From: Pauli Virtanen <pav@iki.fi>
To: linux-bluetooth@vger.kernel.org
Cc: Pauli Virtanen <pav@iki.fi>
Subject: [PATCH BlueZ 3/4] btdev: check LE Create CIS error conditions
Date: Sun, 28 May 2023 17:39:15 +0000 [thread overview]
Message-ID: <8846153ed22812ecf49ac33c994b97650018f2d6.1685283364.git.pav@iki.fi> (raw)
In-Reply-To: <502997002ac9d4a76593aa4ba8237b7fb803c701.1685283364.git.pav@iki.fi>
Check LE Create CIS input parameter are valid and return correct status
codes (Core v5.3 Vol 4 Part E Sec. 7.8.99).
On current bluetooth-next kernel, this results to
ISO AC 6(i) - Success Failed
ISO AC 7(i) - Success Failed
ISO AC 8(i) - Success Failed
ISO AC 9(i) - Success Failed
ISO AC 11(i) - Success Failed
as in these tests the kernel is sending new Create CIS commands before
it has seen all events from the previous, which is not allowed:
< HCI Command: LE Create Co.. (0x08|0x0064) plen 9 #129 [hci0]
Number of CIS: 2
CIS Handle: 257
ACL Handle: 42
CIS Handle: 258
ACL Handle: 42
> HCI Event: Command Status (0x0f) plen 4 #130 [hci0]
LE Create Connected Isochronous Stream (0x08|0x0064) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 29 #131 [hci0]
LE Connected Isochronous Stream Established (0x19)
Status: Success (0x00)
Connection Handle: 257
...
< HCI Command: LE Setup Is.. (0x08|0x006e) plen 13 #132 [hci0]
...
> HCI Event: Command Complete (0x0e) plen 6 #133 [hci0]
LE Setup Isochronous Data Path (0x08|0x006e) ncmd 1
...
< HCI Command: LE Create Co.. (0x08|0x0064) plen 5 #134 [hci0]
Number of CIS: 1
CIS Handle: 258
ACL Handle: 42
> HCI Event: Command Status (0x0f) plen 4 #135 [hci0]
LE Create Connected Isochronous Stream (0x08|0x0064) ncmd 1
Status: ACL Connection Already Exists (0x0b)
> HCI Event: LE Meta Event (0x3e) plen 29 #136 [hci0]
LE Connected Isochronous Stream Established (0x19)
Status: Success (0x00)
Connection Handle: 258
...
The emulator uses Already Exists error code here, not Command
Disallowed, since the Established events are logically generated
immediately after the first status event, even though the kernel hasn't
yet processed them.
---
emulator/btdev.c | 38 ++++++++++++++++++++++++++++++++++++++
monitor/bt.h | 1 +
2 files changed, 39 insertions(+)
diff --git a/emulator/btdev.c b/emulator/btdev.c
index 98d7af99e..08506c66e 100644
--- a/emulator/btdev.c
+++ b/emulator/btdev.c
@@ -5903,6 +5903,38 @@ static int cmd_set_cig_params_test(struct btdev *dev, const void *data,
static int cmd_create_cis(struct btdev *dev, const void *data, uint8_t len)
{
+ const struct bt_hci_cmd_le_create_cis *cmd = data;
+ int i, j;
+
+ for (i = 0; i < cmd->num_cis; i++) {
+ const struct bt_hci_cis *cis = &cmd->cis[i];
+ struct btdev_conn *acl;
+ struct btdev_conn *iso;
+ int cig_idx, cis_idx;
+
+ /* Check for errors (Core v5.3 Vol 4 Part E Sec. 7.8.99) */
+ for (j = 0; j < i; j++)
+ if (cis->cis_handle == cmd->cis[j].cis_handle)
+ return -EINVAL;
+
+ cig_idx = parse_cis_handle(le16_to_cpu(cis->cis_handle),
+ &cis_idx);
+ if (cig_idx < 0)
+ return -ENOENT;
+ if (cis_idx >= dev->le_cig[cig_idx].params.num_cis)
+ return -ENOENT;
+
+ acl = queue_find(dev->conns, match_handle,
+ UINT_TO_PTR(le16_to_cpu(cis->acl_handle)));
+ if (!acl)
+ return -ENOENT;
+
+ iso = queue_find(dev->conns, match_handle,
+ UINT_TO_PTR(le16_to_cpu(cis->cis_handle)));
+ if (iso)
+ return -EEXIST;
+ }
+
cmd_status(dev, BT_HCI_ERR_SUCCESS, BT_HCI_CMD_LE_CREATE_CIS);
return 0;
@@ -7142,6 +7174,12 @@ static const struct btdev_cmd *run_cmd(struct btdev *btdev,
case -EPERM:
status = BT_HCI_ERR_COMMAND_DISALLOWED;
break;
+ case -EEXIST:
+ status = BT_HCI_ERR_CONN_ALREADY_EXISTS;
+ break;
+ case -ENOENT:
+ status = BT_HCI_ERR_UNKNOWN_CONN_ID;
+ break;
default:
status = BT_HCI_ERR_UNSPECIFIED_ERROR;
break;
diff --git a/monitor/bt.h b/monitor/bt.h
index b99ada0b2..37fcdaeaa 100644
--- a/monitor/bt.h
+++ b/monitor/bt.h
@@ -3713,6 +3713,7 @@ struct bt_hci_evt_le_big_info_adv_report {
#define BT_HCI_ERR_AUTH_FAILURE 0x05
#define BT_HCI_ERR_PIN_OR_KEY_MISSING 0x06
#define BT_HCI_ERR_MEM_CAPACITY_EXCEEDED 0x07
+#define BT_HCI_ERR_CONN_ALREADY_EXISTS 0x0b
#define BT_HCI_ERR_COMMAND_DISALLOWED 0x0c
#define BT_HCI_ERR_UNSUPPORTED_FEATURE 0x11
#define BT_HCI_ERR_INVALID_PARAMETERS 0x12
--
2.40.1
next prev parent reply other threads:[~2023-05-28 17:39 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-28 17:39 [PATCH BlueZ 1/4] iso-tester: Add tests for AC configuration reconnect Pauli Virtanen
2023-05-28 17:39