 }
1090
1091 cp = net_buf_add(buf, sizeof(*cp));
1092 cp->handle = sys_cpu_to_le16(conn->handle);
1093 cp->tx_octets = sys_cpu_to_le16(tx_octets);
1094 cp->tx_time = sys_cpu_to_le16(tx_time);
1095
1096 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_DATA_LEN, buf, NULL);
1097 }
1098
1099 #if defined(CONFIG_BT_USER_PHY_UPDATE)
hci_le_read_phy(struct bt_conn * conn)1100 static int hci_le_read_phy(struct bt_conn *conn)
1101 {
1102 struct bt_hci_cp_le_read_phy *cp;
1103 struct bt_hci_rp_le_read_phy *rp;
1104 struct net_buf *buf, *rsp;
1105 int err;
1106
1107 buf = bt_hci_cmd_create(BT_HCI_OP_LE_READ_PHY, sizeof(*cp));
1108 if (!buf) {
1109 return -ENOBUFS;
1110 }
1111
1112 cp = net_buf_add(buf, sizeof(*cp));
1113 cp->handle = sys_cpu_to_le16(conn->handle);
1114
1115 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_PHY, buf, &rsp);
1116 if (err) {
1117 return err;
1118 }
1119
1120 rp = (void *)rsp->data;
1121 conn->le.phy.tx_phy = bt_get_phy(rp->tx_phy);
1122 conn->le.phy.rx_phy = bt_get_phy(rp->rx_phy);
1123 net_buf_unref(rsp);
1124
1125 return 0;
1126 }
1127 #endif /* defined(CONFIG_BT_USER_PHY_UPDATE) */
1128
bt_le_set_phy(struct bt_conn * conn,uint8_t all_phys,uint8_t pref_tx_phy,uint8_t pref_rx_phy,uint8_t phy_opts)1129 int bt_le_set_phy(struct bt_conn *conn, uint8_t all_phys,
1130 uint8_t pref_tx_phy, uint8_t pref_rx_phy, uint8_t phy_opts)
1131 {
1132 struct bt_hci_cp_le_set_phy *cp;
1133 struct net_buf *buf;
1134
1135 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_PHY, sizeof(*cp));
1136 if (!buf) {
1137 return -ENOBUFS;
1138 }
1139
1140 cp = net_buf_add(buf, sizeof(*cp));
1141 cp->handle = sys_cpu_to_le16(conn->handle);
1142 cp->all_phys = all_phys;
1143 cp->tx_phys = pref_tx_phy;
1144 cp->rx_phys = pref_rx_phy;
1145 cp->phy_opts = phy_opts;
1146
1147 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_PHY, buf, NULL);
1148 }
1149
find_pending_connect(uint8_t role,bt_addr_le_t * peer_addr)1150 static struct bt_conn *find_pending_connect(uint8_t role, bt_addr_le_t *peer_addr)
1151 {
1152 struct bt_conn *conn;
1153
1154 /*
1155 * Make lookup to check if there's a connection object in
1156 * CONNECT or CONNECT_AUTO state associated with passed peer LE address.
1157 */
1158 if (IS_ENABLED(CONFIG_BT_CENTRAL) && role == BT_HCI_ROLE_CENTRAL) {
1159 conn = bt_conn_lookup_state_le(BT_ID_DEFAULT, peer_addr,
1160 BT_CONN_INITIATING);
1161 if (IS_ENABLED(CONFIG_BT_FILTER_ACCEPT_LIST) && !conn) {
1162 conn = bt_conn_lookup_state_le(BT_ID_DEFAULT,
1163 BT_ADDR_LE_NONE,
1164 BT_CONN_INITIATING_FILTER_LIST);
1165 }
1166
1167 return conn;
1168 }
1169
1170 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) && role == BT_HCI_ROLE_PERIPHERAL) {
1171 conn = bt_conn_lookup_state_le(bt_dev.adv_conn_id, peer_addr,
1172 BT_CONN_ADV_DIR_CONNECTABLE);
1173 if (!conn) {
1174 conn = bt_conn_lookup_state_le(bt_dev.adv_conn_id,
1175 BT_ADDR_LE_NONE,
1176 BT_CONN_ADV_CONNECTABLE);
1177 }
1178
1179 return conn;
1180 }
1181
1182 return NULL;
1183 }
1184
le_conn_complete_cancel(uint8_t err)1185 static void le_conn_complete_cancel(uint8_t err)
1186 {
1187 int ret;
1188 struct bt_conn *conn;
1189
1190 /* Handle create connection cancel.
1191 *
1192 * There is no need to check ID address as only one
1193 * connection in central role can be in pending state.
1194 */
1195 conn = find_pending_connect(BT_HCI_ROLE_CENTRAL, NULL);
1196 if (!conn) {
1197 LOG_ERR("No pending central connection");
1198 return;
1199 }
1200
1201 if (atomic_test_bit(conn->flags, BT_CONN_AUTO_CONNECT)) {
1202 if (!IS_ENABLED(CONFIG_BT_FILTER_ACCEPT_LIST)) {
1203 /* Restart passive scanner for device */
1204 bt_conn_set_state(conn, BT_CONN_SCAN_BEFORE_INITIATING);
1205 } else {
1206 /* Restart FAL initiator after RPA timeout. */
1207 ret = bt_le_create_conn(conn);
1208 if (ret) {
1209 LOG_ERR("Failed to restart initiator");
1210 }
1211 }
1212 } else {
1213 int busy_status = k_work_delayable_busy_get(&conn->deferred_work);
1214
1215 if (!(busy_status & (K_WORK_QUEUED | K_WORK_DELAYED))) {
1216 LOG_WRN("Connection creation timeout triggered");
1217 conn->err = err;
1218 bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
1219 } else {
1220 /* Restart initiator after RPA timeout. */
1221 ret = bt_le_create_conn(conn);
1222 if (ret) {
1223 LOG_ERR("Failed to restart initiator");
1224 }
1225 }
1226 }
1227
1228 bt_conn_unref(conn);
1229 }
1230
le_conn_complete_adv_timeout(void)1231 static void le_conn_complete_adv_timeout(void)
1232 {
1233 if (!(IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1234 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
1235 struct bt_le_ext_adv *adv = bt_le_adv_lookup_legacy();
1236 struct bt_conn *conn;
1237
1238 /* Handle advertising timeout after high duty cycle directed
1239 * advertising.
1240 */
1241
1242 atomic_clear_bit(adv->flags, BT_ADV_ENABLED);
1243
1244 if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1245 !BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
1246 /* No advertising set terminated event, must be a
1247 * legacy advertiser set.
1248 */
1249 bt_le_adv_delete_legacy();
1250 }
1251
1252 /* There is no need to check ID address as only one
1253 * connection in peripheral role can be in pending state.
1254 */
1255 conn = find_pending_connect(BT_HCI_ROLE_PERIPHERAL, NULL);
1256 if (!conn) {
1257 LOG_ERR("No pending peripheral connection");
1258 return;
1259 }
1260
1261 conn->err = BT_HCI_ERR_ADV_TIMEOUT;
1262 bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
1263
1264 bt_conn_unref(conn);
1265 }
1266 }
1267
enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete * evt)1268 static void enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete *evt)
1269 {
1270 #if defined(CONFIG_BT_CONN) && (CONFIG_BT_EXT_ADV_MAX_ADV_SET > 1)
1271 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
1272 evt->role == BT_HCI_ROLE_PERIPHERAL &&
1273 evt->status == BT_HCI_ERR_SUCCESS &&
1274 (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1275 BT_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
1276
1277 /* Cache the connection complete event. Process it later.
1278 * See bt_dev.cached_conn_complete.
1279 */
1280 for (int i = 0; i < ARRAY_SIZE(bt_dev.cached_conn_complete); i++) {
1281 if (!bt_dev.cached_conn_complete[i].valid) {
1282 (void)memcpy(&bt_dev.cached_conn_complete[i].evt,
1283 evt,
1284 sizeof(struct bt_hci_evt_le_enh_conn_complete));
1285 bt_dev.cached_conn_complete[i].valid = true;
1286 return;
1287 }
1288 }
1289
1290 __ASSERT(false, "No more cache entries available."
1291 "This should not happen by design");
1292
1293 return;
1294 }
1295 #endif
1296 bt_hci_le_enh_conn_complete(evt);
1297 }
1298
translate_addrs(bt_addr_le_t * peer_addr,bt_addr_le_t * id_addr,const struct bt_hci_evt_le_enh_conn_complete * evt,uint8_t id)1299 static void translate_addrs(bt_addr_le_t *peer_addr, bt_addr_le_t *id_addr,
1300 const struct bt_hci_evt_le_enh_conn_complete *evt, uint8_t id)
1301 {
1302 if (bt_addr_le_is_resolved(&evt->peer_addr)) {
1303 bt_addr_le_copy_resolved(id_addr, &evt->peer_addr);
1304
1305 bt_addr_copy(&peer_addr->a, &evt->peer_rpa);
1306 peer_addr->type = BT_ADDR_LE_RANDOM;
1307 } else {
1308 bt_addr_le_copy(id_addr, bt_lookup_id_addr(id, &evt->peer_addr));
1309 bt_addr_le_copy(peer_addr, &evt->peer_addr);
1310 }
1311 }
1312
update_conn(struct bt_conn * conn,const bt_addr_le_t * id_addr,const struct bt_hci_evt_le_enh_conn_complete * evt)1313 static void update_conn(struct bt_conn *conn, const bt_addr_le_t *id_addr,
1314 const struct bt_hci_evt_le_enh_conn_complete *evt)
1315 {
1316 conn->handle = sys_le16_to_cpu(evt->handle);
1317 bt_addr_le_copy(&conn->le.dst, id_addr);
1318 conn->le.interval = sys_le16_to_cpu(evt->interval);
1319 conn->le.latency = sys_le16_to_cpu(evt->latency);
1320 conn->le.timeout = sys_le16_to_cpu(evt->supv_timeout);
1321 conn->role = evt->role;
1322 conn->err = 0U;
1323
1324 #if defined(CONFIG_BT_USER_DATA_LEN_UPDATE)
1325 conn->le.data_len.tx_max_len = BT_GAP_DATA_LEN_DEFAULT;
1326 conn->le.data_len.tx_max_time = BT_GAP_DATA_TIME_DEFAULT;
1327 conn->le.data_len.rx_max_len = BT_GAP_DATA_LEN_DEFAULT;
1328 conn->le.data_len.rx_max_time = BT_GAP_DATA_TIME_DEFAULT;
1329 #endif
1330 #if defined(CONFIG_BT_SUBRATING)
1331 conn->le.subrate.factor = 1; /* No subrating. */
1332 conn->le.subrate.continuation_number = 0;
1333 #endif
1334 }
1335
bt_hci_le_enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete * evt)1336 void bt_hci_le_enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete *evt)
1337 {
1338 __ASSERT_NO_MSG(evt->status == BT_HCI_ERR_SUCCESS);
1339
1340 uint16_t handle = sys_le16_to_cpu(evt->handle);
1341 uint8_t disconnect_reason = conn_handle_is_disconnected(handle);
1342 bt_addr_le_t peer_addr, id_addr;
1343 struct bt_conn *conn;
1344 uint8_t id;
1345
1346 LOG_DBG("status 0x%02x %s handle %u role %u peer %s peer RPA %s",
1347 evt->status, bt_hci_err_to_str(evt->status), handle,
1348 evt->role, bt_addr_le_str(&evt->peer_addr), bt_addr_str(&evt->peer_rpa));
1349 LOG_DBG("local RPA %s", bt_addr_str(&evt->local_rpa));
1350
1351 #if defined(CONFIG_BT_SMP)
1352 bt_id_pending_keys_update();
1353 #endif
1354
1355 id = evt->role == BT_HCI_ROLE_PERIPHERAL ? bt_dev.adv_conn_id : BT_ID_DEFAULT;
1356 translate_addrs(&peer_addr, &id_addr, evt, id);
1357
1358 conn = find_pending_connect(evt->role, &id_addr);
1359
1360 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
1361 evt->role == BT_HCI_ROLE_PERIPHERAL &&
1362 !(IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1363 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
1364 struct bt_le_ext_adv *adv = bt_le_adv_lookup_legacy();
1365 /* Clear advertising even if we are not able to add connection
1366 * object to keep host in sync with controller state.
1367 */
1368 atomic_clear_bit(adv->flags, BT_ADV_ENABLED);
1369 (void)bt_le_lim_adv_cancel_timeout(adv);
1370 }
1371
1372 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
1373 evt->role == BT_HCI_ROLE_CENTRAL) {
1374 /* Clear initiating even if we are not able to add connection
1375 * object to keep the host in sync with controller state.
1376 */
1377 atomic_clear_bit(bt_dev.flags, BT_DEV_INITIATING);
1378 }
1379
1380 if (!conn) {
1381 LOG_ERR("No pending conn for peer %s", bt_addr_le_str(&evt->peer_addr));
1382 bt_hci_disconnect(handle, BT_HCI_ERR_REMOTE_USER_TERM_CONN);
1383 return;
1384 }
1385
1386 update_conn(conn, &id_addr, evt);
1387
1388 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1389 conn->le.phy.tx_phy = BT_GAP_LE_PHY_1M;
1390 conn->le.phy.rx_phy = BT_GAP_LE_PHY_1M;
1391 #endif
1392 /*
1393 * Use connection address (instead of identity address) as initiator
1394 * or responder address. Only peripheral needs to be updated. For central all
1395 * was set during outgoing connection creation.
1396 */
1397 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) &&
1398 conn->role == BT_HCI_ROLE_PERIPHERAL) {
1399 bt_addr_le_copy(&conn->le.init_addr, &peer_addr);
1400
1401 if (!(IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1402 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
1403 struct bt_le_ext_adv *adv = bt_le_adv_lookup_legacy();
1404
1405 if (IS_ENABLED(CONFIG_BT_PRIVACY) &&
1406 !atomic_test_bit(adv->flags, BT_ADV_USE_IDENTITY)) {
1407 conn->le.resp_addr.type = BT_ADDR_LE_RANDOM;
1408 if (!bt_addr_eq(&evt->local_rpa, BT_ADDR_ANY)) {
1409 bt_addr_copy(&conn->le.resp_addr.a,
1410 &evt->local_rpa);
1411 } else {
1412 bt_addr_copy(&conn->le.resp_addr.a,
1413 &bt_dev.random_addr.a);
1414 }
1415 } else {
1416 bt_addr_le_copy(&conn->le.resp_addr,
1417 &bt_dev.id_addr[conn->id]);
1418 }
1419 } else {
1420 /* Copy the local RPA and handle this in advertising set
1421 * terminated event.
1422 */
1423 bt_addr_copy(&conn->le.resp_addr.a, &evt->local_rpa);
1424 }
1425
1426 /* if the controller supports, lets advertise for another
1427 * peripheral connection.
1428 * check for connectable advertising state is sufficient as
1429 * this is how this le connection complete for peripheral occurred.
1430 */
1431 if (BT_LE_STATES_PER_CONN_ADV(bt_dev.le.states)) {
1432 bt_le_adv_resume();
1433 }
1434
1435 if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1436 !BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
1437 struct bt_le_ext_adv *adv = bt_le_adv_lookup_legacy();
1438 /* No advertising set terminated event, must be a
1439 * legacy advertiser set.
1440 */
1441 if (!atomic_test_bit(adv->flags, BT_ADV_PERSIST)) {
1442 bt_le_adv_delete_legacy();
1443 }
1444 }
1445 }
1446
1447 if (IS_ENABLED(CONFIG_BT_CENTRAL) &&
1448 conn->role == BT_HCI_ROLE_CENTRAL) {
1449 bt_addr_le_copy(&conn->le.resp_addr, &peer_addr);
1450
1451 if (IS_ENABLED(CONFIG_BT_PRIVACY)) {
1452 conn->le.init_addr.type = BT_ADDR_LE_RANDOM;
1453 if (!bt_addr_eq(&evt->local_rpa, BT_ADDR_ANY)) {
1454 bt_addr_copy(&conn->le.init_addr.a,
1455 &evt->local_rpa);
1456 } else {
1457 bt_addr_copy(&conn->le.init_addr.a,
1458 &bt_dev.random_addr.a);
1459 }
1460 } else {
1461 bt_addr_le_copy(&conn->le.init_addr,
1462 &bt_dev.id_addr[conn->id]);
1463 }
1464 }
1465
1466 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1467 if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
1468 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
1469 int err;
1470
1471 err = hci_le_read_phy(conn);
1472 if (err) {
1473 LOG_WRN("Failed to read PHY (%d)", err);
1474 }
1475 }
1476 #endif /* defined(CONFIG_BT_USER_PHY_UPDATE) */
1477
1478 bt_conn_set_state(conn, BT_CONN_CONNECTED);
1479
1480 if (disconnect_reason) {
1481 /* Mark the connection as already disconnected before calling
1482 * the connected callback, so that the application cannot
1483 * start sending packets
1484 */
1485 conn->err = disconnect_reason;
1486 bt_conn_set_state(conn, BT_CONN_DISCONNECT_COMPLETE);
1487 }
1488
1489 bt_conn_connected(conn);
1490 bt_conn_unref(conn);
1491
1492 if (IS_ENABLED(CONFIG_BT_CENTRAL) && conn->role == BT_HCI_ROLE_CENTRAL) {
1493 int err;
1494
1495 /* Just a best-effort check if the scanner should be started. */
1496 err = bt_le_scan_user_remove(BT_LE_SCAN_USER_NONE);
1497 if (err) {
1498 LOG_WRN("Error while updating the scanner (%d)", err);
1499 }
1500 }
1501 }
1502
1503 #if defined(CONFIG_BT_PER_ADV_SYNC_RSP)
bt_hci_le_enh_conn_complete_sync(struct bt_hci_evt_le_enh_conn_complete_v2 * evt,struct bt_le_per_adv_sync * sync)1504 void bt_hci_le_enh_conn_complete_sync(struct bt_hci_evt_le_enh_conn_complete_v2 *evt,
1505 struct bt_le_per_adv_sync *sync)
1506 {
1507 __ASSERT_NO_MSG(evt->status == BT_HCI_ERR_SUCCESS);
1508
1509 uint16_t handle = sys_le16_to_cpu(evt->handle);
1510 uint8_t disconnect_reason = conn_handle_is_disconnected(handle);
1511 bt_addr_le_t peer_addr, id_addr;
1512 struct bt_conn *conn;
1513
1514 if (!sync->num_subevents) {
1515 LOG_ERR("Unexpected connection complete event");
1516
1517 return;
1518 }
1519
1520 conn = bt_conn_add_le(BT_ID_DEFAULT, BT_ADDR_LE_ANY);
1521 if (!conn) {
1522 LOG_ERR("Unable to allocate connection");
1523 /* Tell the controller to disconnect to keep it in sync with
1524 * the host state and avoid a "rogue" connection.
1525 */
1526 bt_hci_disconnect(handle, BT_HCI_ERR_REMOTE_USER_TERM_CONN);
1527
1528 return;
1529 }
1530
1531 LOG_DBG("status 0x%02x %s handle %u role %u peer %s peer RPA %s",
1532 evt->status, bt_hci_err_to_str(evt->status), handle,
1533 evt->role, bt_addr_le_str(&evt->peer_addr), bt_addr_str(&evt->peer_rpa));
1534 LOG_DBG("local RPA %s", bt_addr_str(&evt->local_rpa));
1535
1536 if (evt->role != BT_HCI_ROLE_PERIPHERAL) {
1537 LOG_ERR("PAwR sync always becomes peripheral");
1538
1539 return;
1540 }
1541
1542 #if defined(CONFIG_BT_SMP)
1543 bt_id_pending_keys_update();
1544 #endif
1545
1546 translate_addrs(&peer_addr, &id_addr, (const struct bt_hci_evt_le_enh_conn_complete *)evt,
1547 BT_ID_DEFAULT);
1548 update_conn(conn, &id_addr, (const struct bt_hci_evt_le_enh_conn_complete *)evt);
1549
1550 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1551 /* The connection is always initiated on the same phy as the PAwR advertiser */
1552 conn->le.phy.tx_phy = sync->phy;
1553 conn->le.phy.rx_phy = sync->phy;
1554 #endif
1555
1556 bt_addr_le_copy(&conn->le.init_addr, &peer_addr);
1557
1558 if (IS_ENABLED(CONFIG_BT_PRIVACY)) {
1559 conn->le.resp_addr.type = BT_ADDR_LE_RANDOM;
1560 bt_addr_copy(&conn->le.resp_addr.a, &evt->local_rpa);
1561 } else {
1562 bt_addr_le_copy(&conn->le.resp_addr, &bt_dev.id_addr[conn->id]);
1563 }
1564
1565 bt_conn_set_state(conn, BT_CONN_CONNECTED);
1566
1567 if (disconnect_reason) {
1568 /* Mark the connection as already disconnected before calling
1569 * the connected callback, so that the application cannot
1570 * start sending packets
1571 */
1572 conn->err = disconnect_reason;
1573 bt_conn_set_state(conn, BT_CONN_DISCONNECT_COMPLETE);
1574 }
1575
1576 bt_conn_connected(conn);
1577
1578 /* Since we don't give the application a reference to manage
1579 * for peripheral connections, we need to release this reference here.
1580 */
1581 bt_conn_unref(conn);
1582 }
1583 #endif /* CONFIG_BT_PER_ADV_SYNC_RSP */
1584
enh_conn_complete_error_handle(uint8_t status)1585 static void enh_conn_complete_error_handle(uint8_t status)
1586 {
1587 if (IS_ENABLED(CONFIG_BT_PERIPHERAL) && status == BT_HCI_ERR_ADV_TIMEOUT) {
1588 le_conn_complete_adv_timeout();
1589 return;
1590 }
1591
1592 if (IS_ENABLED(CONFIG_BT_CENTRAL) && status == BT_HCI_ERR_UNKNOWN_CONN_ID) {
1593 le_conn_complete_cancel(status);
1594 int err = bt_le_scan_user_remove(BT_LE_SCAN_USER_NONE);
1595
1596 if (err) {
1597 LOG_WRN("Error while updating the scanner (%d)", err);
1598 }
1599 return;
1600 }
1601
1602 if (IS_ENABLED(CONFIG_BT_CENTRAL) && IS_ENABLED(CONFIG_BT_PER_ADV_RSP) &&
1603 status == BT_HCI_ERR_CONN_FAIL_TO_ESTAB) {
1604 le_conn_complete_cancel(status);
1605
1606 atomic_clear_bit(bt_dev.flags, BT_DEV_INITIATING);
1607
1608 return;
1609 }
1610
1611 LOG_WRN("Unexpected status 0x%02x %s", status, bt_hci_err_to_str(status));
1612 }
1613
le_enh_conn_complete(struct net_buf * buf)1614 static void le_enh_conn_complete(struct net_buf *buf)
1615 {
1616 struct bt_hci_evt_le_enh_conn_complete *evt =
1617 (struct bt_hci_evt_le_enh_conn_complete *)buf->data;
1618
1619 if (evt->status != BT_HCI_ERR_SUCCESS) {
1620 enh_conn_complete_error_handle(evt->status);
1621 return;
1622 }
1623
1624 enh_conn_complete(evt);
1625 }
1626
1627 #if defined(CONFIG_BT_PER_ADV_RSP) || defined(CONFIG_BT_PER_ADV_SYNC_RSP)
le_enh_conn_complete_v2(struct net_buf * buf)1628 static void le_enh_conn_complete_v2(struct net_buf *buf)
1629 {
1630 struct bt_hci_evt_le_enh_conn_complete_v2 *evt =
1631 (struct bt_hci_evt_le_enh_conn_complete_v2 *)buf->data;
1632
1633 if (evt->status != BT_HCI_ERR_SUCCESS) {
1634 enh_conn_complete_error_handle(evt->status);
1635 return;
1636 }
1637
1638 if (evt->adv_handle == BT_HCI_ADV_HANDLE_INVALID &&
1639 evt->sync_handle == BT_HCI_SYNC_HANDLE_INVALID) {
1640 /* The connection was not created via PAwR, handle the event like v1 */
1641 enh_conn_complete((struct bt_hci_evt_le_enh_conn_complete *)evt);
1642 }
1643 #if defined(CONFIG_BT_PER_ADV_RSP)
1644 else if (evt->adv_handle != BT_HCI_ADV_HANDLE_INVALID &&
1645 evt->sync_handle == BT_HCI_SYNC_HANDLE_INVALID) {
1646 /* The connection was created via PAwR advertiser, it can be handled like v1 */
1647 enh_conn_complete((struct bt_hci_evt_le_enh_conn_complete *)evt);
1648 }
1649 #endif /* CONFIG_BT_PER_ADV_RSP */
1650 #if defined(CONFIG_BT_PER_ADV_SYNC_RSP)
1651 else if (evt->adv_handle == BT_HCI_ADV_HANDLE_INVALID &&
1652 evt->sync_handle != BT_HCI_SYNC_HANDLE_INVALID) {
1653 /* Created via PAwR sync, no adv set terminated event, needs separate handling */
1654 struct bt_le_per_adv_sync *sync;
1655
1656 sync = bt_hci_per_adv_sync_lookup_handle(evt->sync_handle);
1657 if (!sync) {
1658 LOG_ERR("Unknown sync handle %d", evt->sync_handle);
1659
1660 return;
1661 }
1662
1663 bt_hci_le_enh_conn_complete_sync(evt, sync);
1664 }
1665 #endif /* CONFIG_BT_PER_ADV_SYNC_RSP */
1666 else {
1667 LOG_ERR("Invalid connection complete event");
1668 }
1669 }
1670 #endif /* CONFIG_BT_PER_ADV_RSP || CONFIG_BT_PER_ADV_SYNC_RSP */
1671
le_legacy_conn_complete(struct net_buf * buf)1672 static void le_legacy_conn_complete(struct net_buf *buf)
1673 {
1674 struct bt_hci_evt_le_conn_complete *evt = (void *)buf->data;
1675 struct bt_hci_evt_le_enh_conn_complete enh;
1676
1677 if (evt->status != BT_HCI_ERR_SUCCESS) {
1678 enh_conn_complete_error_handle(evt->status);
1679 return;
1680 }
1681
1682 LOG_DBG("status 0x%02x %s role %u %s",
1683 evt->status, bt_hci_err_to_str(evt->status), evt->role,
1684 bt_addr_le_str(&evt->peer_addr));
1685
1686 enh.status = evt->status;
1687 enh.handle = evt->handle;
1688 enh.role = evt->role;
1689 enh.interval = evt->interval;
1690 enh.latency = evt->latency;
1691 enh.supv_timeout = evt->supv_timeout;
1692 enh.clock_accuracy = evt->clock_accuracy;
1693
1694 bt_addr_le_copy(&enh.peer_addr, &evt->peer_addr);
1695
1696 if (IS_ENABLED(CONFIG_BT_PRIVACY)) {
1697 bt_addr_copy(&enh.local_rpa, &bt_dev.random_addr.a);
1698 } else {
1699 bt_addr_copy(&enh.local_rpa, BT_ADDR_ANY);
1700 }
1701
1702 bt_addr_copy(&enh.peer_rpa, BT_ADDR_ANY);
1703
1704 enh_conn_complete(&enh);
1705 }
1706
le_remote_feat_complete(struct net_buf * buf)1707 static void le_remote_feat_complete(struct net_buf *buf)
1708 {
1709 struct bt_hci_evt_le_remote_feat_complete *evt = (void *)buf->data;
1710 uint16_t handle = sys_le16_to_cpu(evt->handle);
1711 struct bt_conn *conn;
1712
1713 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1714 if (!conn) {
1715 LOG_ERR("Unable to lookup conn for handle %u", handle);
1716 return;
1717 }
1718
1719 if (!evt->status) {
1720 memcpy(conn->le.features, evt->features,
1721 sizeof(conn->le.features));
1722 }
1723
1724 atomic_set_bit(conn->flags, BT_CONN_LE_FEATURES_EXCHANGED);
1725
1726 if (IS_ENABLED(CONFIG_BT_REMOTE_INFO) &&
1727 !IS_ENABLED(CONFIG_BT_REMOTE_VERSION)) {
1728 notify_remote_info(conn);
1729 }
1730
1731 bt_conn_unref(conn);
1732 }
1733
1734 #if defined(CONFIG_BT_DATA_LEN_UPDATE)
le_data_len_change(struct net_buf * buf)1735 static void le_data_len_change(struct net_buf *buf)
1736 {
1737 struct bt_hci_evt_le_data_len_change *evt = (void *)buf->data;
1738 uint16_t handle = sys_le16_to_cpu(evt->handle);
1739 struct bt_conn *conn;
1740
1741 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1742 if (!conn) {
1743 LOG_ERR("Unable to lookup conn for handle %u", handle);
1744 return;
1745 }
1746
1747 #if defined(CONFIG_BT_USER_DATA_LEN_UPDATE)
1748 uint16_t max_tx_octets = sys_le16_to_cpu(evt->max_tx_octets);
1749 uint16_t max_rx_octets = sys_le16_to_cpu(evt->max_rx_octets);
1750 uint16_t max_tx_time = sys_le16_to_cpu(evt->max_tx_time);
1751 uint16_t max_rx_time = sys_le16_to_cpu(evt->max_rx_time);
1752
1753 if (!IN_RANGE(max_tx_octets, BT_HCI_LE_MAX_TX_OCTETS_MIN, BT_HCI_LE_MAX_TX_OCTETS_MAX)) {
1754 LOG_WRN("max_tx_octets exceeds the valid range %u", max_tx_octets);
1755 }
1756 if (!IN_RANGE(max_rx_octets, BT_HCI_LE_MAX_RX_OCTETS_MIN, BT_HCI_LE_MAX_RX_OCTETS_MAX)) {
1757 LOG_WRN("max_rx_octets exceeds the valid range %u", max_rx_octets);
1758 }
1759 if (!IN_RANGE(max_tx_time, BT_HCI_LE_MAX_TX_TIME_MIN, BT_HCI_LE_MAX_TX_TIME_MAX)) {
1760 LOG_WRN("max_tx_time exceeds the valid range %u", max_tx_time);
1761 }
1762 if (!IN_RANGE(max_rx_time, BT_HCI_LE_MAX_RX_TIME_MIN, BT_HCI_LE_MAX_RX_TIME_MAX)) {
1763 LOG_WRN("max_rx_time exceeds the valid range %u", max_rx_time);
1764 }
1765
1766 LOG_DBG("max. tx: %u (%uus), max. rx: %u (%uus)", max_tx_octets, max_tx_time, max_rx_octets,
1767 max_rx_time);
1768
1769 conn->le.data_len.tx_max_len = max_tx_octets;
1770 conn->le.data_len.tx_max_time = max_tx_time;
1771 conn->le.data_len.rx_max_len = max_rx_octets;
1772 conn->le.data_len.rx_max_time = max_rx_time;
1773 notify_le_data_len_updated(conn);
1774 #endif
1775
1776 bt_conn_unref(conn);
1777 }
1778 #endif /* CONFIG_BT_DATA_LEN_UPDATE */
1779
1780 #if defined(CONFIG_BT_PHY_UPDATE)
le_phy_update_complete(struct net_buf * buf)1781 static void le_phy_update_complete(struct net_buf *buf)
1782 {
1783 struct bt_hci_evt_le_phy_update_complete *evt = (void *)buf->data;
1784 uint16_t handle = sys_le16_to_cpu(evt->handle);
1785 struct bt_conn *conn;
1786
1787 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1788 if (!conn) {
1789 LOG_ERR("Unable to lookup conn for handle %u", handle);
1790 return;
1791 }
1792
1793 LOG_DBG("PHY updated: status: 0x%02x %s, tx: %u, rx: %u",
1794 evt->status, bt_hci_err_to_str(evt->status), evt->tx_phy,
1795 evt->rx_phy);
1796
1797 #if defined(CONFIG_BT_USER_PHY_UPDATE)
1798 conn->le.phy.tx_phy = bt_get_phy(evt->tx_phy);
1799 conn->le.phy.rx_phy = bt_get_phy(evt->rx_phy);
1800 notify_le_phy_updated(conn);
1801 #endif
1802
1803 bt_conn_unref(conn);
1804 }
1805 #endif /* CONFIG_BT_PHY_UPDATE */
1806
bt_le_conn_params_valid(const struct bt_le_conn_param * param)1807 bool bt_le_conn_params_valid(const struct bt_le_conn_param *param)
1808 {
1809 if (IS_ENABLED(CONFIG_BT_CONN_PARAM_ANY)) {
1810 return true;
1811 }
1812
1813 /* All limits according to BT Core spec 5.0 [Vol 2, Part E, 7.8.12] */
1814
1815 if (param->interval_min > param->interval_max ||
1816 param->interval_min < 6 || param->interval_max > 3200) {
1817 return false;
1818 }
1819
1820 if (param->latency > 499) {
1821 return false;
1822 }
1823
1824 if (param->timeout < 10 || param->timeout > 3200 ||
1825 ((param->timeout * 4U) <=
1826 ((1U + param->latency) * param->interval_max))) {
1827 return false;
1828 }
1829
1830 return true;
1831 }
1832
le_conn_param_neg_reply(uint16_t handle,uint8_t reason)1833 static void le_conn_param_neg_reply(uint16_t handle, uint8_t reason)
1834 {
1835 struct bt_hci_cp_le_conn_param_req_neg_reply *cp;
1836 struct net_buf *buf;
1837
1838 buf = bt_hci_cmd_create(BT_HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY,
1839 sizeof(*cp));
1840 if (!buf) {
1841 LOG_ERR("Unable to allocate buffer");
1842 return;
1843 }
1844
1845 cp = net_buf_add(buf, sizeof(*cp));
1846 cp->handle = sys_cpu_to_le16(handle);
1847 cp->reason = sys_cpu_to_le16(reason);
1848
1849 bt_hci_cmd_send(BT_HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, buf);
1850 }
1851
le_conn_param_req_reply(uint16_t handle,const struct bt_le_conn_param * param)1852 static int le_conn_param_req_reply(uint16_t handle,
1853 const struct bt_le_conn_param *param)
1854 {
1855 struct bt_hci_cp_le_conn_param_req_reply *cp;
1856 struct net_buf *buf;
1857
1858 buf = bt_hci_cmd_create(BT_HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(*cp));
1859 if (!buf) {
1860 return -ENOBUFS;
1861 }
1862
1863 cp = net_buf_add(buf, sizeof(*cp));
1864 (void)memset(cp, 0, sizeof(*cp));
1865
1866 cp->handle = sys_cpu_to_le16(handle);
1867 cp->interval_min = sys_cpu_to_le16(param->interval_min);
1868 cp->interval_max = sys_cpu_to_le16(param->interval_max);
1869 cp->latency = sys_cpu_to_le16(param->latency);
1870 cp->timeout = sys_cpu_to_le16(param->timeout);
1871
1872 return bt_hci_cmd_send(BT_HCI_OP_LE_CONN_PARAM_REQ_REPLY, buf);
1873 }
1874
le_conn_param_req(struct net_buf * buf)1875 static void le_conn_param_req(struct net_buf *buf)
1876 {
1877 struct bt_hci_evt_le_conn_param_req *evt = (void *)buf->data;
1878 struct bt_le_conn_param param;
1879 struct bt_conn *conn;
1880 uint16_t handle;
1881
1882 handle = sys_le16_to_cpu(evt->handle);
1883 param.interval_min = sys_le16_to_cpu(evt->interval_min);
1884 param.interval_max = sys_le16_to_cpu(evt->interval_max);
1885 param.latency = sys_le16_to_cpu(evt->latency);
1886 param.timeout = sys_le16_to_cpu(evt->timeout);
1887
1888 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1889 if (!conn) {
1890 LOG_ERR("Unable to lookup conn for handle %u", handle);
1891 le_conn_param_neg_reply(handle, BT_HCI_ERR_UNKNOWN_CONN_ID);
1892 return;
1893 }
1894
1895 if (!le_param_req(conn, ¶m)) {
1896 le_conn_param_neg_reply(handle, BT_HCI_ERR_INVALID_LL_PARAM);
1897 } else {
1898 le_conn_param_req_reply(handle, ¶m);
1899 }
1900
1901 bt_conn_unref(conn);
1902 }
1903
le_conn_update_complete(struct net_buf * buf)1904 static void le_conn_update_complete(struct net_buf *buf)
1905 {
1906 struct bt_hci_evt_le_conn_update_complete *evt = (void *)buf->data;
1907 struct bt_conn *conn;
1908 uint16_t handle;
1909
1910 handle = sys_le16_to_cpu(evt->handle);
1911
1912 LOG_DBG("status 0x%02x %s, handle %u",
1913 evt->status, bt_hci_err_to_str(evt->status), handle);
1914
1915 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
1916 if (!conn) {
1917 LOG_ERR("Unable to lookup conn for handle %u", handle);
1918 return;
1919 }
1920
1921 if (evt->status == BT_HCI_ERR_UNSUPP_REMOTE_FEATURE &&
1922 conn->role == BT_HCI_ROLE_PERIPHERAL &&
1923 !atomic_test_and_set_bit(conn->flags,
1924 BT_CONN_PERIPHERAL_PARAM_L2CAP)) {
1925 /* CPR not supported, let's try L2CAP CPUP instead */
1926 struct bt_le_conn_param param;
1927
1928 param.interval_min = conn->le.interval_min;
1929 param.interval_max = conn->le.interval_max;
1930 param.latency = conn->le.pending_latency;
1931 param.timeout = conn->le.pending_timeout;
1932
1933 bt_l2cap_update_conn_param(conn, ¶m);
1934 } else {
1935 if (!evt->status) {
1936 conn->le.interval = sys_le16_to_cpu(evt->interval);
1937 conn->le.latency = sys_le16_to_cpu(evt->latency);
1938 conn->le.timeout = sys_le16_to_cpu(evt->supv_timeout);
1939
1940 if (!IS_ENABLED(CONFIG_BT_CONN_PARAM_ANY)) {
1941 if (!IN_RANGE(conn->le.interval, BT_HCI_LE_INTERVAL_MIN,
1942 BT_HCI_LE_INTERVAL_MAX)) {
1943 LOG_WRN("interval exceeds the valid range 0x%04x",
1944 conn->le.interval);
1945 }
1946 if (conn->le.latency > BT_HCI_LE_PERIPHERAL_LATENCY_MAX) {
1947 LOG_WRN("latency exceeds the valid range 0x%04x",
1948 conn->le.latency);
1949 }
1950 if (!IN_RANGE(conn->le.timeout, BT_HCI_LE_SUPERVISON_TIMEOUT_MIN,
1951 BT_HCI_LE_SUPERVISON_TIMEOUT_MAX)) {
1952 LOG_WRN("supv_timeout exceeds the valid range 0x%04x",
1953 conn->le.timeout);
1954 }
1955 }
1956
1957 #if defined(CONFIG_BT_GAP_AUTO_UPDATE_CONN_PARAMS)
1958 atomic_clear_bit(conn->flags,
1959 BT_CONN_PERIPHERAL_PARAM_AUTO_UPDATE);
1960 } else if (atomic_test_bit(conn->flags,
1961 BT_CONN_PERIPHERAL_PARAM_AUTO_UPDATE) &&
1962 evt->status == BT_HCI_ERR_UNSUPP_LL_PARAM_VAL &&
1963 conn->le.conn_param_retry_countdown) {
1964 conn->le.conn_param_retry_countdown--;
1965 k_work_schedule(&conn->deferred_work,
1966 K_MSEC(CONFIG_BT_CONN_PARAM_RETRY_TIMEOUT));
1967 } else {
1968 atomic_clear_bit(conn->flags,
1969 BT_CONN_PERIPHERAL_PARAM_AUTO_UPDATE);
1970 #endif /* CONFIG_BT_GAP_AUTO_UPDATE_CONN_PARAMS */
1971
1972 }
1973
1974 notify_le_param_updated(conn);
1975 }
1976
1977 bt_conn_unref(conn);
1978 }
1979
1980 #if defined(CONFIG_BT_HCI_ACL_FLOW_CONTROL)
set_flow_control(void)1981 static int set_flow_control(void)
1982 {
1983 struct bt_hci_cp_host_buffer_size *hbs;
1984 struct net_buf *buf;
1985 int err;
1986
1987 /* Check if host flow control is actually supported */
1988 if (!BT_CMD_TEST(bt_dev.supported_commands, 10, 5)) {
1989 LOG_WRN("Controller to host flow control not supported");
1990 return 0;
1991 }
1992
1993 buf = bt_hci_cmd_create(BT_HCI_OP_HOST_BUFFER_SIZE,
1994 sizeof(*hbs));
1995 if (!buf) {
1996 return -ENOBUFS;
1997 }
1998
1999 hbs = net_buf_add(buf, sizeof(*hbs));
2000 (void)memset(hbs, 0, sizeof(*hbs));
2001 hbs->acl_mtu = sys_cpu_to_le16(CONFIG_BT_BUF_ACL_RX_SIZE);
2002 hbs->acl_pkts = sys_cpu_to_le16(BT_BUF_ACL_RX_COUNT);
2003
2004 err = bt_hci_cmd_send_sync(BT_HCI_OP_HOST_BUFFER_SIZE, buf, NULL);
2005 if (err) {
2006 return err;
2007 }
2008
2009 buf = bt_hci_cmd_create(BT_HCI_OP_SET_CTL_TO_HOST_FLOW, 1);
2010 if (!buf) {
2011 return -ENOBUFS;
2012 }
2013
2014 net_buf_add_u8(buf, BT_HCI_CTL_TO_HOST_FLOW_ENABLE);
2015 return bt_hci_cmd_send_sync(BT_HCI_OP_SET_CTL_TO_HOST_FLOW, buf, NULL);
2016 }
2017 #endif /* CONFIG_BT_HCI_ACL_FLOW_CONTROL */
2018
unpair(uint8_t id,const bt_addr_le_t * addr)2019 static void unpair(uint8_t id, const bt_addr_le_t *addr)
2020 {
2021 struct bt_keys *keys = NULL;
2022 struct bt_conn *conn = bt_conn_lookup_addr_le(id, addr);
2023
2024 if (conn) {
2025 /* Clear the conn->le.keys pointer since we'll invalidate it,
2026 * and don't want any subsequent code (like disconnected
2027 * callbacks) accessing it.
2028 */
2029 if (conn->type == BT_CONN_TYPE_LE) {
2030 keys = conn->le.keys;
2031 conn->le.keys = NULL;
2032 }
2033
2034 bt_conn_disconnect(conn, BT_HCI_ERR_REMOTE_USER_TERM_CONN);
2035 bt_conn_unref(conn);
2036 }
2037
2038 if (IS_ENABLED(CONFIG_BT_CLASSIC)) {
2039 /* LE Public may indicate BR/EDR as well */
2040 if (addr->type == BT_ADDR_LE_PUBLIC) {
2041 bt_keys_link_key_clear_addr(&addr->a);
2042 }
2043 }
2044
2045 if (IS_ENABLED(CONFIG_BT_SMP)) {
2046 if (!keys) {
2047 keys = bt_keys_find_addr(id, addr);
2048 }
2049
2050 if (keys) {
2051 bt_keys_clear(keys);
2052 }
2053 }
2054
2055 bt_gatt_clear(id, addr);
2056
2057 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC)
2058 struct bt_conn_auth_info_cb *listener, *next;
2059
2060 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&bt_auth_info_cbs, listener,
2061 next, node) {
2062 if (listener->bond_deleted) {
2063 listener->bond_deleted(id, addr);
2064 }
2065 }
2066 #endif /* defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC) */
2067 }
2068
unpair_remote(const struct bt_bond_info * info,void * data)2069 static void unpair_remote(const struct bt_bond_info *info, void *data)
2070 {
2071 uint8_t *id = (uint8_t *) data;
2072
2073 unpair(*id, &info->addr);
2074 }
2075
bt_unpair(uint8_t id,const bt_addr_le_t * addr)2076 int bt_unpair(uint8_t id, const bt_addr_le_t *addr)
2077 {
2078 if (id >= CONFIG_BT_ID_MAX) {
2079 return -EINVAL;
2080 }
2081
2082 if (IS_ENABLED(CONFIG_BT_SMP)) {
2083 if (!addr || bt_addr_le_eq(addr, BT_ADDR_LE_ANY)) {
2084 bt_foreach_bond(id, unpair_remote, &id);
2085 } else {
2086 unpair(id, addr);
2087 }
2088 } else {
2089 CHECKIF(addr == NULL) {
2090 LOG_DBG("addr is NULL");
2091 return -EINVAL;
2092 }
2093
2094 unpair(id, addr);
2095 }
2096
2097 return 0;
2098 }
2099
2100 #endif /* CONFIG_BT_CONN */
2101
2102 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC)
bt_security_err_get(uint8_t hci_err)2103 enum bt_security_err bt_security_err_get(uint8_t hci_err)
2104 {
2105 switch (hci_err) {
2106 case BT_HCI_ERR_SUCCESS:
2107 return BT_SECURITY_ERR_SUCCESS;
2108 case BT_HCI_ERR_AUTH_FAIL:
2109 return BT_SECURITY_ERR_AUTH_FAIL;
2110 case BT_HCI_ERR_PIN_OR_KEY_MISSING:
2111 return BT_SECURITY_ERR_PIN_OR_KEY_MISSING;
2112 case BT_HCI_ERR_PAIRING_NOT_SUPPORTED:
2113 return BT_SECURITY_ERR_PAIR_NOT_SUPPORTED;
2114 case BT_HCI_ERR_PAIRING_NOT_ALLOWED:
2115 return BT_SECURITY_ERR_PAIR_NOT_ALLOWED;
2116 case BT_HCI_ERR_INVALID_PARAM:
2117 return BT_SECURITY_ERR_INVALID_PARAM;
2118 default:
2119 return BT_SECURITY_ERR_UNSPECIFIED;
2120 }
2121 }
2122 #endif /* defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC) */
2123
2124 #if defined(CONFIG_BT_SMP)
update_sec_level(struct bt_conn * conn)2125 static bool update_sec_level(struct bt_conn *conn)
2126 {
2127 if (conn->le.keys && (conn->le.keys->flags & BT_KEYS_AUTHENTICATED)) {
2128 if (conn->le.keys->flags & BT_KEYS_SC &&
2129 conn->le.keys->enc_size == BT_SMP_MAX_ENC_KEY_SIZE) {
2130 conn->sec_level = BT_SECURITY_L4;
2131 } else {
2132 conn->sec_level = BT_SECURITY_L3;
2133 }
2134 } else {
2135 conn->sec_level = BT_SECURITY_L2;
2136 }
2137
2138 return !(conn->required_sec_level > conn->sec_level);
2139 }
2140 #endif /* CONFIG_BT_SMP */
2141
2142 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC)
hci_encrypt_change(struct net_buf * buf)2143 static void hci_encrypt_change(struct net_buf *buf)
2144 {
2145 struct bt_hci_evt_encrypt_change *evt = (void *)buf->data;
2146 uint16_t handle = sys_le16_to_cpu(evt->handle);
2147 uint8_t status = evt->status;
2148 struct bt_conn *conn;
2149
2150 LOG_DBG("status 0x%02x %s handle %u encrypt 0x%02x",
2151 evt->status, bt_hci_err_to_str(evt->status), handle, evt->encrypt);
2152
2153 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
2154 if (!conn) {
2155 LOG_ERR("Unable to look up conn with handle %u", handle);
2156 return;
2157 }
2158
2159 if (status) {
2160 bt_conn_security_changed(conn, status,
2161 bt_security_err_get(status));
2162 bt_conn_unref(conn);
2163 return;
2164 }
2165
2166 if (conn->encrypt == evt->encrypt) {
2167 LOG_WRN("No change to encryption state (encrypt 0x%02x)", evt->encrypt);
2168 bt_conn_unref(conn);
2169 return;
2170 }
2171
2172 conn->encrypt = evt->encrypt;
2173
2174 #if defined(CONFIG_BT_SMP)
2175 if (conn->type == BT_CONN_TYPE_LE) {
2176 /*
2177 * we update keys properties only on successful encryption to
2178 * avoid losing valid keys if encryption was not successful.
2179 *
2180 * Update keys with last pairing info for proper sec level
2181 * update. This is done only for LE transport, for BR/EDR keys
2182 * are updated on HCI 'Link Key Notification Event'
2183 */
2184 if (conn->encrypt) {
2185 bt_smp_update_keys(conn);
2186 }
2187
2188 if (!update_sec_level(conn)) {
2189 status = BT_HCI_ERR_AUTH_FAIL;
2190 }
2191 }
2192 #endif /* CONFIG_BT_SMP */
2193 #if defined(CONFIG_BT_CLASSIC)
2194 if (conn->type == BT_CONN_TYPE_BR) {
2195 if (!bt_br_update_sec_level(conn)) {
2196 bt_conn_unref(conn);
2197 return;
2198 }
2199
2200 if (IS_ENABLED(CONFIG_BT_SMP)) {
2201 /*
2202 * Start SMP over BR/EDR if we are pairing and are
2203 * central on the link
2204 */
2205 if (atomic_test_bit(conn->flags, BT_CONN_BR_PAIRED) &&
2206 conn->role == BT_CONN_ROLE_CENTRAL) {
2207 bt_smp_br_send_pairing_req(conn);
2208 }
2209 }
2210 }
2211 #endif /* CONFIG_BT_CLASSIC */
2212
2213 bt_conn_security_changed(conn, status, bt_security_err_get(status));
2214
2215 if (status) {
2216 LOG_ERR("Failed to set required security level");
2217 bt_conn_disconnect(conn, status);
2218 }
2219
2220 bt_conn_unref(conn);
2221 }
2222
hci_encrypt_key_refresh_complete(struct net_buf * buf)2223 static void hci_encrypt_key_refresh_complete(struct net_buf *buf)
2224 {
2225 struct bt_hci_evt_encrypt_key_refresh_complete *evt = (void *)buf->data;
2226 uint8_t status = evt->status;
2227 struct bt_conn *conn;
2228 uint16_t handle;
2229
2230 handle = sys_le16_to_cpu(evt->handle);
2231
2232 LOG_DBG("status 0x%02x %s handle %u",
2233 evt->status, bt_hci_err_to_str(evt->status), handle);
2234
2235 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
2236 if (!conn) {
2237 LOG_ERR("Unable to look up conn with handle %u", handle);
2238 return;
2239 }
2240
2241 if (status) {
2242 bt_conn_security_changed(conn, status,
2243 bt_security_err_get(status));
2244 bt_conn_unref(conn);
2245 return;
2246 }
2247
2248 /*
2249 * Update keys with last pairing info for proper sec level update.
2250 * This is done only for LE transport. For BR/EDR transport keys are
2251 * updated on HCI 'Link Key Notification Event', therefore update here
2252 * only security level based on available keys and encryption state.
2253 */
2254 #if defined(CONFIG_BT_SMP)
2255 if (conn->type == BT_CONN_TYPE_LE) {
2256 bt_smp_update_keys(conn);
2257
2258 if (!update_sec_level(conn)) {
2259 status = BT_HCI_ERR_AUTH_FAIL;
2260 }
2261 }
2262 #endif /* CONFIG_BT_SMP */
2263 #if defined(CONFIG_BT_CLASSIC)
2264 if (conn->type == BT_CONN_TYPE_BR) {
2265 if (!bt_br_update_sec_level(conn)) {
2266 bt_conn_unref(conn);
2267 return;
2268 }
2269 }
2270 #endif /* CONFIG_BT_CLASSIC */
2271
2272 bt_conn_security_changed(conn, status, bt_security_err_get(status));
2273 if (status) {
2274 LOG_ERR("Failed to set required security level");
2275 bt_conn_disconnect(conn, status);
2276 }
2277
2278 bt_conn_unref(conn);
2279 }
2280 #endif /* CONFIG_BT_SMP || CONFIG_BT_CLASSIC */
2281
2282 #if defined(CONFIG_BT_REMOTE_VERSION)
bt_hci_evt_read_remote_version_complete(struct net_buf * buf)2283 static void bt_hci_evt_read_remote_version_complete(struct net_buf *buf)
2284 {
2285 struct bt_hci_evt_remote_version_info *evt;
2286 struct bt_conn *conn;
2287 uint16_t handle;
2288
2289 evt = net_buf_pull_mem(buf, sizeof(*evt));
2290 handle = sys_le16_to_cpu(evt->handle);
2291 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_ALL);
2292 if (!conn) {
2293 LOG_ERR("No connection for handle %u", handle);
2294 return;
2295 }
2296
2297 if (!evt->status) {
2298 conn->rv.version = evt->version;
2299 conn->rv.manufacturer = sys_le16_to_cpu(evt->manufacturer);
2300 conn->rv.subversion = sys_le16_to_cpu(evt->subversion);
2301 }
2302
2303 atomic_set_bit(conn->flags, BT_CONN_AUTO_VERSION_INFO);
2304
2305 if (IS_ENABLED(CONFIG_BT_REMOTE_INFO)) {
2306 /* Remote features is already present */
2307 notify_remote_info(conn);
2308 }
2309
2310 bt_conn_unref(conn);
2311 }
2312 #endif /* CONFIG_BT_REMOTE_VERSION */
2313
hci_hardware_error(struct net_buf * buf)2314 static void hci_hardware_error(struct net_buf *buf)
2315 {
2316 struct bt_hci_evt_hardware_error *evt;
2317
2318 evt = net_buf_pull_mem(buf, sizeof(*evt));
2319
2320 LOG_ERR("Hardware error, hardware code: %d", evt->hardware_code);
2321 }
2322
2323 #if defined(CONFIG_BT_SMP)
le_ltk_neg_reply(uint16_t handle)2324 static void le_ltk_neg_reply(uint16_t handle)
2325 {
2326 struct bt_hci_cp_le_ltk_req_neg_reply *cp;
2327 struct net_buf *buf;
2328
2329 buf = bt_hci_cmd_create(BT_HCI_OP_LE_LTK_REQ_NEG_REPLY, sizeof(*cp));
2330 if (!buf) {
2331 LOG_ERR("Out of command buffers");
2332
2333 return;
2334 }
2335
2336 cp = net_buf_add(buf, sizeof(*cp));
2337 cp->handle = sys_cpu_to_le16(handle);
2338
2339 bt_hci_cmd_send(BT_HCI_OP_LE_LTK_REQ_NEG_REPLY, buf);
2340 }
2341
le_ltk_reply(uint16_t handle,uint8_t * ltk)2342 static void le_ltk_reply(uint16_t handle, uint8_t *ltk)
2343 {
2344 struct bt_hci_cp_le_ltk_req_reply *cp;
2345 struct net_buf *buf;
2346
2347 buf = bt_hci_cmd_create(BT_HCI_OP_LE_LTK_REQ_REPLY,
2348 sizeof(*cp));
2349 if (!buf) {
2350 LOG_ERR("Out of command buffers");
2351 return;
2352 }
2353
2354 cp = net_buf_add(buf, sizeof(*cp));
2355 cp->handle = sys_cpu_to_le16(handle);
2356 memcpy(cp->ltk, ltk, sizeof(cp->ltk));
2357
2358 bt_hci_cmd_send(BT_HCI_OP_LE_LTK_REQ_REPLY, buf);
2359 }
2360
le_ltk_request(struct net_buf * buf)2361 static void le_ltk_request(struct net_buf *buf)
2362 {
2363 struct bt_hci_evt_le_ltk_request *evt = (void *)buf->data;
2364 struct bt_conn *conn;
2365 uint16_t handle;
2366 uint8_t ltk[16];
2367
2368 handle = sys_le16_to_cpu(evt->handle);
2369
2370 LOG_DBG("handle %u", handle);
2371
2372 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_LE);
2373 if (!conn) {
2374 LOG_ERR("Unable to lookup conn for handle %u", handle);
2375 return;
2376 }
2377
2378 if (bt_smp_request_ltk(conn, evt->rand, evt->ediv, ltk)) {
2379 le_ltk_reply(handle, ltk);
2380 } else {
2381 le_ltk_neg_reply(handle);
2382 }
2383
2384 bt_conn_unref(conn);
2385 }
2386 #endif /* CONFIG_BT_SMP */
2387
hci_reset_complete(struct net_buf * buf)2388 static void hci_reset_complete(struct net_buf *buf)
2389 {
2390 uint8_t status = buf->data[0];
2391 atomic_t flags;
2392
2393 LOG_DBG("status 0x%02x %s", status, bt_hci_err_to_str(status));
2394
2395 if (status) {
2396 return;
2397 }
2398
2399 if (IS_ENABLED(CONFIG_BT_OBSERVER)) {
2400 bt_scan_reset();
2401 }
2402
2403 #if defined(CONFIG_BT_CLASSIC)
2404 bt_br_discovery_reset();
2405 #endif /* CONFIG_BT_CLASSIC */
2406
2407 flags = (atomic_get(bt_dev.flags) & BT_DEV_PERSISTENT_FLAGS);
2408 atomic_set(bt_dev.flags, flags);
2409 }
2410
hci_cmd_done(uint16_t opcode,uint8_t status,struct net_buf * evt_buf)2411 static void hci_cmd_done(uint16_t opcode, uint8_t status, struct net_buf *evt_buf)
2412 {
2413 /* Original command buffer. */
2414 struct net_buf *buf = NULL;
2415
2416 LOG_DBG("opcode 0x%04x status 0x%02x %s buf %p", opcode,
2417 status, bt_hci_err_to_str(status), evt_buf);
2418
2419 /* Unsolicited cmd complete. This does not complete a command.
2420 * The controller can send these for effect of the `ncmd` field.
2421 */
2422 if (opcode == 0) {
2423 goto exit;
2424 }
2425
2426 /* Take the original command buffer reference. */
2427 buf = atomic_ptr_clear((atomic_ptr_t *)&bt_dev.sent_cmd);
2428
2429 if (!buf) {
2430 LOG_ERR("No command sent for cmd complete 0x%04x", opcode);
2431 goto exit;
2432 }
2433
2434 if (cmd(buf)->opcode != opcode) {
2435 LOG_ERR("OpCode 0x%04x completed instead of expected 0x%04x", opcode,
2436 cmd(buf)->opcode);
2437 buf = atomic_ptr_set((atomic_ptr_t *)&bt_dev.sent_cmd, buf);
2438 __ASSERT_NO_MSG(!buf);
2439 goto exit;
2440 }
2441
2442 /* Response data is to be delivered in the original command
2443 * buffer.
2444 */
2445 if (evt_buf != buf) {
2446 net_buf_reset(buf);
2447 bt_buf_set_type(buf, BT_BUF_EVT);
2448 net_buf_reserve(buf, BT_BUF_RESERVE);
2449 net_buf_add_mem(buf, evt_buf->data, evt_buf->len);
2450 }
2451
2452 if (cmd(buf)->state && !status) {
2453 struct bt_hci_cmd_state_set *update = cmd(buf)->state;
2454
2455 atomic_set_bit_to(update->target, update->bit, update->val);
2456 }
2457
2458 /* If the command was synchronous wake up bt_hci_cmd_send_sync() */
2459 if (cmd(buf)->sync) {
2460 LOG_DBG("sync cmd released");
2461 cmd(buf)->status = status;
2462 k_sem_give(cmd(buf)->sync);
2463 }
2464
2465 exit:
2466 if (buf) {
2467 net_buf_unref(buf);
2468 }
2469 }
2470
hci_cmd_complete(struct net_buf * buf)2471 static void hci_cmd_complete(struct net_buf *buf)
2472 {
2473 struct bt_hci_evt_cmd_complete *evt;
2474 uint8_t status, ncmd;
2475 uint16_t opcode;
2476
2477 evt = net_buf_pull_mem(buf, sizeof(*evt));
2478 ncmd = evt->ncmd;
2479 opcode = sys_le16_to_cpu(evt->opcode);
2480
2481 LOG_DBG("opcode 0x%04x", opcode);
2482
2483 /* All command return parameters have a 1-byte status in the
2484 * beginning, so we can safely make this generalization.
2485 */
2486 status = buf->data[0];
2487
2488 /* HOST_NUM_COMPLETED_PACKETS should not generate a response under normal operation.
2489 * The generation of this command ignores `ncmd_sem`, so should not be given here.
2490 */
2491 if (opcode == BT_HCI_OP_HOST_NUM_COMPLETED_PACKETS) {
2492 LOG_WRN("Unexpected HOST_NUM_COMPLETED_PACKETS, status 0x%02x %s",
2493 status, bt_hci_err_to_str(status));
2494 return;
2495 }
2496
2497 hci_cmd_done(opcode, status, buf);
2498
2499 /* Allow next command to be sent */
2500 if (ncmd) {
2501 k_sem_give(&bt_dev.ncmd_sem);
2502 bt_tx_irq_raise();
2503 }
2504 }
2505
hci_cmd_status(struct net_buf * buf)2506 static void hci_cmd_status(struct net_buf *buf)
2507 {
2508 struct bt_hci_evt_cmd_status *evt;
2509 uint16_t opcode;
2510 uint8_t ncmd;
2511
2512 evt = net_buf_pull_mem(buf, sizeof(*evt));
2513 opcode = sys_le16_to_cpu(evt->opcode);
2514 ncmd = evt->ncmd;
2515
2516 LOG_DBG("opcode 0x%04x", opcode);
2517
2518 hci_cmd_done(opcode, evt->status, buf);
2519
2520 /* Allow next command to be sent */
2521 if (ncmd) {
2522 k_sem_give(&bt_dev.ncmd_sem);
2523 bt_tx_irq_raise();
2524 }
2525 }
2526
bt_hci_get_conn_handle(const struct bt_conn * conn,uint16_t * conn_handle)2527 int bt_hci_get_conn_handle(const struct bt_conn *conn, uint16_t *conn_handle)
2528 {
2529 if (conn->state != BT_CONN_CONNECTED) {
2530 return -ENOTCONN;
2531 }
2532
2533 *conn_handle = conn->handle;
2534 return 0;
2535 }
2536
2537 #if defined(CONFIG_BT_EXT_ADV)
bt_hci_get_adv_handle(const struct bt_le_ext_adv * adv,uint8_t * adv_handle)2538 int bt_hci_get_adv_handle(const struct bt_le_ext_adv *adv, uint8_t *adv_handle)
2539 {
2540 if (!atomic_test_bit(adv->flags, BT_ADV_CREATED)) {
2541 return -EINVAL;
2542 }
2543
2544 *adv_handle = adv->handle;
2545 return 0;
2546 }
2547 #endif /* CONFIG_BT_EXT_ADV */
2548
2549 #if defined(CONFIG_BT_PER_ADV_SYNC)
bt_hci_get_adv_sync_handle(const struct bt_le_per_adv_sync * sync,uint16_t * sync_handle)2550 int bt_hci_get_adv_sync_handle(const struct bt_le_per_adv_sync *sync, uint16_t *sync_handle)
2551 {
2552 if (!atomic_test_bit(sync->flags, BT_PER_ADV_SYNC_CREATED)) {
2553 return -EINVAL;
2554 }
2555
2556 *sync_handle = sync->handle;
2557
2558 return 0;
2559 }
2560 #endif
2561
2562 #if defined(CONFIG_BT_HCI_VS_EVT_USER)
bt_hci_register_vnd_evt_cb(bt_hci_vnd_evt_cb_t cb)2563 int bt_hci_register_vnd_evt_cb(bt_hci_vnd_evt_cb_t cb)
2564 {
2565 hci_vnd_evt_cb = cb;
2566 return 0;
2567 }
2568 #endif /* CONFIG_BT_HCI_VS_EVT_USER */
2569
2570 #if defined(CONFIG_BT_TRANSMIT_POWER_CONTROL)
bt_hci_le_transmit_power_report(struct net_buf * buf)2571 void bt_hci_le_transmit_power_report(struct net_buf *buf)
2572 {
2573 struct bt_hci_evt_le_transmit_power_report *evt;
2574 struct bt_conn_le_tx_power_report report;
2575 struct bt_conn *conn;
2576
2577 evt = net_buf_pull_mem(buf, sizeof(*evt));
2578 conn = bt_conn_lookup_handle(sys_le16_to_cpu(evt->handle), BT_CONN_TYPE_LE);
2579 if (!conn) {
2580 LOG_ERR("Unknown conn handle 0x%04X for transmit power report",
2581 sys_le16_to_cpu(evt->handle));
2582 return;
2583 }
2584
2585 report.reason = evt->reason;
2586 report.phy = evt->phy;
2587 report.tx_power_level = evt->tx_power_level;
2588 report.tx_power_level_flag = evt->tx_power_level_flag;
2589 report.delta = evt->delta;
2590
2591 notify_tx_power_report(conn, report);
2592
2593 bt_conn_unref(conn);
2594 }
2595 #endif /* CONFIG_BT_TRANSMIT_POWER_CONTROL */
2596
2597 #if defined(CONFIG_BT_PATH_LOSS_MONITORING)
bt_hci_le_path_loss_threshold_event(struct net_buf * buf)2598 void bt_hci_le_path_loss_threshold_event(struct net_buf *buf)
2599 {
2600 struct bt_hci_evt_le_path_loss_threshold *evt;
2601 struct bt_conn_le_path_loss_threshold_report report;
2602 struct bt_conn *conn;
2603
2604 evt = net_buf_pull_mem(buf, sizeof(*evt));
2605
2606 if (evt->zone_entered > BT_CONN_LE_PATH_LOSS_ZONE_ENTERED_HIGH) {
2607 LOG_ERR("Invalid zone %u in bt_hci_evt_le_path_loss_threshold",
2608 evt->zone_entered);
2609 return;
2610 }
2611
2612 conn = bt_conn_lookup_handle(sys_le16_to_cpu(evt->handle), BT_CONN_TYPE_LE);
2613 if (!conn) {
2614 LOG_ERR("Unknown conn handle 0x%04X for path loss threshold report",
2615 sys_le16_to_cpu(evt->handle));
2616 return;
2617 }
2618
2619 if (evt->current_path_loss == BT_HCI_LE_PATH_LOSS_UNAVAILABLE) {
2620 report.zone = BT_CONN_LE_PATH_LOSS_ZONE_UNAVAILABLE;
2621 report.path_loss = BT_HCI_LE_PATH_LOSS_UNAVAILABLE;
2622 } else {
2623 report.zone = evt->zone_entered;
2624 report.path_loss = evt->current_path_loss;
2625 }
2626
2627 notify_path_loss_threshold_report(conn, report);
2628
2629 bt_conn_unref(conn);
2630 }
2631 #endif /* CONFIG_BT_PATH_LOSS_MONITORING */
2632
2633 #if defined(CONFIG_BT_SUBRATING)
bt_hci_le_subrate_change_event(struct net_buf * buf)2634 void bt_hci_le_subrate_change_event(struct net_buf *buf)
2635 {
2636 struct bt_hci_evt_le_subrate_change *evt;
2637 struct bt_conn_le_subrate_changed params;
2638 struct bt_conn *conn;
2639
2640 evt = net_buf_pull_mem(buf, sizeof(*evt));
2641
2642 conn = bt_conn_lookup_handle(sys_le16_to_cpu(evt->handle), BT_CONN_TYPE_LE);
2643 if (!conn) {
2644 LOG_ERR("Unknown conn handle 0x%04X for subrating event",
2645 sys_le16_to_cpu(evt->handle));
2646 return;
2647 }
2648
2649 if (evt->status == BT_HCI_ERR_SUCCESS) {
2650 conn->le.subrate.factor = sys_le16_to_cpu(evt->subrate_factor);
2651 conn->le.subrate.continuation_number = sys_le16_to_cpu(evt->continuation_number);
2652 conn->le.latency = sys_le16_to_cpu(evt->peripheral_latency);
2653 conn->le.timeout = sys_le16_to_cpu(evt->supervision_timeout);
2654
2655 if (!IS_ENABLED(CONFIG_BT_CONN_PARAM_ANY)) {
2656 if (!IN_RANGE(conn->le.subrate.factor, BT_HCI_LE_SUBRATE_FACTOR_MIN,
2657 BT_HCI_LE_SUBRATE_FACTOR_MAX)) {
2658 LOG_WRN("subrate_factor exceeds the valid range %d",
2659 conn->le.subrate.factor);
2660 }
2661 if (conn->le.latency > BT_HCI_LE_PERIPHERAL_LATENCY_MAX) {
2662 LOG_WRN("peripheral_latency exceeds the valid range 0x%04x",
2663 conn->le.latency);
2664 }
2665 if (conn->le.subrate.continuation_number > BT_HCI_LE_CONTINUATION_NUM_MAX) {
2666 LOG_WRN("continuation_number exceeds the valid range %d",
2667 conn->le.subrate.continuation_number);
2668 }
2669 if (!IN_RANGE(conn->le.timeout, BT_HCI_LE_SUPERVISON_TIMEOUT_MIN,
2670 BT_HCI_LE_SUPERVISON_TIMEOUT_MAX)) {
2671 LOG_WRN("supervision_timeout exceeds the valid range 0x%04x",
2672 conn->le.timeout);
2673 }
2674 }
2675 }
2676
2677 params.status = evt->status;
2678 params.factor = conn->le.subrate.factor;
2679 params.continuation_number = conn->le.subrate.continuation_number;
2680 params.peripheral_latency = conn->le.latency;
2681 params.supervision_timeout = conn->le.timeout;
2682
2683 notify_subrate_change(conn, params);
2684
2685 bt_conn_unref(conn);
2686 }
2687 #endif /* CONFIG_BT_SUBRATING */
2688
2689 static const struct event_handler vs_events[] = {
2690 #if defined(CONFIG_BT_DF_VS_CL_IQ_REPORT_16_BITS_IQ_SAMPLES)
2691 EVENT_HANDLER(BT_HCI_EVT_VS_LE_CONNECTIONLESS_IQ_REPORT,
2692 bt_hci_le_vs_df_connectionless_iq_report,
2693 sizeof(struct bt_hci_evt_vs_le_connectionless_iq_report)),
2694 #endif /* CONFIG_BT_DF_VS_CL_IQ_REPORT_16_BITS_IQ_SAMPLES */
2695 #if defined(CONFIG_BT_DF_VS_CONN_IQ_REPORT_16_BITS_IQ_SAMPLES)
2696 EVENT_HANDLER(BT_HCI_EVT_VS_LE_CONNECTION_IQ_REPORT, bt_hci_le_vs_df_connection_iq_report,
2697 sizeof(struct bt_hci_evt_vs_le_connection_iq_report)),
2698 #endif /* CONFIG_BT_DF_VS_CONN_IQ_REPORT_16_BITS_IQ_SAMPLES */
2699 };
2700
hci_vendor_event(struct net_buf * buf)2701 static void hci_vendor_event(struct net_buf *buf)
2702 {
2703 bool handled = false;
2704
2705 #if defined(CONFIG_BT_HCI_VS_EVT_USER)
2706 if (hci_vnd_evt_cb) {
2707 struct net_buf_simple_state state;
2708
2709 net_buf_simple_save(&buf->b, &state);
2710
2711 handled = hci_vnd_evt_cb(&buf->b);
2712
2713 net_buf_simple_restore(&buf->b, &state);
2714 }
2715 #endif /* CONFIG_BT_HCI_VS_EVT_USER */
2716
2717 if (IS_ENABLED(CONFIG_BT_HCI_VS) && !handled) {
2718 struct bt_hci_evt_vs *evt;
2719
2720 evt = net_buf_pull_mem(buf, sizeof(*evt));
2721
2722 LOG_DBG("subevent 0x%02x", evt->subevent);
2723
2724 handle_vs_event(evt->subevent, buf, vs_events, ARRAY_SIZE(vs_events));
2725 }
2726 }
2727
2728 static const struct event_handler meta_events[] = {
2729 #if defined(CONFIG_BT_OBSERVER)
2730 EVENT_HANDLER(BT_HCI_EVT_LE_ADVERTISING_REPORT, bt_hci_le_adv_report,
2731 sizeof(struct bt_hci_evt_le_advertising_report)),
2732 #endif /* CONFIG_BT_OBSERVER */
2733 #if defined(CONFIG_BT_CONN)
2734 EVENT_HANDLER(BT_HCI_EVT_LE_CONN_COMPLETE, le_legacy_conn_complete,
2735 sizeof(struct bt_hci_evt_le_conn_complete)),
2736 EVENT_HANDLER(BT_HCI_EVT_LE_ENH_CONN_COMPLETE, le_enh_conn_complete,
2737 sizeof(struct bt_hci_evt_le_enh_conn_complete)),
2738 EVENT_HANDLER(BT_HCI_EVT_LE_CONN_UPDATE_COMPLETE,
2739 le_conn_update_complete,
2740 sizeof(struct bt_hci_evt_le_conn_update_complete)),
2741 EVENT_HANDLER(BT_HCI_EVT_LE_REMOTE_FEAT_COMPLETE,
2742 le_remote_feat_complete,
2743 sizeof(struct bt_hci_evt_le_remote_feat_complete)),
2744 EVENT_HANDLER(BT_HCI_EVT_LE_CONN_PARAM_REQ, le_conn_param_req,
2745 sizeof(struct bt_hci_evt_le_conn_param_req)),
2746 #if defined(CONFIG_BT_DATA_LEN_UPDATE)
2747 EVENT_HANDLER(BT_HCI_EVT_LE_DATA_LEN_CHANGE, le_data_len_change,
2748 sizeof(struct bt_hci_evt_le_data_len_change)),
2749 #endif /* CONFIG_BT_DATA_LEN_UPDATE */
2750 #if defined(CONFIG_BT_PHY_UPDATE)
2751 EVENT_HANDLER(BT_HCI_EVT_LE_PHY_UPDATE_COMPLETE,
2752 le_phy_update_complete,
2753 sizeof(struct bt_hci_evt_le_phy_update_complete)),
2754 #endif /* CONFIG_BT_PHY_UPDATE */
2755 #endif /* CONFIG_BT_CONN */
2756 #if defined(CONFIG_BT_SMP)
2757 EVENT_HANDLER(BT_HCI_EVT_LE_LTK_REQUEST, le_ltk_request,
2758 sizeof(struct bt_hci_evt_le_ltk_request)),
2759 #endif /* CONFIG_BT_SMP */
2760 #if defined(CONFIG_BT_ECC)
2761 EVENT_HANDLER(BT_HCI_EVT_LE_P256_PUBLIC_KEY_COMPLETE,
2762 bt_hci_evt_le_pkey_complete,
2763 sizeof(struct bt_hci_evt_le_p256_public_key_complete)),
2764 EVENT_HANDLER(BT_HCI_EVT_LE_GENERATE_DHKEY_COMPLETE,
2765 bt_hci_evt_le_dhkey_complete,
2766 sizeof(struct bt_hci_evt_le_generate_dhkey_complete)),
2767 #endif /* CONFIG_BT_SMP */
2768 #if defined(CONFIG_BT_EXT_ADV)
2769 #if defined(CONFIG_BT_BROADCASTER)
2770 EVENT_HANDLER(BT_HCI_EVT_LE_ADV_SET_TERMINATED, bt_hci_le_adv_set_terminated,
2771 sizeof(struct bt_hci_evt_le_adv_set_terminated)),
2772 EVENT_HANDLER(BT_HCI_EVT_LE_SCAN_REQ_RECEIVED, bt_hci_le_scan_req_received,
2773 sizeof(struct bt_hci_evt_le_scan_req_received)),
2774 #endif
2775 #if defined(CONFIG_BT_OBSERVER)
2776 EVENT_HANDLER(BT_HCI_EVT_LE_SCAN_TIMEOUT, bt_hci_le_scan_timeout,
2777 0),
2778 EVENT_HANDLER(BT_HCI_EVT_LE_EXT_ADVERTISING_REPORT, bt_hci_le_adv_ext_report,
2779 sizeof(struct bt_hci_evt_le_ext_advertising_report)),
2780 #endif /* defined(CONFIG_BT_OBSERVER) */
2781 #if defined(CONFIG_BT_PER_ADV_SYNC)
2782 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_SYNC_ESTABLISHED,
2783 bt_hci_le_per_adv_sync_established,
2784 sizeof(struct bt_hci_evt_le_per_adv_sync_established)),
2785 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADVERTISING_REPORT, bt_hci_le_per_adv_report,
2786 sizeof(struct bt_hci_evt_le_per_advertising_report)),
2787 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_SYNC_LOST, bt_hci_le_per_adv_sync_lost,
2788 sizeof(struct bt_hci_evt_le_per_adv_sync_lost)),
2789 #if defined(CONFIG_BT_PER_ADV_SYNC_TRANSFER_RECEIVER)
2790 EVENT_HANDLER(BT_HCI_EVT_LE_PAST_RECEIVED, bt_hci_le_past_received,
2791 sizeof(struct bt_hci_evt_le_past_received)),
2792 #endif /* CONFIG_BT_PER_ADV_SYNC_TRANSFER_RECEIVER */
2793 #endif /* defined(CONFIG_BT_PER_ADV_SYNC) */
2794 #endif /* defined(CONFIG_BT_EXT_ADV) */
2795 #if defined(CONFIG_BT_ISO_UNICAST)
2796 EVENT_HANDLER(BT_HCI_EVT_LE_CIS_ESTABLISHED, hci_le_cis_established,
2797 sizeof(struct bt_hci_evt_le_cis_established)),
2798 EVENT_HANDLER(BT_HCI_EVT_LE_CIS_ESTABLISHED_V2, hci_le_cis_established_v2,
2799 sizeof(struct bt_hci_evt_le_cis_established_v2)),
2800 #if defined(CONFIG_BT_ISO_PERIPHERAL)
2801 EVENT_HANDLER(BT_HCI_EVT_LE_CIS_REQ, hci_le_cis_req,
2802 sizeof(struct bt_hci_evt_le_cis_req)),
2803 #endif /* (CONFIG_BT_ISO_PERIPHERAL) */
2804 #endif /* (CONFIG_BT_ISO_UNICAST) */
2805 #if defined(CONFIG_BT_ISO_BROADCASTER)
2806 EVENT_HANDLER(BT_HCI_EVT_LE_BIG_COMPLETE,
2807 hci_le_big_complete,
2808 sizeof(struct bt_hci_evt_le_big_complete)),
2809 EVENT_HANDLER(BT_HCI_EVT_LE_BIG_TERMINATE,
2810 hci_le_big_terminate,
2811 sizeof(struct bt_hci_evt_le_big_terminate)),
2812 #endif /* CONFIG_BT_ISO_BROADCASTER */
2813 #if defined(CONFIG_BT_ISO_SYNC_RECEIVER)
2814 EVENT_HANDLER(BT_HCI_EVT_LE_BIG_SYNC_ESTABLISHED,
2815 hci_le_big_sync_established,
2816 sizeof(struct bt_hci_evt_le_big_sync_established)),
2817 EVENT_HANDLER(BT_HCI_EVT_LE_BIG_SYNC_LOST,
2818 hci_le_big_sync_lost,
2819 sizeof(struct bt_hci_evt_le_big_sync_lost)),
2820 EVENT_HANDLER(BT_HCI_EVT_LE_BIGINFO_ADV_REPORT,
2821 bt_hci_le_biginfo_adv_report,
2822 sizeof(struct bt_hci_evt_le_biginfo_adv_report)),
2823 #endif /* CONFIG_BT_ISO_SYNC_RECEIVER */
2824 #if defined(CONFIG_BT_DF_CONNECTIONLESS_CTE_RX)
2825 EVENT_HANDLER(BT_HCI_EVT_LE_CONNECTIONLESS_IQ_REPORT, bt_hci_le_df_connectionless_iq_report,
2826 sizeof(struct bt_hci_evt_le_connectionless_iq_report)),
2827 #endif /* CONFIG_BT_DF_CONNECTIONLESS_CTE_RX */
2828 #if defined(CONFIG_BT_DF_CONNECTION_CTE_RX)
2829 EVENT_HANDLER(BT_HCI_EVT_LE_CONNECTION_IQ_REPORT, bt_hci_le_df_connection_iq_report,
2830 sizeof(struct bt_hci_evt_le_connection_iq_report)),
2831 #endif /* CONFIG_BT_DF_CONNECTION_CTE_RX */
2832 #if defined(CONFIG_BT_DF_CONNECTION_CTE_REQ)
2833 EVENT_HANDLER(BT_HCI_EVT_LE_CTE_REQUEST_FAILED, bt_hci_le_df_cte_req_failed,
2834 sizeof(struct bt_hci_evt_le_cte_req_failed)),
2835 #endif /* CONFIG_BT_DF_CONNECTION_CTE_REQ */
2836 #if defined(CONFIG_BT_TRANSMIT_POWER_CONTROL)
2837 EVENT_HANDLER(BT_HCI_EVT_LE_TRANSMIT_POWER_REPORT, bt_hci_le_transmit_power_report,
2838 sizeof(struct bt_hci_evt_le_transmit_power_report)),
2839 #endif /* CONFIG_BT_TRANSMIT_POWER_CONTROL */
2840 #if defined(CONFIG_BT_PATH_LOSS_MONITORING)
2841 EVENT_HANDLER(BT_HCI_EVT_LE_PATH_LOSS_THRESHOLD, bt_hci_le_path_loss_threshold_event,
2842 sizeof(struct bt_hci_evt_le_path_loss_threshold)),
2843 #endif /* CONFIG_BT_PATH_LOSS_MONITORING */
2844 #if defined(CONFIG_BT_SUBRATING)
2845 EVENT_HANDLER(BT_HCI_EVT_LE_SUBRATE_CHANGE, bt_hci_le_subrate_change_event,
2846 sizeof(struct bt_hci_evt_le_subrate_change)),
2847 #endif /* CONFIG_BT_PATH_LOSS_MONITORING */
2848 #if defined(CONFIG_BT_PER_ADV_SYNC_RSP)
2849 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADVERTISING_REPORT_V2, bt_hci_le_per_adv_report_v2,
2850 sizeof(struct bt_hci_evt_le_per_advertising_report_v2)),
2851 #if defined(CONFIG_BT_PER_ADV_SYNC_TRANSFER_RECEIVER)
2852 EVENT_HANDLER(BT_HCI_EVT_LE_PAST_RECEIVED_V2, bt_hci_le_past_received_v2,
2853 sizeof(struct bt_hci_evt_le_past_received_v2)),
2854 #endif /* CONFIG_BT_PER_ADV_SYNC_TRANSFER_RECEIVER */
2855 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_SYNC_ESTABLISHED_V2,
2856 bt_hci_le_per_adv_sync_established_v2,
2857 sizeof(struct bt_hci_evt_le_per_adv_sync_established_v2)),
2858 #endif /* CONFIG_BT_PER_ADV_SYNC_RSP */
2859 #if defined(CONFIG_BT_PER_ADV_RSP)
2860 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_SUBEVENT_DATA_REQUEST,
2861 bt_hci_le_per_adv_subevent_data_request,
2862 sizeof(struct bt_hci_evt_le_per_adv_subevent_data_request)),
2863 EVENT_HANDLER(BT_HCI_EVT_LE_PER_ADV_RESPONSE_REPORT, bt_hci_le_per_adv_response_report,
2864 sizeof(struct bt_hci_evt_le_per_adv_response_report)),
2865 #endif /* CONFIG_BT_PER_ADV_RSP */
2866 #if defined(CONFIG_BT_CONN)
2867 #if defined(CONFIG_BT_PER_ADV_RSP) || defined(CONFIG_BT_PER_ADV_SYNC_RSP)
2868 EVENT_HANDLER(BT_HCI_EVT_LE_ENH_CONN_COMPLETE_V2, le_enh_conn_complete_v2,
2869 sizeof(struct bt_hci_evt_le_enh_conn_complete_v2)),
2870 #endif /* CONFIG_BT_PER_ADV_RSP || CONFIG_BT_PER_ADV_SYNC_RSP */
2871 #endif /* CONFIG_BT_CONN */
2872 #if defined(CONFIG_BT_CHANNEL_SOUNDING)
2873 EVENT_HANDLER(BT_HCI_EVT_LE_CS_READ_REMOTE_SUPPORTED_CAPABILITIES_COMPLETE,
2874 bt_hci_le_cs_read_remote_supported_capabilities_complete,
2875 sizeof(struct bt_hci_evt_le_cs_read_remote_supported_capabilities_complete)),
2876 EVENT_HANDLER(BT_HCI_EVT_LE_CS_READ_REMOTE_FAE_TABLE_COMPLETE,
2877 bt_hci_le_cs_read_remote_fae_table_complete,
2878 sizeof(struct bt_hci_evt_le_cs_read_remote_fae_table_complete)),
2879 EVENT_HANDLER(BT_HCI_EVT_LE_CS_CONFIG_COMPLETE, bt_hci_le_cs_config_complete_event,
2880 sizeof(struct bt_hci_evt_le_cs_config_complete)),
2881 EVENT_HANDLER(BT_HCI_EVT_LE_CS_SECURITY_ENABLE_COMPLETE,
2882 bt_hci_le_cs_security_enable_complete,
2883 sizeof(struct bt_hci_evt_le_cs_security_enable_complete)),
2884 EVENT_HANDLER(BT_HCI_EVT_LE_CS_PROCEDURE_ENABLE_COMPLETE,
2885 bt_hci_le_cs_procedure_enable_complete,
2886 sizeof(struct bt_hci_evt_le_cs_procedure_enable_complete)),
2887 EVENT_HANDLER(BT_HCI_EVT_LE_CS_SUBEVENT_RESULT,
2888 bt_hci_le_cs_subevent_result,
2889 sizeof(struct bt_hci_evt_le_cs_subevent_result)),
2890 EVENT_HANDLER(BT_HCI_EVT_LE_CS_SUBEVENT_RESULT_CONTINUE,
2891 bt_hci_le_cs_subevent_result_continue,
2892 sizeof(struct bt_hci_evt_le_cs_subevent_result_continue)),
2893 #if defined(CONFIG_BT_CHANNEL_SOUNDING_TEST)
2894 EVENT_HANDLER(BT_HCI_EVT_LE_CS_TEST_END_COMPLETE,
2895 bt_hci_le_cs_test_end_complete,
2896 sizeof(struct bt_hci_evt_le_cs_test_end_complete)),
2897 #endif /* CONFIG_BT_CHANNEL_SOUNDING_TEST */
2898 #endif /* CONFIG_BT_CHANNEL_SOUNDING */
2899
2900 };
2901
hci_le_meta_event(struct net_buf * buf)2902 static void hci_le_meta_event(struct net_buf *buf)
2903 {
2904 struct bt_hci_evt_le_meta_event *evt;
2905
2906 evt = net_buf_pull_mem(buf, sizeof(*evt));
2907
2908 LOG_DBG("subevent 0x%02x", evt->subevent);
2909
2910 handle_event(evt->subevent, buf, meta_events, ARRAY_SIZE(meta_events));
2911 }
2912
2913 static const struct event_handler normal_events[] = {
2914 EVENT_HANDLER(BT_HCI_EVT_VENDOR, hci_vendor_event,
2915 sizeof(struct bt_hci_evt_vs)),
2916 EVENT_HANDLER(BT_HCI_EVT_LE_META_EVENT, hci_le_meta_event,
2917 sizeof(struct bt_hci_evt_le_meta_event)),
2918 #if defined(CONFIG_BT_CLASSIC)
2919 EVENT_HANDLER(BT_HCI_EVT_CONN_REQUEST, bt_hci_conn_req,
2920 sizeof(struct bt_hci_evt_conn_request)),
2921 EVENT_HANDLER(BT_HCI_EVT_CONN_COMPLETE, bt_hci_conn_complete,
2922 sizeof(struct bt_hci_evt_conn_complete)),
2923 EVENT_HANDLER(BT_HCI_EVT_PIN_CODE_REQ, bt_hci_pin_code_req,
2924 sizeof(struct bt_hci_evt_pin_code_req)),
2925 EVENT_HANDLER(BT_HCI_EVT_LINK_KEY_NOTIFY, bt_hci_link_key_notify,
2926 sizeof(struct bt_hci_evt_link_key_notify)),
2927 EVENT_HANDLER(BT_HCI_EVT_LINK_KEY_REQ, bt_hci_link_key_req,
2928 sizeof(struct bt_hci_evt_link_key_req)),
2929 EVENT_HANDLER(BT_HCI_EVT_IO_CAPA_RESP, bt_hci_io_capa_resp,
2930 sizeof(struct bt_hci_evt_io_capa_resp)),
2931 EVENT_HANDLER(BT_HCI_EVT_IO_CAPA_REQ, bt_hci_io_capa_req,
2932 sizeof(struct bt_hci_evt_io_capa_req)),
2933 EVENT_HANDLER(BT_HCI_EVT_SSP_COMPLETE, bt_hci_ssp_complete,
2934 sizeof(struct bt_hci_evt_ssp_complete)),
2935 EVENT_HANDLER(BT_HCI_EVT_USER_CONFIRM_REQ, bt_hci_user_confirm_req,
2936 sizeof(struct bt_hci_evt_user_confirm_req)),
2937 EVENT_HANDLER(BT_HCI_EVT_USER_PASSKEY_NOTIFY,
2938 bt_hci_user_passkey_notify,
2939 sizeof(struct bt_hci_evt_user_passkey_notify)),
2940 EVENT_HANDLER(BT_HCI_EVT_USER_PASSKEY_REQ, bt_hci_user_passkey_req,
2941 sizeof(struct bt_hci_evt_user_passkey_req)),
2942 EVENT_HANDLER(BT_HCI_EVT_INQUIRY_COMPLETE, bt_hci_inquiry_complete,
2943 sizeof(struct bt_hci_evt_inquiry_complete)),
2944 EVENT_HANDLER(BT_HCI_EVT_INQUIRY_RESULT_WITH_RSSI,
2945 bt_hci_inquiry_result_with_rssi,
2946 sizeof(struct bt_hci_evt_inquiry_result_with_rssi)),
2947 EVENT_HANDLER(BT_HCI_EVT_EXTENDED_INQUIRY_RESULT,
2948 bt_hci_extended_inquiry_result,
2949 sizeof(struct bt_hci_evt_extended_inquiry_result)),
2950 EVENT_HANDLER(BT_HCI_EVT_REMOTE_NAME_REQ_COMPLETE,
2951 bt_hci_remote_name_request_complete,
2952 sizeof(struct bt_hci_evt_remote_name_req_complete)),
2953 EVENT_HANDLER(BT_HCI_EVT_AUTH_COMPLETE, bt_hci_auth_complete,
2954 sizeof(struct bt_hci_evt_auth_complete)),
2955 EVENT_HANDLER(BT_HCI_EVT_REMOTE_FEATURES,
2956 bt_hci_read_remote_features_complete,
2957 sizeof(struct bt_hci_evt_remote_features)),
2958 EVENT_HANDLER(BT_HCI_EVT_REMOTE_EXT_FEATURES,
2959 bt_hci_read_remote_ext_features_complete,
2960 sizeof(struct bt_hci_evt_remote_ext_features)),
2961 EVENT_HANDLER(BT_HCI_EVT_ROLE_CHANGE, bt_hci_role_change,
2962 sizeof(struct bt_hci_evt_role_change)),
2963 EVENT_HANDLER(BT_HCI_EVT_SYNC_CONN_COMPLETE, bt_hci_synchronous_conn_complete,
2964 sizeof(struct bt_hci_evt_sync_conn_complete)),
2965 #endif /* CONFIG_BT_CLASSIC */
2966 #if defined(CONFIG_BT_CONN)
2967 EVENT_HANDLER(BT_HCI_EVT_DISCONN_COMPLETE, hci_disconn_complete,
2968 sizeof(struct bt_hci_evt_disconn_complete)),
2969 #endif /* CONFIG_BT_CONN */
2970 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC)
2971 EVENT_HANDLER(BT_HCI_EVT_ENCRYPT_CHANGE, hci_encrypt_change,
2972 sizeof(struct bt_hci_evt_encrypt_change)),
2973 EVENT_HANDLER(BT_HCI_EVT_ENCRYPT_KEY_REFRESH_COMPLETE,
2974 hci_encrypt_key_refresh_complete,
2975 sizeof(struct bt_hci_evt_encrypt_key_refresh_complete)),
2976 #endif /* CONFIG_BT_SMP || CONFIG_BT_CLASSIC */
2977 #if defined(CONFIG_BT_REMOTE_VERSION)
2978 EVENT_HANDLER(BT_HCI_EVT_REMOTE_VERSION_INFO,
2979 bt_hci_evt_read_remote_version_complete,
2980 sizeof(struct bt_hci_evt_remote_version_info)),
2981 #endif /* CONFIG_BT_REMOTE_VERSION */
2982 EVENT_HANDLER(BT_HCI_EVT_HARDWARE_ERROR, hci_hardware_error,
2983 sizeof(struct bt_hci_evt_hardware_error)),
2984 };
2985
2986
2987 #define BT_HCI_EVT_FLAG_RECV_PRIO BIT(0)
2988 #define BT_HCI_EVT_FLAG_RECV BIT(1)
2989
2990 /** @brief Get HCI event flags.
2991 *
2992 * Helper for the HCI driver to get HCI event flags that describes rules that.
2993 * must be followed.
2994 *
2995 * @param evt HCI event code.
2996 *
2997 * @return HCI event flags for the specified event.
2998 */
bt_hci_evt_get_flags(uint8_t evt)2999 static inline uint8_t bt_hci_evt_get_flags(uint8_t evt)
3000 {
3001 switch (evt) {
3002 case BT_HCI_EVT_DISCONN_COMPLETE:
3003 return BT_HCI_EVT_FLAG_RECV | BT_HCI_EVT_FLAG_RECV_PRIO;
3004 /* fallthrough */
3005 #if defined(CONFIG_BT_CONN) || defined(CONFIG_BT_ISO)
3006 case BT_HCI_EVT_NUM_COMPLETED_PACKETS:
3007 #if defined(CONFIG_BT_CONN)
3008 case BT_HCI_EVT_DATA_BUF_OVERFLOW:
3009 __fallthrough;
3010 #endif /* defined(CONFIG_BT_CONN) */
3011 #endif /* CONFIG_BT_CONN || CONFIG_BT_ISO */
3012 case BT_HCI_EVT_CMD_COMPLETE:
3013 case BT_HCI_EVT_CMD_STATUS:
3014 return BT_HCI_EVT_FLAG_RECV_PRIO;
3015 default:
3016 return BT_HCI_EVT_FLAG_RECV;
3017 }
3018 }
3019
hci_event(struct net_buf * buf)3020 static void hci_event(struct net_buf *buf)
3021 {
3022 struct bt_hci_evt_hdr *hdr;
3023
3024 if (buf->len < sizeof(*hdr)) {
3025 LOG_ERR("Invalid HCI event size (%u)", buf->len);
3026 net_buf_unref(buf);
3027 return;
3028 }
3029
3030 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
3031 LOG_DBG("event 0x%02x", hdr->evt);
3032 BT_ASSERT(bt_hci_evt_get_flags(hdr->evt) & BT_HCI_EVT_FLAG_RECV);
3033
3034 handle_event(hdr->evt, buf, normal_events, ARRAY_SIZE(normal_events));
3035
3036 net_buf_unref(buf);
3037 }
3038
hci_core_send_cmd(void)3039 static void hci_core_send_cmd(void)
3040 {
3041 struct net_buf *buf;
3042 int err;
3043
3044 /* Get next command */
3045 LOG_DBG("fetch cmd");
3046 buf = k_fifo_get(&bt_dev.cmd_tx_queue, K_NO_WAIT);
3047 BT_ASSERT(buf);
3048
3049 /* Clear out any existing sent command */
3050 if (bt_dev.sent_cmd) {
3051 LOG_ERR("Uncleared pending sent_cmd");
3052 net_buf_unref(bt_dev.sent_cmd);
3053 bt_dev.sent_cmd = NULL;
3054 }
3055
3056 bt_dev.sent_cmd = net_buf_ref(buf);
3057
3058 LOG_DBG("Sending command 0x%04x (buf %p) to driver", cmd(buf)->opcode, buf);
3059
3060 err = bt_send(buf);
3061 if (err) {
3062 LOG_ERR("Unable to send to driver (err %d)", err);
3063 k_sem_give(&bt_dev.ncmd_sem);
3064 hci_cmd_done(cmd(buf)->opcode, BT_HCI_ERR_UNSPECIFIED, buf);
3065 net_buf_unref(buf);
3066 bt_tx_irq_raise();
3067 }
3068 }
3069
3070 #if defined(CONFIG_BT_CONN)
3071 #if defined(CONFIG_BT_ISO)
3072 /* command FIFO + conn_change signal + MAX_CONN + ISO_MAX_CHAN */
3073 #define EV_COUNT (2 + CONFIG_BT_MAX_CONN + CONFIG_BT_ISO_MAX_CHAN)
3074 #else
3075 /* command FIFO + conn_change signal + MAX_CONN */
3076 #define EV_COUNT (2 + CONFIG_BT_MAX_CONN)
3077 #endif /* CONFIG_BT_ISO */
3078 #else
3079 #if defined(CONFIG_BT_ISO)
3080 /* command FIFO + conn_change signal + ISO_MAX_CHAN */
3081 #define EV_COUNT (2 + CONFIG_BT_ISO_MAX_CHAN)
3082 #else
3083 /* command FIFO */
3084 #define EV_COUNT 1
3085 #endif /* CONFIG_BT_ISO */
3086 #endif /* CONFIG_BT_CONN */
3087
read_local_ver_complete(struct net_buf * buf)3088 static void read_local_ver_complete(struct net_buf *buf)
3089 {
3090 struct bt_hci_rp_read_local_version_info *rp = (void *)buf->data;
3091
3092 LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3093
3094 bt_dev.hci_version = rp->hci_version;
3095 bt_dev.hci_revision = sys_le16_to_cpu(rp->hci_revision);
3096 bt_dev.lmp_version = rp->lmp_version;
3097 bt_dev.lmp_subversion = sys_le16_to_cpu(rp->lmp_subversion);
3098 bt_dev.manufacturer = sys_le16_to_cpu(rp->manufacturer);
3099 }
3100
read_le_features_complete(struct net_buf * buf)3101 static void read_le_features_complete(struct net_buf *buf)
3102 {
3103 struct bt_hci_rp_le_read_local_features *rp = (void *)buf->data;
3104
3105 LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3106
3107 memcpy(bt_dev.le.features, rp->features, sizeof(bt_dev.le.features));
3108 }
3109
3110 #if defined(CONFIG_BT_CONN)
3111 #if !defined(CONFIG_BT_CLASSIC)
read_buffer_size_complete(struct net_buf * buf)3112 static void read_buffer_size_complete(struct net_buf *buf)
3113 {
3114 struct bt_hci_rp_read_buffer_size *rp = (void *)buf->data;
3115 uint16_t pkts;
3116
3117 LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3118
3119 /* If LE-side has buffers we can ignore the BR/EDR values */
3120 if (bt_dev.le.acl_mtu) {
3121 return;
3122 }
3123
3124 bt_dev.le.acl_mtu = sys_le16_to_cpu(rp->acl_max_len);
3125 pkts = sys_le16_to_cpu(rp->acl_max_num);
3126
3127 LOG_DBG("ACL BR/EDR buffers: pkts %u mtu %u", pkts, bt_dev.le.acl_mtu);
3128
3129 k_sem_init(&bt_dev.le.acl_pkts, pkts, pkts);
3130 }
3131 #endif /* !defined(CONFIG_BT_CLASSIC) */
3132 #endif /* CONFIG_BT_CONN */
3133
le_read_buffer_size_complete(struct net_buf * buf)3134 static void le_read_buffer_size_complete(struct net_buf *buf)
3135 {
3136 struct bt_hci_rp_le_read_buffer_size *rp = (void *)buf->data;
3137
3138 LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3139
3140 #if defined(CONFIG_BT_CONN)
3141 uint16_t acl_mtu = sys_le16_to_cpu(rp->le_max_len);
3142
3143 if (!acl_mtu || !rp->le_max_num) {
3144 return;
3145 }
3146
3147 bt_dev.le.acl_mtu = acl_mtu;
3148
3149 LOG_DBG("ACL LE buffers: pkts %u mtu %u", rp->le_max_num, bt_dev.le.acl_mtu);
3150
3151 k_sem_init(&bt_dev.le.acl_pkts, rp->le_max_num, rp->le_max_num);
3152 #endif /* CONFIG_BT_CONN */
3153 }
3154
read_buffer_size_v2_complete(struct net_buf * buf)3155 static void read_buffer_size_v2_complete(struct net_buf *buf)
3156 {
3157 #if defined(CONFIG_BT_ISO)
3158 struct bt_hci_rp_le_read_buffer_size_v2 *rp = (void *)buf->data;
3159
3160 LOG_DBG("status %u %s", rp->status, bt_hci_err_to_str(rp->status));
3161
3162 #if defined(CONFIG_BT_CONN)
3163 uint16_t acl_mtu = sys_le16_to_cpu(rp->acl_max_len);
3164
3165 if (acl_mtu && rp->acl_max_num) {
3166 bt_dev.le.acl_mtu = acl_mtu;
3167 LOG_DBG("ACL LE buffers: pkts %u mtu %u", rp->acl_max_num, bt_dev.le.acl_mtu);
3168
3169 k_sem_init(&bt_dev.le.acl_pkts, rp->acl_max_num, rp->acl_max_num);
3170 }
3171 #endif /* CONFIG_BT_CONN */
3172
3173 uint16_t iso_mtu = sys_le16_to_cpu(rp->iso_max_len);
3174
3175 if (!iso_mtu || !rp->iso_max_num) {
3176 LOG_ERR("ISO buffer size not set");
3177 return;
3178 }
3179
3180 bt_dev.le.iso_mtu = iso_mtu;
3181
3182 LOG_DBG("ISO buffers: pkts %u mtu %u", rp->iso_max_num, bt_dev.le.iso_mtu);
3183
3184 k_sem_init(&bt_dev.le.iso_pkts, rp->iso_max_num, rp->iso_max_num);
3185 bt_dev.le.iso_limit = rp->iso_max_num;
3186 #endif /* CONFIG_BT_ISO */
3187 }
3188
le_set_host_feature(uint8_t bit_number,uint8_t bit_value)3189 static int le_set_host_feature(uint8_t bit_number, uint8_t bit_value)
3190 {
3191 struct bt_hci_cp_le_set_host_feature *cp;
3192 struct net_buf *buf;
3193
3194 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_HOST_FEATURE, sizeof(*cp));
3195 if (!buf) {
3196 return -ENOBUFS;
3197 }
3198
3199 cp = net_buf_add(buf, sizeof(*cp));
3200 cp->bit_number = bit_number;
3201 cp->bit_value = bit_value;
3202
3203 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_HOST_FEATURE, buf, NULL);
3204 }
3205
read_supported_commands_complete(struct net_buf * buf)3206 static void read_supported_commands_complete(struct net_buf *buf)
3207 {
3208 struct bt_hci_rp_read_supported_commands *rp = (void *)buf->data;
3209
3210 LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3211
3212 memcpy(bt_dev.supported_commands, rp->commands,
3213 sizeof(bt_dev.supported_commands));
3214
3215 /* Report additional HCI commands used for ECDH as
3216 * supported if PSA Crypto API ECC is used for emulation.
3217 */
3218 if (IS_ENABLED(CONFIG_BT_SEND_ECC_EMULATION)) {
3219 bt_hci_ecc_supported_commands(bt_dev.supported_commands);
3220 }
3221 }
3222
read_local_features_complete(struct net_buf * buf)3223 static void read_local_features_complete(struct net_buf *buf)
3224 {
3225 struct bt_hci_rp_read_local_features *rp = (void *)buf->data;
3226
3227 LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3228
3229 memcpy(bt_dev.features[0], rp->features, sizeof(bt_dev.features[0]));
3230 }
3231
le_read_supp_states_complete(struct net_buf * buf)3232 static void le_read_supp_states_complete(struct net_buf *buf)
3233 {
3234 struct bt_hci_rp_le_read_supp_states *rp = (void *)buf->data;
3235
3236 LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3237
3238 bt_dev.le.states = sys_get_le64(rp->le_states);
3239 }
3240
3241 #if defined(CONFIG_BT_BROADCASTER)
le_read_maximum_adv_data_len_complete(struct net_buf * buf)3242 static void le_read_maximum_adv_data_len_complete(struct net_buf *buf)
3243 {
3244 struct bt_hci_rp_le_read_max_adv_data_len *rp = (void *)buf->data;
3245
3246 LOG_DBG("status 0x%02x %s", rp->status, bt_hci_err_to_str(rp->status));
3247
3248 bt_dev.le.max_adv_data_len = sys_le16_to_cpu(rp->max_adv_data_len);
3249 }
3250 #endif /* CONFIG_BT_BROADCASTER */
3251
3252 #if defined(CONFIG_BT_SMP)
le_read_resolving_list_size_complete(struct net_buf * buf)3253 static void le_read_resolving_list_size_complete(struct net_buf *buf)
3254 {
3255 struct bt_hci_rp_le_read_rl_size *rp = (void *)buf->data;
3256
3257 LOG_DBG("Resolving List size %u", rp->rl_size);
3258
3259 bt_dev.le.rl_size = rp->rl_size;
3260 }
3261 #endif /* defined(CONFIG_BT_SMP) */
3262
common_init(void)3263 static int common_init(void)
3264 {
3265 struct net_buf *rsp;
3266 int err;
3267
3268 if (!drv_quirk_no_reset()) {
3269 /* Send HCI_RESET */
3270 err = bt_hci_cmd_send_sync(BT_HCI_OP_RESET, NULL, &rsp);
3271 if (err) {
3272 return err;
3273 }
3274 hci_reset_complete(rsp);
3275 net_buf_unref(rsp);
3276 }
3277
3278 /* Read Local Supported Features */
3279 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_LOCAL_FEATURES, NULL, &rsp);
3280 if (err) {
3281 return err;
3282 }
3283 read_local_features_complete(rsp);
3284 net_buf_unref(rsp);
3285
3286 /* Read Local Version Information */
3287 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_LOCAL_VERSION_INFO, NULL,
3288 &rsp);
3289 if (err) {
3290 return err;
3291 }
3292 read_local_ver_complete(rsp);
3293 net_buf_unref(rsp);
3294
3295 /* Read Local Supported Commands */
3296 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_SUPPORTED_COMMANDS, NULL,
3297 &rsp);
3298 if (err) {
3299 return err;
3300 }
3301 read_supported_commands_complete(rsp);
3302 net_buf_unref(rsp);
3303
3304 if (IS_ENABLED(CONFIG_BT_HOST_CRYPTO_PRNG)) {
3305 /* Initialize the PRNG so that it is safe to use it later
3306 * on in the initialization process.
3307 */
3308 err = prng_init();
3309 if (err) {
3310 return err;
3311 }
3312 }
3313
3314 #if defined(CONFIG_BT_HCI_ACL_FLOW_CONTROL)
3315 err = set_flow_control();
3316 if (err) {
3317 return err;
3318 }
3319 #endif /* CONFIG_BT_HCI_ACL_FLOW_CONTROL */
3320
3321 return 0;
3322 }
3323
le_set_event_mask(void)3324 static int le_set_event_mask(void)
3325 {
3326 struct bt_hci_cp_le_set_event_mask *cp_mask;
3327 struct net_buf *buf;
3328 uint64_t mask = 0U;
3329
3330 /* Set LE event mask */
3331 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_EVENT_MASK, sizeof(*cp_mask));
3332 if (!buf) {
3333 return -ENOBUFS;
3334 }
3335
3336 cp_mask = net_buf_add(buf, sizeof(*cp_mask));
3337
3338 mask |= BT_EVT_MASK_LE_ADVERTISING_REPORT;
3339
3340 if (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
3341 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
3342 mask |= BT_EVT_MASK_LE_ADV_SET_TERMINATED;
3343 mask |= BT_EVT_MASK_LE_SCAN_REQ_RECEIVED;
3344 mask |= BT_EVT_MASK_LE_EXT_ADVERTISING_REPORT;
3345 mask |= BT_EVT_MASK_LE_SCAN_TIMEOUT;
3346 if (IS_ENABLED(CONFIG_BT_PER_ADV_SYNC)) {
3347 mask |= BT_EVT_MASK_LE_PER_ADV_SYNC_ESTABLISHED;
3348 mask |= BT_EVT_MASK_LE_PER_ADVERTISING_REPORT;
3349 mask |= BT_EVT_MASK_LE_PER_ADV_SYNC_LOST;
3350 mask |= BT_EVT_MASK_LE_PAST_RECEIVED;
3351 }
3352 }
3353
3354 if (IS_ENABLED(CONFIG_BT_CONN)) {
3355 if ((IS_ENABLED(CONFIG_BT_SMP) &&
3356 BT_FEAT_LE_PRIVACY(bt_dev.le.features)) ||
3357 (IS_ENABLED(CONFIG_BT_EXT_ADV) &&
3358 BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features))) {
3359 /* C24:
3360 * Mandatory if the LE Controller supports Connection
3361 * State and either LE Feature (LL Privacy) or
3362 * LE Feature (Extended Advertising) is supported, ...
3363 */
3364 mask |= BT_EVT_MASK_LE_ENH_CONN_COMPLETE;
3365 } else {
3366 mask |= BT_EVT_MASK_LE_CONN_COMPLETE;
3367 }
3368
3369 mask |= BT_EVT_MASK_LE_CONN_UPDATE_COMPLETE;
3370 mask |= BT_EVT_MASK_LE_REMOTE_FEAT_COMPLETE;
3371
3372 if (BT_FEAT_LE_CONN_PARAM_REQ_PROC(bt_dev.le.features)) {
3373 mask |= BT_EVT_MASK_LE_CONN_PARAM_REQ;
3374 }
3375
3376 if (IS_ENABLED(CONFIG_BT_DATA_LEN_UPDATE) &&
3377 BT_FEAT_LE_DLE(bt_dev.le.features)) {
3378 mask |= BT_EVT_MASK_LE_DATA_LEN_CHANGE;
3379 }
3380
3381 if (IS_ENABLED(CONFIG_BT_PHY_UPDATE) &&
3382 (BT_FEAT_LE_PHY_2M(bt_dev.le.features) ||
3383 BT_FEAT_LE_PHY_CODED(bt_dev.le.features))) {
3384 mask |= BT_EVT_MASK_LE_PHY_UPDATE_COMPLETE;
3385 }
3386 if (IS_ENABLED(CONFIG_BT_TRANSMIT_POWER_CONTROL)) {
3387 mask |= BT_EVT_MASK_LE_TRANSMIT_POWER_REPORTING;
3388 }
3389
3390 if (IS_ENABLED(CONFIG_BT_PATH_LOSS_MONITORING)) {
3391 mask |= BT_EVT_MASK_LE_PATH_LOSS_THRESHOLD;
3392 }
3393
3394 if (IS_ENABLED(CONFIG_BT_SUBRATING) &&
3395 BT_FEAT_LE_CONN_SUBRATING(bt_dev.le.features)) {
3396 mask |= BT_EVT_MASK_LE_SUBRATE_CHANGE;
3397 }
3398 }
3399
3400 if (IS_ENABLED(CONFIG_BT_SMP) &&
3401 BT_FEAT_LE_ENCR(bt_dev.le.features)) {
3402 mask |= BT_EVT_MASK_LE_LTK_REQUEST;
3403 }
3404
3405 /*
3406 * If "LE Read Local P-256 Public Key" and "LE Generate DH Key" are
3407 * supported we need to enable events generated by those commands.
3408 */
3409 if (IS_ENABLED(CONFIG_BT_ECC) &&
3410 (BT_CMD_TEST(bt_dev.supported_commands, 34, 1)) &&
3411 (BT_CMD_TEST(bt_dev.supported_commands, 34, 2))) {
3412 mask |= BT_EVT_MASK_LE_P256_PUBLIC_KEY_COMPLETE;
3413 mask |= BT_EVT_MASK_LE_GENERATE_DHKEY_COMPLETE;
3414 }
3415
3416 /*
3417 * Enable CIS events only if ISO connections are enabled and controller
3418 * support them.
3419 */
3420 if (IS_ENABLED(CONFIG_BT_ISO) &&
3421 BT_FEAT_LE_CIS(bt_dev.le.features)) {
3422 mask |= BT_EVT_MASK_LE_CIS_ESTABLISHED;
3423 mask |= BT_EVT_MASK_LE_CIS_ESTABLISHED_V2;
3424 if (BT_FEAT_LE_CIS_PERIPHERAL(bt_dev.le.features)) {
3425 mask |= BT_EVT_MASK_LE_CIS_REQ;
3426 }
3427 }
3428
3429 /* Enable BIS events for broadcaster and/or receiver */
3430 if (IS_ENABLED(CONFIG_BT_ISO) && BT_FEAT_LE_BIS(bt_dev.le.features)) {
3431 if (IS_ENABLED(CONFIG_BT_ISO_BROADCASTER) &&
3432 BT_FEAT_LE_ISO_BROADCASTER(bt_dev.le.features)) {
3433 mask |= BT_EVT_MASK_LE_BIG_COMPLETE;
3434 mask |= BT_EVT_MASK_LE_BIG_TERMINATED;
3435 }
3436 if (IS_ENABLED(CONFIG_BT_ISO_SYNC_RECEIVER) &&
3437 BT_FEAT_LE_SYNC_RECEIVER(bt_dev.le.features)) {
3438 mask |= BT_EVT_MASK_LE_BIG_SYNC_ESTABLISHED;
3439 mask |= BT_EVT_MASK_LE_BIG_SYNC_LOST;
3440 mask |= BT_EVT_MASK_LE_BIGINFO_ADV_REPORT;
3441 }
3442 }
3443
3444 /* Enable IQ samples report events receiver */
3445 if (IS_ENABLED(CONFIG_BT_DF_CONNECTIONLESS_CTE_RX)) {
3446 mask |= BT_EVT_MASK_LE_CONNECTIONLESS_IQ_REPORT;
3447 }
3448
3449 if (IS_ENABLED(CONFIG_BT_DF_CONNECTION_CTE_RX)) {
3450 mask |= BT_EVT_MASK_LE_CONNECTION_IQ_REPORT;
3451 mask |= BT_EVT_MASK_LE_CTE_REQUEST_FAILED;
3452 }
3453
3454 if (IS_ENABLED(CONFIG_BT_PER_ADV_RSP)) {
3455 mask |= BT_EVT_MASK_LE_PER_ADV_SUBEVENT_DATA_REQ;
3456 mask |= BT_EVT_MASK_LE_PER_ADV_RESPONSE_REPORT;
3457 }
3458
3459 if (IS_ENABLED(CONFIG_BT_PER_ADV_SYNC_RSP)) {
3460 mask |= BT_EVT_MASK_LE_PER_ADVERTISING_REPORT_V2;
3461 mask |= BT_EVT_MASK_LE_PER_ADV_SYNC_ESTABLISHED_V2;
3462 mask |= BT_EVT_MASK_LE_PAST_RECEIVED_V2;
3463 }
3464
3465 if (IS_ENABLED(CONFIG_BT_CONN) &&
3466 (IS_ENABLED(CONFIG_BT_PER_ADV_RSP) || IS_ENABLED(CONFIG_BT_PER_ADV_SYNC_RSP))) {
3467 mask |= BT_EVT_MASK_LE_ENH_CONN_COMPLETE_V2;
3468 }
3469
3470
3471 if (IS_ENABLED(CONFIG_BT_CHANNEL_SOUNDING) &&
3472 BT_FEAT_LE_CHANNEL_SOUNDING(bt_dev.le.features)) {
3473 mask |= BT_EVT_MASK_LE_CS_READ_REMOTE_SUPPORTED_CAPABILITIES_COMPLETE;
3474 mask |= BT_EVT_MASK_LE_CS_READ_REMOTE_FAE_TABLE_COMPLETE;
3475 mask |= BT_EVT_MASK_LE_CS_CONFIG_COMPLETE;
3476 mask |= BT_EVT_MASK_LE_CS_SECURITY_ENABLE_COMPLETE;
3477 mask |= BT_EVT_MASK_LE_CS_PROCEDURE_ENABLE_COMPLETE;
3478 mask |= BT_EVT_MASK_LE_CS_SUBEVENT_RESULT;
3479 mask |= BT_EVT_MASK_LE_CS_SUBEVENT_RESULT_CONTINUE;
3480 mask |= BT_EVT_MASK_LE_CS_TEST_END_COMPLETE;
3481 }
3482
3483 sys_put_le64(mask, cp_mask->events);
3484 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_EVENT_MASK, buf, NULL);
3485 }
3486
le_init_iso(void)3487 static int le_init_iso(void)
3488 {
3489 int err;
3490 struct net_buf *rsp;
3491
3492 if (IS_ENABLED(CONFIG_BT_ISO_UNICAST)) {
3493 /* Set Connected Isochronous Streams - Host support */
3494 err = le_set_host_feature(BT_LE_FEAT_BIT_ISO_CHANNELS, 1);
3495 if (err) {
3496 return err;
3497 }
3498 }
3499
3500 /* Octet 41, bit 5 is read buffer size V2 */
3501 if (BT_CMD_TEST(bt_dev.supported_commands, 41, 5)) {
3502 /* Read ISO Buffer Size V2 */
3503 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_BUFFER_SIZE_V2,
3504 NULL, &rsp);
3505 if (err) {
3506 return err;
3507 }
3508
3509 read_buffer_size_v2_complete(rsp);
3510
3511 net_buf_unref(rsp);
3512 } else if (IS_ENABLED(CONFIG_BT_CONN_TX)) {
3513 if (IS_ENABLED(CONFIG_BT_ISO_TX)) {
3514 LOG_WRN("Read Buffer Size V2 command is not supported. "
3515 "No ISO TX buffers will be available");
3516 }
3517
3518 /* Read LE Buffer Size in the case that we support ACL without TX ISO (e.g. if we
3519 * only support ISO sync receiver).
3520 */
3521 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_BUFFER_SIZE,
3522 NULL, &rsp);
3523 if (err) {
3524 return err;
3525 }
3526
3527 le_read_buffer_size_complete(rsp);
3528
3529 net_buf_unref(rsp);
3530 }
3531
3532 return 0;
3533 }
3534
le_init(void)3535 static int le_init(void)
3536 {
3537 struct bt_hci_cp_write_le_host_supp *cp_le;
3538 struct net_buf *buf, *rsp;
3539 int err;
3540
3541 /* For now we only support LE capable controllers */
3542 if (!BT_FEAT_LE(bt_dev.features)) {
3543 LOG_ERR("Non-LE capable controller detected!");
3544 return -ENODEV;
3545 }
3546
3547 /* Read Low Energy Supported Features */
3548 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_LOCAL_FEATURES, NULL,
3549 &rsp);
3550 if (err) {
3551 return err;
3552 }
3553
3554 read_le_features_complete(rsp);
3555 net_buf_unref(rsp);
3556
3557 if (IS_ENABLED(CONFIG_BT_ISO) &&
3558 BT_FEAT_LE_ISO(bt_dev.le.features)) {
3559 err = le_init_iso();
3560 if (err) {
3561 return err;
3562 }
3563 } else if (IS_ENABLED(CONFIG_BT_CONN)) {
3564 /* Read LE Buffer Size */
3565 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_BUFFER_SIZE,
3566 NULL, &rsp);
3567 if (err) {
3568 return err;
3569 }
3570
3571 le_read_buffer_size_complete(rsp);
3572
3573 net_buf_unref(rsp);
3574 }
3575
3576 #if defined(CONFIG_BT_BROADCASTER)
3577 if (IS_ENABLED(CONFIG_BT_EXT_ADV) && BT_DEV_FEAT_LE_EXT_ADV(bt_dev.le.features)) {
3578 /* Read LE Max Adv Data Len */
3579 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_MAX_ADV_DATA_LEN, NULL, &rsp);
3580 if (err == 0) {
3581 le_read_maximum_adv_data_len_complete(rsp);
3582 net_buf_unref(rsp);
3583 } else if (err == -EIO) {
3584 LOG_WRN("Controller does not support 'LE_READ_MAX_ADV_DATA_LEN'. "
3585 "Assuming maximum length is 31 bytes.");
3586 bt_dev.le.max_adv_data_len = 31;
3587 } else {
3588 return err;
3589 }
3590 } else {
3591 bt_dev.le.max_adv_data_len = 31;
3592 }
3593 #endif /* CONFIG_BT_BROADCASTER */
3594
3595 if (BT_FEAT_BREDR(bt_dev.features)) {
3596 buf = bt_hci_cmd_create(BT_HCI_OP_LE_WRITE_LE_HOST_SUPP,
3597 sizeof(*cp_le));
3598 if (!buf) {
3599 return -ENOBUFS;
3600 }
3601
3602 cp_le = net_buf_add(buf, sizeof(*cp_le));
3603
3604 /* Explicitly enable LE for dual-mode controllers */
3605 cp_le->le = 0x01;
3606 cp_le->simul = 0x00;
3607 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_WRITE_LE_HOST_SUPP, buf,
3608 NULL);
3609 if (err) {
3610 return err;
3611 }
3612 }
3613
3614 /* Read LE Supported States */
3615 if (BT_CMD_LE_STATES(bt_dev.supported_commands)) {
3616 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_SUPP_STATES, NULL,
3617 &rsp);
3618 if (err) {
3619 return err;
3620 }
3621
3622 le_read_supp_states_complete(rsp);
3623 net_buf_unref(rsp);
3624 }
3625
3626 if (IS_ENABLED(CONFIG_BT_CONN) &&
3627 IS_ENABLED(CONFIG_BT_DATA_LEN_UPDATE) &&
3628 IS_ENABLED(CONFIG_BT_AUTO_DATA_LEN_UPDATE) &&
3629 BT_FEAT_LE_DLE(bt_dev.le.features)) {
3630 struct bt_hci_cp_le_write_default_data_len *cp;
3631 uint16_t tx_octets, tx_time;
3632
3633 err = bt_hci_le_read_max_data_len(&tx_octets, &tx_time);
3634 if (err) {
3635 return err;
3636 }
3637
3638 buf = bt_hci_cmd_create(BT_HCI_OP_LE_WRITE_DEFAULT_DATA_LEN,
3639 sizeof(*cp));
3640 if (!buf) {
3641 return -ENOBUFS;
3642 }
3643
3644 cp = net_buf_add(buf, sizeof(*cp));
3645 cp->max_tx_octets = sys_cpu_to_le16(tx_octets);
3646 cp->max_tx_time = sys_cpu_to_le16(tx_time);
3647
3648 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_WRITE_DEFAULT_DATA_LEN,
3649 buf, NULL);
3650 if (err) {
3651 return err;
3652 }
3653 }
3654
3655 #if defined(CONFIG_BT_SMP)
3656 if (BT_FEAT_LE_PRIVACY(bt_dev.le.features)) {
3657 #if defined(CONFIG_BT_PRIVACY)
3658 struct bt_hci_cp_le_set_rpa_timeout *cp;
3659
3660 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_RPA_TIMEOUT,
3661 sizeof(*cp));
3662 if (!buf) {
3663 return -ENOBUFS;
3664 }
3665
3666 cp = net_buf_add(buf, sizeof(*cp));
3667 cp->rpa_timeout = sys_cpu_to_le16(bt_dev.rpa_timeout);
3668 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_RPA_TIMEOUT, buf,
3669 NULL);
3670 if (err) {
3671 return err;
3672 }
3673 #endif /* defined(CONFIG_BT_PRIVACY) */
3674
3675 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_READ_RL_SIZE, NULL,
3676 &rsp);
3677 if (err) {
3678 return err;
3679 }
3680 le_read_resolving_list_size_complete(rsp);
3681 net_buf_unref(rsp);
3682 }
3683 #endif
3684
3685 #if defined(CONFIG_BT_DF)
3686 if (BT_FEAT_LE_CONNECTIONLESS_CTE_TX(bt_dev.le.features) ||
3687 BT_FEAT_LE_CONNECTIONLESS_CTE_RX(bt_dev.le.features) ||
3688 BT_FEAT_LE_RX_CTE(bt_dev.le.features)) {
3689 err = le_df_init();
3690 if (err) {
3691 return err;
3692 }
3693 }
3694 #endif /* CONFIG_BT_DF */
3695
3696 if (IS_ENABLED(CONFIG_BT_SUBRATING) &&
3697 BT_FEAT_LE_CONN_SUBRATING(bt_dev.le.features)) {
3698 /* Connection Subrating (Host Support) */
3699 err = le_set_host_feature(BT_LE_FEAT_BIT_CONN_SUBRATING_HOST_SUPP, 1);
3700 if (err) {
3701 return err;
3702 }
3703 }
3704
3705 if (IS_ENABLED(CONFIG_BT_CHANNEL_SOUNDING) &&
3706 BT_FEAT_LE_CHANNEL_SOUNDING(bt_dev.le.features)) {
3707 err = le_set_host_feature(BT_LE_FEAT_BIT_CHANNEL_SOUNDING_HOST, 1);
3708 if (err) {
3709 return err;
3710 }
3711 }
3712
3713 return le_set_event_mask();
3714 }
3715
3716 #if !defined(CONFIG_BT_CLASSIC)
bt_br_init(void)3717 static int bt_br_init(void)
3718 {
3719 #if defined(CONFIG_BT_CONN)
3720 struct net_buf *rsp;
3721 int err;
3722
3723 if (bt_dev.le.acl_mtu) {
3724 return 0;
3725 }
3726
3727 /* Use BR/EDR buffer size if LE reports zero buffers */
3728 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_BUFFER_SIZE, NULL, &rsp);
3729 if (err) {
3730 return err;
3731 }
3732
3733 read_buffer_size_complete(rsp);
3734 net_buf_unref(rsp);
3735 #endif /* CONFIG_BT_CONN */
3736
3737 return 0;
3738 }
3739 #endif /* !defined(CONFIG_BT_CLASSIC) */
3740
set_event_mask(void)3741 static int set_event_mask(void)
3742 {
3743 struct bt_hci_cp_set_event_mask *ev;
3744 struct net_buf *buf;
3745 uint64_t mask = 0U;
3746
3747 buf = bt_hci_cmd_create(BT_HCI_OP_SET_EVENT_MASK, sizeof(*ev));
3748 if (!buf) {
3749 return -ENOBUFS;
3750 }
3751
3752 ev = net_buf_add(buf, sizeof(*ev));
3753
3754 if (IS_ENABLED(CONFIG_BT_CLASSIC)) {
3755 /* Since we require LE support, we can count on a
3756 * Bluetooth 4.0 feature set
3757 */
3758 mask |= BT_EVT_MASK_INQUIRY_COMPLETE;
3759 mask |= BT_EVT_MASK_CONN_COMPLETE;
3760 mask |= BT_EVT_MASK_CONN_REQUEST;
3761 mask |= BT_EVT_MASK_AUTH_COMPLETE;
3762 mask |= BT_EVT_MASK_REMOTE_NAME_REQ_COMPLETE;
3763 mask |= BT_EVT_MASK_REMOTE_FEATURES;
3764 mask |= BT_EVT_MASK_ROLE_CHANGE;
3765 mask |= BT_EVT_MASK_PIN_CODE_REQ;
3766 mask |= BT_EVT_MASK_LINK_KEY_REQ;
3767 mask |= BT_EVT_MASK_LINK_KEY_NOTIFY;
3768 mask |= BT_EVT_MASK_INQUIRY_RESULT_WITH_RSSI;
3769 mask |= BT_EVT_MASK_REMOTE_EXT_FEATURES;
3770 mask |= BT_EVT_MASK_SYNC_CONN_COMPLETE;
3771 mask |= BT_EVT_MASK_EXTENDED_INQUIRY_RESULT;
3772 mask |= BT_EVT_MASK_IO_CAPA_REQ;
3773 mask |= BT_EVT_MASK_IO_CAPA_RESP;
3774 mask |= BT_EVT_MASK_USER_CONFIRM_REQ;
3775 mask |= BT_EVT_MASK_USER_PASSKEY_REQ;
3776 mask |= BT_EVT_MASK_SSP_COMPLETE;
3777 mask |= BT_EVT_MASK_USER_PASSKEY_NOTIFY;
3778 }
3779
3780 mask |= BT_EVT_MASK_HARDWARE_ERROR;
3781 mask |= BT_EVT_MASK_DATA_BUFFER_OVERFLOW;
3782 mask |= BT_EVT_MASK_LE_META_EVENT;
3783
3784 if (IS_ENABLED(CONFIG_BT_CONN)) {
3785 mask |= BT_EVT_MASK_DISCONN_COMPLETE;
3786 mask |= BT_EVT_MASK_REMOTE_VERSION_INFO;
3787 }
3788
3789 if (IS_ENABLED(CONFIG_BT_SMP) &&
3790 BT_FEAT_LE_ENCR(bt_dev.le.features)) {
3791 mask |= BT_EVT_MASK_ENCRYPT_CHANGE;
3792 mask |= BT_EVT_MASK_ENCRYPT_KEY_REFRESH_COMPLETE;
3793 }
3794
3795 sys_put_le64(mask, ev->events);
3796 return bt_hci_cmd_send_sync(BT_HCI_OP_SET_EVENT_MASK, buf, NULL);
3797 }
3798
bt_hci_get_ver_str(uint8_t core_version)3799 const char *bt_hci_get_ver_str(uint8_t core_version)
3800 {
3801 const char * const str[] = {
3802 "1.0b", "1.1", "1.2", "2.0", "2.1", "3.0", "4.0", "4.1", "4.2",
3803 "5.0", "5.1", "5.2", "5.3", "5.4", "6.0"
3804 };
3805
3806 if (core_version < ARRAY_SIZE(str)) {
3807 return str[core_version];
3808 }
3809
3810 return "unknown";
3811 }
3812
bt_dev_show_info(void)3813 static void bt_dev_show_info(void)
3814 {
3815 int i;
3816
3817 LOG_INF("Identity%s: %s", bt_dev.id_count > 1 ? "[0]" : "",
3818 bt_addr_le_str(&bt_dev.id_addr[0]));
3819
3820 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
3821 #if defined(CONFIG_BT_PRIVACY)
3822 uint8_t irk[16];
3823
3824 sys_memcpy_swap(irk, bt_dev.irk[0], 16);
3825 LOG_INF("IRK%s: 0x%s", bt_dev.id_count > 1 ? "[0]" : "", bt_hex(irk, 16));
3826 #endif
3827 }
3828
3829 for (i = 1; i < bt_dev.id_count; i++) {
3830 LOG_INF("Identity[%d]: %s", i, bt_addr_le_str(&bt_dev.id_addr[i]));
3831
3832 if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
3833 #if defined(CONFIG_BT_PRIVACY)
3834 uint8_t irk[16];
3835
3836 sys_memcpy_swap(irk, bt_dev.irk[i], 16);
3837 LOG_INF("IRK[%d]: 0x%s", i, bt_hex(irk, 16));
3838 #endif
3839 }
3840 }
3841
3842 if (IS_ENABLED(CONFIG_BT_SMP) &&
3843 IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
3844 bt_keys_foreach_type(BT_KEYS_ALL, bt_keys_show_sniffer_info, NULL);
3845 }
3846
3847 LOG_INF("HCI: version %s (0x%02x) revision 0x%04x, manufacturer 0x%04x",
3848 bt_hci_get_ver_str(bt_dev.hci_version), bt_dev.hci_version, bt_dev.hci_revision,
3849 bt_dev.manufacturer);
3850 LOG_INF("LMP: version %s (0x%02x) subver 0x%04x", bt_hci_get_ver_str(bt_dev.lmp_version),
3851 bt_dev.lmp_version, bt_dev.lmp_subversion);
3852 }
3853
3854 #if defined(CONFIG_BT_HCI_VS)
vs_hw_platform(uint16_t platform)3855 static const char *vs_hw_platform(uint16_t platform)
3856 {
3857 static const char * const plat_str[] = {
3858 "reserved", "Intel Corporation", "Nordic Semiconductor",
3859 "NXP Semiconductors" };
3860
3861 if (platform < ARRAY_SIZE(plat_str)) {
3862 return plat_str[platform];
3863 }
3864
3865 return "unknown";
3866 }
3867
vs_hw_variant(uint16_t platform,uint16_t variant)3868 static const char *vs_hw_variant(uint16_t platform, uint16_t variant)
3869 {
3870 static const char * const nordic_str[] = {
3871 "reserved", "nRF51x", "nRF52x", "nRF53x", "nRF54Hx", "nRF54Lx"
3872 };
3873
3874 if (platform != BT_HCI_VS_HW_PLAT_NORDIC) {
3875 return "unknown";
3876 }
3877
3878 if (variant < ARRAY_SIZE(nordic_str)) {
3879 return nordic_str[variant];
3880 }
3881
3882 return "unknown";
3883 }
3884
vs_fw_variant(uint8_t variant)3885 static const char *vs_fw_variant(uint8_t variant)
3886 {
3887 static const char * const var_str[] = {
3888 "Standard Bluetooth controller",
3889 "Vendor specific controller",
3890 "Firmware loader",
3891 "Rescue image",
3892 };
3893
3894 if (variant < ARRAY_SIZE(var_str)) {
3895 return var_str[variant];
3896 }
3897
3898 return "unknown";
3899 }
3900
hci_vs_init(void)3901 static void hci_vs_init(void)
3902 {
3903 union {
3904 struct bt_hci_rp_vs_read_version_info *info;
3905 struct bt_hci_rp_vs_read_supported_commands *cmds;
3906 struct bt_hci_rp_vs_read_supported_features *feat;
3907 } rp;
3908 struct net_buf *rsp;
3909 int err;
3910
3911 /* If heuristics is enabled, try to guess HCI VS support by looking
3912 * at the HCI version and identity address. We haven't set any addresses
3913 * at this point. So we need to read the public address.
3914 */
3915 if (IS_ENABLED(CONFIG_BT_HCI_VS_EXT_DETECT)) {
3916 bt_addr_le_t addr;
3917
3918 if ((bt_dev.hci_version < BT_HCI_VERSION_5_0) ||
3919 bt_id_read_public_addr(&addr)) {
3920 LOG_WRN("Controller doesn't seem to support "
3921 "Zephyr vendor HCI");
3922 return;
3923 }
3924 }
3925
3926 err = bt_hci_cmd_send_sync(BT_HCI_OP_VS_READ_VERSION_INFO, NULL, &rsp);
3927 if (err) {
3928 LOG_WRN("Vendor HCI extensions not available");
3929 return;
3930 }
3931
3932 if (IS_ENABLED(CONFIG_BT_HCI_VS_EXT_DETECT) &&
3933 rsp->len != sizeof(struct bt_hci_rp_vs_read_version_info)) {
3934 LOG_WRN("Invalid Vendor HCI extensions");
3935 net_buf_unref(rsp);
3936 return;
3937 }
3938
3939 rp.info = (void *)rsp->data;
3940 LOG_INF("HW Platform: %s (0x%04x)", vs_hw_platform(sys_le16_to_cpu(rp.info->hw_platform)),
3941 sys_le16_to_cpu(rp.info->hw_platform));
3942 LOG_INF("HW Variant: %s (0x%04x)",
3943 vs_hw_variant(sys_le16_to_cpu(rp.info->hw_platform),
3944 sys_le16_to_cpu(rp.info->hw_variant)),
3945 sys_le16_to_cpu(rp.info->hw_variant));
3946 LOG_INF("Firmware: %s (0x%02x) Version %u.%u Build %u", vs_fw_variant(rp.info->fw_variant),
3947 rp.info->fw_variant, rp.info->fw_version, sys_le16_to_cpu(rp.info->fw_revision),
3948 sys_le32_to_cpu(rp.info->fw_build));
3949
3950 net_buf_unref(rsp);
3951
3952 err = bt_hci_cmd_send_sync(BT_HCI_OP_VS_READ_SUPPORTED_COMMANDS,
3953 NULL, &rsp);
3954 if (err) {
3955 LOG_WRN("Failed to read supported vendor commands");
3956 return;
3957 }
3958
3959 if (IS_ENABLED(CONFIG_BT_HCI_VS_EXT_DETECT) &&
3960 rsp->len != sizeof(struct bt_hci_rp_vs_read_supported_commands)) {
3961 LOG_WRN("Invalid Vendor HCI extensions");
3962 net_buf_unref(rsp);
3963 return;
3964 }
3965
3966 rp.cmds = (void *)rsp->data;
3967 memcpy(bt_dev.vs_commands, rp.cmds->commands, BT_DEV_VS_CMDS_MAX);
3968 net_buf_unref(rsp);
3969
3970 if (BT_VS_CMD_SUP_FEAT(bt_dev.vs_commands)) {
3971 err = bt_hci_cmd_send_sync(BT_HCI_OP_VS_READ_SUPPORTED_FEATURES,
3972 NULL, &rsp);
3973 if (err) {
3974 LOG_WRN("Failed to read supported vendor features");
3975 return;
3976 }
3977
3978 if (IS_ENABLED(CONFIG_BT_HCI_VS_EXT_DETECT) &&
3979 rsp->len !=
3980 sizeof(struct bt_hci_rp_vs_read_supported_features)) {
3981 LOG_WRN("Invalid Vendor HCI extensions");
3982 net_buf_unref(rsp);
3983 return;
3984 }
3985
3986 rp.feat = (void *)rsp->data;
3987 memcpy(bt_dev.vs_features, rp.feat->features,
3988 BT_DEV_VS_FEAT_MAX);
3989 net_buf_unref(rsp);
3990 }
3991 }
3992 #endif /* CONFIG_BT_HCI_VS */
3993
hci_init(void)3994 static int hci_init(void)
3995 {
3996 int err;
3997
3998 #if defined(CONFIG_BT_HCI_SETUP)
3999 struct bt_hci_setup_params setup_params = { 0 };
4000
4001 bt_addr_copy(&setup_params.public_addr, BT_ADDR_ANY);
4002 #if defined(CONFIG_BT_HCI_SET_PUBLIC_ADDR)
4003 if (bt_dev.id_count > 0 && bt_dev.id_addr[BT_ID_DEFAULT].type == BT_ADDR_LE_PUBLIC) {
4004 bt_addr_copy(&setup_params.public_addr, &bt_dev.id_addr[BT_ID_DEFAULT].a);
4005 }
4006 #endif /* defined(CONFIG_BT_HCI_SET_PUBLIC_ADDR) */
4007
4008 err = bt_hci_setup(bt_dev.hci, &setup_params);
4009 if (err && err != -ENOSYS) {
4010 return err;
4011 }
4012 #endif /* defined(CONFIG_BT_HCI_SETUP) */
4013
4014 err = common_init();
4015 if (err) {
4016 return err;
4017 }
4018
4019 err = le_init();
4020 if (err) {
4021 return err;
4022 }
4023
4024 if (BT_FEAT_BREDR(bt_dev.features)) {
4025 err = bt_br_init();
4026 if (err) {
4027 return err;
4028 }
4029 } else if (IS_ENABLED(CONFIG_BT_CLASSIC)) {
4030 LOG_ERR("Non-BR/EDR controller detected");
4031 return -EIO;
4032 }
4033 #if defined(CONFIG_BT_CONN)
4034 else if (!bt_dev.le.acl_mtu) {
4035 LOG_ERR("ACL BR/EDR buffers not initialized");
4036 return -EIO;
4037 }
4038 #endif
4039
4040 err = set_event_mask();
4041 if (err) {
4042 return err;
4043 }
4044
4045 #if defined(CONFIG_BT_HCI_VS)
4046 hci_vs_init();
4047 #endif
4048 err = bt_id_init();
4049 if (err) {
4050 return err;
4051 }
4052
4053 return 0;
4054 }
4055
bt_send(struct net_buf * buf)4056 int bt_send(struct net_buf *buf)
4057 {
4058 LOG_DBG("buf %p len %u type %u", buf, buf->len, bt_buf_get_type(buf));
4059
4060 bt_monitor_send(bt_monitor_opcode(buf), buf->data, buf->len);
4061
4062 if (IS_ENABLED(CONFIG_BT_SEND_ECC_EMULATION)) {
4063 return bt_hci_ecc_send(buf);
4064 }
4065
4066 return bt_hci_send(bt_dev.hci, buf);
4067 }
4068
4069 static const struct event_handler prio_events[] = {
4070 EVENT_HANDLER(BT_HCI_EVT_CMD_COMPLETE, hci_cmd_complete,
4071 sizeof(struct bt_hci_evt_cmd_complete)),
4072 EVENT_HANDLER(BT_HCI_EVT_CMD_STATUS, hci_cmd_status,
4073 sizeof(struct bt_hci_evt_cmd_status)),
4074 #if defined(CONFIG_BT_CONN)
4075 EVENT_HANDLER(BT_HCI_EVT_DATA_BUF_OVERFLOW,
4076 hci_data_buf_overflow,
4077 sizeof(struct bt_hci_evt_data_buf_overflow)),
4078 EVENT_HANDLER(BT_HCI_EVT_DISCONN_COMPLETE, hci_disconn_complete_prio,
4079 sizeof(struct bt_hci_evt_disconn_complete)),
4080 #endif /* CONFIG_BT_CONN */
4081 #if defined(CONFIG_BT_CONN_TX)
4082 EVENT_HANDLER(BT_HCI_EVT_NUM_COMPLETED_PACKETS,
4083 hci_num_completed_packets,
4084 sizeof(struct bt_hci_evt_num_completed_packets)),
4085 #endif /* CONFIG_BT_CONN_TX */
4086 };
4087
hci_event_prio(struct net_buf * buf)4088 void hci_event_prio(struct net_buf *buf)
4089 {
4090 struct net_buf_simple_state state;
4091 struct bt_hci_evt_hdr *hdr;
4092 uint8_t evt_flags;
4093
4094 net_buf_simple_save(&buf->b, &state);
4095
4096 if (buf->len < sizeof(*hdr)) {
4097 LOG_ERR("Invalid HCI event size (%u)", buf->len);
4098 net_buf_unref(buf);
4099 return;
4100 }
4101
4102 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
4103 evt_flags = bt_hci_evt_get_flags(hdr->evt);
4104 BT_ASSERT(evt_flags & BT_HCI_EVT_FLAG_RECV_PRIO);
4105
4106 handle_event(hdr->evt, buf, prio_events, ARRAY_SIZE(prio_events));
4107
4108 if (evt_flags & BT_HCI_EVT_FLAG_RECV) {
4109 net_buf_simple_restore(&buf->b, &state);
4110 } else {
4111 net_buf_unref(buf);
4112 }
4113 }
4114
rx_queue_put(struct net_buf * buf)4115 static void rx_queue_put(struct net_buf *buf)
4116 {
4117 net_buf_slist_put(&bt_dev.rx_queue, buf);
4118
4119 #if defined(CONFIG_BT_RECV_WORKQ_SYS)
4120 const int err = k_work_submit(&rx_work);
4121 #elif defined(CONFIG_BT_RECV_WORKQ_BT)
4122 const int err = k_work_submit_to_queue(&bt_workq, &rx_work);
4123 #endif /* CONFIG_BT_RECV_WORKQ_SYS */
4124 if (err < 0) {
4125 LOG_ERR("Could not submit rx_work: %d", err);
4126 }
4127 }
4128
bt_recv_unsafe(struct net_buf * buf)4129 static int bt_recv_unsafe(struct net_buf *buf)
4130 {
4131 bt_monitor_send(bt_monitor_opcode(buf), buf->data, buf->len);
4132
4133 LOG_DBG("buf %p len %u", buf, buf->len);
4134
4135 switch (bt_buf_get_type(buf)) {
4136 #if defined(CONFIG_BT_CONN)
4137 case BT_BUF_ACL_IN:
4138 rx_queue_put(buf);
4139 return 0;
4140 #endif /* BT_CONN */
4141 case BT_BUF_EVT:
4142 {
4143 struct bt_hci_evt_hdr *hdr = (void *)buf->data;
4144 uint8_t evt_flags = bt_hci_evt_get_flags(hdr->evt);
4145
4146 if (evt_flags & BT_HCI_EVT_FLAG_RECV_PRIO) {
4147 hci_event_prio(buf);
4148 }
4149
4150 if (evt_flags & BT_HCI_EVT_FLAG_RECV) {
4151 rx_queue_put(buf);
4152 }
4153
4154 return 0;
4155 }
4156 #if defined(CONFIG_BT_ISO)
4157 case BT_BUF_ISO_IN:
4158 rx_queue_put(buf);
4159 return 0;
4160 #endif /* CONFIG_BT_ISO */
4161 default:
4162 LOG_ERR("Invalid buf type %u", bt_buf_get_type(buf));
4163 net_buf_unref(buf);
4164 return -EINVAL;
4165 }
4166 }
4167
bt_hci_recv(const struct device * dev,struct net_buf * buf)4168 int bt_hci_recv(const struct device *dev, struct net_buf *buf)
4169 {
4170 ARG_UNUSED(dev);
4171 int err;
4172
4173 k_sched_lock();
4174 err = bt_recv_unsafe(buf);
4175 k_sched_unlock();
4176
4177 return err;
4178 }
4179
bt_finalize_init(void)4180 void bt_finalize_init(void)
4181 {
4182 atomic_set_bit(bt_dev.flags, BT_DEV_READY);
4183
4184 if (IS_ENABLED(CONFIG_BT_OBSERVER)) {
4185 bt_scan_reset();
4186 }
4187
4188 bt_dev_show_info();
4189 }
4190
bt_init(void)4191 static int bt_init(void)
4192 {
4193 int err;
4194
4195 err = hci_init();
4196 if (err) {
4197 return err;
4198 }
4199
4200 if (IS_ENABLED(CONFIG_BT_CONN)) {
4201 err = bt_conn_init();
4202 if (err) {
4203 return err;
4204 }
4205 }
4206
4207 if (IS_ENABLED(CONFIG_BT_ISO)) {
4208 err = bt_conn_iso_init();
4209 if (err) {
4210 return err;
4211 }
4212 }
4213
4214 if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
4215 if (!bt_dev.id_count) {
4216 LOG_INF("No ID address. App must call settings_load()");
4217 return 0;
4218 }
4219
4220 atomic_set_bit(bt_dev.flags, BT_DEV_PRESET_ID);
4221 }
4222
4223 bt_finalize_init();
4224 return 0;
4225 }
4226
init_work(struct k_work * work)4227 static void init_work(struct k_work *work)
4228 {
4229 int err;
4230
4231 err = bt_init();
4232 if (ready_cb) {
4233 ready_cb(err);
4234 }
4235 }
4236
rx_work_handler(struct k_work * work)4237 static void rx_work_handler(struct k_work *work)
4238 {
4239 int err;
4240
4241 struct net_buf *buf;
4242
4243 LOG_DBG("Getting net_buf from queue");
4244 buf = net_buf_slist_get(&bt_dev.rx_queue);
4245 if (!buf) {
4246 return;
4247 }
4248
4249 LOG_DBG("buf %p type %u len %u", buf, bt_buf_get_type(buf), buf->len);
4250
4251 switch (bt_buf_get_type(buf)) {
4252 #if defined(CONFIG_BT_CONN)
4253 case BT_BUF_ACL_IN:
4254 hci_acl(buf);
4255 break;
4256 #endif /* CONFIG_BT_CONN */
4257 #if defined(CONFIG_BT_ISO)
4258 case BT_BUF_ISO_IN:
4259 hci_iso(buf);
4260 break;
4261 #endif /* CONFIG_BT_ISO */
4262 case BT_BUF_EVT:
4263 hci_event(buf);
4264 break;
4265 default:
4266 LOG_ERR("Unknown buf type %u", bt_buf_get_type(buf));
4267 net_buf_unref(buf);
4268 break;
4269 }
4270
4271 /* Schedule the work handler to be executed again if there are
4272 * additional items in the queue. This allows for other users of the
4273 * work queue to get a chance at running, which wouldn't be possible if
4274 * we used a while() loop with a k_yield() statement.
4275 */
4276 if (!sys_slist_is_empty(&bt_dev.rx_queue)) {
4277
4278 #if defined(CONFIG_BT_RECV_WORKQ_SYS)
4279 err = k_work_submit(&rx_work);
4280 #elif defined(CONFIG_BT_RECV_WORKQ_BT)
4281 err = k_work_submit_to_queue(&bt_workq, &rx_work);
4282 #endif
4283 if (err < 0) {
4284 LOG_ERR("Could not submit rx_work: %d", err);
4285 }
4286 }
4287 }
4288
4289 #if defined(CONFIG_BT_TESTING)
bt_testing_tx_tid_get(void)4290 k_tid_t bt_testing_tx_tid_get(void)
4291 {
4292 /* We now TX everything from the syswq */
4293 return &k_sys_work_q.thread;
4294 }
4295
4296 #if defined(CONFIG_BT_ISO)
bt_testing_set_iso_mtu(uint16_t mtu)4297 void bt_testing_set_iso_mtu(uint16_t mtu)
4298 {
4299 bt_dev.le.iso_mtu = mtu;
4300 }
4301 #endif /* CONFIG_BT_ISO */
4302 #endif /* CONFIG_BT_TESTING */
4303
bt_enable(bt_ready_cb_t cb)4304 int bt_enable(bt_ready_cb_t cb)
4305 {
4306 int err;
4307
4308 if (IS_ENABLED(CONFIG_ZTEST) && bt_dev.hci == NULL) {
4309 LOG_ERR("No DT chosen property for HCI");
4310 return -ENODEV;
4311 }
4312
4313 if (!device_is_ready(bt_dev.hci)) {
4314 LOG_ERR("HCI driver is not ready");
4315 return -ENODEV;
4316 }
4317
4318 bt_monitor_new_index(BT_MONITOR_TYPE_PRIMARY, BT_HCI_BUS, BT_ADDR_ANY, BT_HCI_NAME);
4319
4320 atomic_clear_bit(bt_dev.flags, BT_DEV_DISABLE);
4321
4322 if (atomic_test_and_set_bit(bt_dev.flags, BT_DEV_ENABLE)) {
4323 return -EALREADY;
4324 }
4325
4326 if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
4327 err = bt_settings_init();
4328 if (err) {
4329 return err;
4330 }
4331 } else if (IS_ENABLED(CONFIG_BT_DEVICE_NAME_DYNAMIC)) {
4332 err = bt_set_name(CONFIG_BT_DEVICE_NAME);
4333 if (err) {
4334 LOG_WRN("Failed to set device name (%d)", err);
4335 }
4336 }
4337
4338 ready_cb = cb;
4339
4340 /* Give cmd_sem allowing to send first HCI_Reset cmd, the only
4341 * exception is if the controller requests to wait for an
4342 * initial Command Complete for NOP.
4343 */
4344 if (!IS_ENABLED(CONFIG_BT_WAIT_NOP)) {
4345 k_sem_init(&bt_dev.ncmd_sem, 1, 1);
4346 } else {
4347 k_sem_init(&bt_dev.ncmd_sem, 0, 1);
4348 }
4349 k_fifo_init(&bt_dev.cmd_tx_queue);
4350
4351 #if defined(CONFIG_BT_RECV_WORKQ_BT)
4352 /* RX thread */
4353 k_work_queue_init(&bt_workq);
4354 k_work_queue_start(&bt_workq, rx_thread_stack,
4355 CONFIG_BT_RX_STACK_SIZE,
4356 K_PRIO_COOP(CONFIG_BT_RX_PRIO), NULL);
4357 k_thread_name_set(&bt_workq.thread, "BT RX WQ");
4358 #endif
4359
4360 err = bt_hci_open(bt_dev.hci, bt_hci_recv);
4361 if (err) {
4362 LOG_ERR("HCI driver open failed (%d)", err);
4363 return err;
4364 }
4365
4366 bt_monitor_send(BT_MONITOR_OPEN_INDEX, NULL, 0);
4367
4368 if (!cb) {
4369 return bt_init();
4370 }
4371
4372 k_work_submit(&bt_dev.init);
4373 return 0;
4374 }
4375
bt_disable(void)4376 int bt_disable(void)
4377 {
4378 int err;
4379
4380 if (atomic_test_and_set_bit(bt_dev.flags, BT_DEV_DISABLE)) {
4381 return -EALREADY;
4382 }
4383
4384 /* Clear BT_DEV_READY before disabling HCI link */
4385 atomic_clear_bit(bt_dev.flags, BT_DEV_READY);
4386
4387 #if defined(CONFIG_BT_BROADCASTER)
4388 bt_adv_reset_adv_pool();
4389 #endif /* CONFIG_BT_BROADCASTER */
4390
4391 #if defined(CONFIG_BT_PRIVACY)
4392 k_work_cancel_delayable(&bt_dev.rpa_update);
4393 #endif /* CONFIG_BT_PRIVACY */
4394
4395 #if defined(CONFIG_BT_PER_ADV_SYNC)
4396 bt_periodic_sync_disable();
4397 #endif /* CONFIG_BT_PER_ADV_SYNC */
4398
4399 #if defined(CONFIG_BT_CONN)
4400 if (IS_ENABLED(CONFIG_BT_SMP)) {
4401 bt_pub_key_hci_disrupted();
4402 }
4403 bt_conn_cleanup_all();
4404 disconnected_handles_reset();
4405 #endif /* CONFIG_BT_CONN */
4406
4407 err = bt_hci_close(bt_dev.hci);
4408 if (err == -ENOSYS) {
4409 atomic_clear_bit(bt_dev.flags, BT_DEV_DISABLE);
4410 atomic_set_bit(bt_dev.flags, BT_DEV_READY);
4411 return -ENOTSUP;
4412 }
4413
4414 if (err) {
4415 LOG_ERR("HCI driver close failed (%d)", err);
4416
4417 /* Re-enable BT_DEV_READY to avoid inconsistent stack state */
4418 atomic_set_bit(bt_dev.flags, BT_DEV_READY);
4419
4420 return err;
4421 }
4422
4423 #if defined(CONFIG_BT_RECV_WORKQ_BT)
4424 /* Abort RX thread */
4425 k_thread_abort(&bt_workq.thread);
4426 #endif
4427
4428 /* Some functions rely on checking this bitfield */
4429 memset(bt_dev.supported_commands, 0x00, sizeof(bt_dev.supported_commands));
4430
4431 /* Reset IDs and corresponding keys. */
4432 bt_dev.id_count = 0;
4433 #if defined(CONFIG_BT_SMP)
4434 bt_dev.le.rl_entries = 0;
4435 bt_keys_reset();
4436 #endif
4437
4438 /* If random address was set up - clear it */
4439 bt_addr_le_copy(&bt_dev.random_addr, BT_ADDR_LE_ANY);
4440
4441 if (IS_ENABLED(CONFIG_BT_ISO)) {
4442 bt_iso_reset();
4443 }
4444
4445 bt_monitor_send(BT_MONITOR_CLOSE_INDEX, NULL, 0);
4446
4447 /* Clear BT_DEV_ENABLE here to prevent early bt_enable() calls, before disable is
4448 * completed.
4449 */
4450 atomic_clear_bit(bt_dev.flags, BT_DEV_ENABLE);
4451
4452 return 0;
4453 }
4454
bt_is_ready(void)4455 bool bt_is_ready(void)
4456 {
4457 return atomic_test_bit(bt_dev.flags, BT_DEV_READY);
4458 }
4459
4460 #define DEVICE_NAME_LEN (sizeof(CONFIG_BT_DEVICE_NAME) - 1)
4461 #if defined(CONFIG_BT_DEVICE_NAME_DYNAMIC)
4462 BUILD_ASSERT(DEVICE_NAME_LEN < CONFIG_BT_DEVICE_NAME_MAX);
4463 #else
4464 BUILD_ASSERT(DEVICE_NAME_LEN < 248);
4465 #endif
4466
bt_set_name(const char * name)4467 int bt_set_name(const char *name)
4468 {
4469 #if defined(CONFIG_BT_DEVICE_NAME_DYNAMIC)
4470 size_t len = strlen(name);
4471 int err;
4472
4473 if (len > CONFIG_BT_DEVICE_NAME_MAX) {
4474 return -ENOMEM;
4475 }
4476
4477 if (!strcmp(bt_dev.name, name)) {
4478 return 0;
4479 }
4480
4481 memcpy(bt_dev.name, name, len);
4482 bt_dev.name[len] = '\0';
4483
4484 if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
4485 err = bt_settings_store_name(bt_dev.name, len);
4486 if (err) {
4487 LOG_WRN("Unable to store name");
4488 }
4489 }
4490
4491 return 0;
4492 #else
4493 return -ENOMEM;
4494 #endif
4495 }
4496
bt_get_name(void)4497 const char *bt_get_name(void)
4498 {
4499 #if defined(CONFIG_BT_DEVICE_NAME_DYNAMIC)
4500 return bt_dev.name;
4501 #else
4502 return CONFIG_BT_DEVICE_NAME;
4503 #endif
4504 }
4505
bt_get_appearance(void)4506 uint16_t bt_get_appearance(void)
4507 {
4508 #if defined(CONFIG_BT_DEVICE_APPEARANCE_DYNAMIC)
4509 return bt_dev.appearance;
4510 #else
4511 return CONFIG_BT_DEVICE_APPEARANCE;
4512 #endif
4513 }
4514
4515 #if defined(CONFIG_BT_DEVICE_APPEARANCE_DYNAMIC)
bt_set_appearance(uint16_t appearance)4516 int bt_set_appearance(uint16_t appearance)
4517 {
4518 if (bt_dev.appearance != appearance) {
4519 if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
4520 int err = bt_settings_store_appearance(&appearance, sizeof(appearance));
4521 if (err) {
4522 LOG_ERR("Unable to save setting 'bt/appearance' (err %d).", err);
4523 return err;
4524 }
4525 }
4526
4527 bt_dev.appearance = appearance;
4528 }
4529
4530 return 0;
4531 }
4532 #endif
4533
bt_addr_le_is_bonded(uint8_t id,const bt_addr_le_t * addr)4534 bool bt_addr_le_is_bonded(uint8_t id, const bt_addr_le_t *addr)
4535 {
4536 if (IS_ENABLED(CONFIG_BT_SMP)) {
4537 struct bt_keys *keys = bt_keys_find_addr(id, addr);
4538
4539 /* if there are any keys stored then device is bonded */
4540 return keys && keys->keys;
4541 } else {
4542 return false;
4543 }
4544 }
4545
4546 #if defined(CONFIG_BT_FILTER_ACCEPT_LIST)
bt_le_filter_accept_list_add(const bt_addr_le_t * addr)4547 int bt_le_filter_accept_list_add(const bt_addr_le_t *addr)
4548 {
4549 struct bt_hci_cp_le_add_dev_to_fal *cp;
4550 struct net_buf *buf;
4551 int err;
4552
4553 if (!atomic_test_bit(bt_dev.flags, BT_DEV_READY)) {
4554 return -EAGAIN;
4555 }
4556
4557 buf = bt_hci_cmd_create(BT_HCI_OP_LE_ADD_DEV_TO_FAL, sizeof(*cp));
4558 if (!buf) {
4559 return -ENOBUFS;
4560 }
4561
4562 cp = net_buf_add(buf, sizeof(*cp));
4563 bt_addr_le_copy(&cp->addr, addr);
4564
4565 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_ADD_DEV_TO_FAL, buf, NULL);
4566 if (err) {
4567 LOG_ERR("Failed to add device to filter accept list");
4568
4569 return err;
4570 }
4571
4572 return 0;
4573 }
4574
bt_le_filter_accept_list_remove(const bt_addr_le_t * addr)4575 int bt_le_filter_accept_list_remove(const bt_addr_le_t *addr)
4576 {
4577 struct bt_hci_cp_le_rem_dev_from_fal *cp;
4578 struct net_buf *buf;
4579 int err;
4580
4581 if (!atomic_test_bit(bt_dev.flags, BT_DEV_READY)) {
4582 return -EAGAIN;
4583 }
4584
4585 buf = bt_hci_cmd_create(BT_HCI_OP_LE_REM_DEV_FROM_FAL, sizeof(*cp));
4586 if (!buf) {
4587 return -ENOBUFS;
4588 }
4589
4590 cp = net_buf_add(buf, sizeof(*cp));
4591 bt_addr_le_copy(&cp->addr, addr);
4592
4593 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_REM_DEV_FROM_FAL, buf, NULL);
4594 if (err) {
4595 LOG_ERR("Failed to remove device from filter accept list");
4596 return err;
4597 }
4598
4599 return 0;
4600 }
4601
bt_le_filter_accept_list_clear(void)4602 int bt_le_filter_accept_list_clear(void)
4603 {
4604 int err;
4605
4606 if (!atomic_test_bit(bt_dev.flags, BT_DEV_READY)) {
4607 return -EAGAIN;
4608 }
4609
4610 err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_CLEAR_FAL, NULL, NULL);
4611 if (err) {
4612 LOG_ERR("Failed to clear filter accept list");
4613 return err;
4614 }
4615
4616 return 0;
4617 }
4618 #endif /* defined(CONFIG_BT_FILTER_ACCEPT_LIST) */
4619
bt_le_set_chan_map(uint8_t chan_map[5])4620 int bt_le_set_chan_map(uint8_t chan_map[5])
4621 {
4622 struct bt_hci_cp_le_set_host_chan_classif *cp;
4623 struct net_buf *buf;
4624
4625 if (!(IS_ENABLED(CONFIG_BT_CENTRAL) || IS_ENABLED(CONFIG_BT_BROADCASTER))) {
4626 return -ENOTSUP;
4627 }
4628
4629 if (!BT_CMD_TEST(bt_dev.supported_commands, 27, 3)) {
4630 LOG_WRN("Set Host Channel Classification command is "
4631 "not supported");
4632 return -ENOTSUP;
4633 }
4634
4635 buf = bt_hci_cmd_create(BT_HCI_OP_LE_SET_HOST_CHAN_CLASSIF,
4636 sizeof(*cp));
4637 if (!buf) {
4638 return -ENOBUFS;
4639 }
4640
4641 cp = net_buf_add(buf, sizeof(*cp));
4642
4643 memcpy(&cp->ch_map[0], &chan_map[0], 4);
4644 cp->ch_map[4] = chan_map[4] & BIT_MASK(5);
4645
4646 return bt_hci_cmd_send_sync(BT_HCI_OP_LE_SET_HOST_CHAN_CLASSIF,
4647 buf, NULL);
4648 }
4649
4650 #if defined(CONFIG_BT_RPA_TIMEOUT_DYNAMIC)
bt_le_set_rpa_timeout(uint16_t new_rpa_timeout)4651 int bt_le_set_rpa_timeout(uint16_t new_rpa_timeout)
4652 {
4653 if ((new_rpa_timeout == 0) || (new_rpa_timeout > 3600)) {
4654 return -EINVAL;
4655 }
4656
4657 if (new_rpa_timeout == bt_dev.rpa_timeout) {
4658 return 0;
4659 }
4660
4661 bt_dev.rpa_timeout = new_rpa_timeout;
4662 atomic_set_bit(bt_dev.flags, BT_DEV_RPA_TIMEOUT_CHANGED);
4663
4664 return 0;
4665 }
4666 #endif
4667
bt_configure_data_path(uint8_t dir,uint8_t id,uint8_t vs_config_len,const uint8_t * vs_config)4668 int bt_configure_data_path(uint8_t dir, uint8_t id, uint8_t vs_config_len,
4669 const uint8_t *vs_config)
4670 {
4671 struct bt_hci_rp_configure_data_path *rp;
4672 struct bt_hci_cp_configure_data_path *cp;
4673 struct net_buf *rsp;
4674 struct net_buf *buf;
4675 int err;
4676
4677 buf = bt_hci_cmd_create(BT_HCI_OP_CONFIGURE_DATA_PATH, sizeof(*cp) +
4678 vs_config_len);
4679 if (!buf) {
4680 return -ENOBUFS;
4681 }
4682
4683 cp = net_buf_add(buf, sizeof(*cp));
4684 cp->data_path_dir = dir;
4685 cp->data_path_id = id;
4686 cp->vs_config_len = vs_config_len;
4687 if (vs_config_len) {
4688 (void)memcpy(cp->vs_config, vs_config, vs_config_len);
4689 }
4690
4691 err = bt_hci_cmd_send_sync(BT_HCI_OP_CONFIGURE_DATA_PATH, buf, &rsp);
4692 if (err) {
4693 return err;
4694 }
4695
4696 rp = (void *)rsp->data;
4697 if (rp->status) {
4698 err = -EIO;
4699 }
4700 net_buf_unref(rsp);
4701
4702 return err;
4703 }
4704
4705 /* Return `true` if a command was processed/sent */
process_pending_cmd(k_timeout_t timeout)4706 static bool process_pending_cmd(k_timeout_t timeout)
4707 {
4708 if (!k_fifo_is_empty(&bt_dev.cmd_tx_queue)) {
4709 if (k_sem_take(&bt_dev.ncmd_sem, timeout) == 0) {
4710 hci_core_send_cmd();
4711 return true;
4712 }
4713 }
4714
4715 return false;
4716 }
4717
tx_processor(struct k_work * item)4718 static void tx_processor(struct k_work *item)
4719 {
4720 LOG_DBG("TX process start");
4721 if (process_pending_cmd(K_NO_WAIT)) {
4722 /* If we processed a command, let the scheduler run before
4723 * processing another command (or data).
4724 */
4725 bt_tx_irq_raise();
4726 return;
4727 }
4728
4729 /* Hand over control to conn to process pending data */
4730 if (IS_ENABLED(CONFIG_BT_CONN_TX)) {
4731 bt_conn_tx_processor();
4732 }
4733 }
4734
4735 static K_WORK_DEFINE(tx_work, tx_processor);
4736
bt_tx_irq_raise(void)4737 void bt_tx_irq_raise(void)
4738 {
4739 LOG_DBG("kick TX");
4740 k_work_submit(&tx_work);
4741 }
4742
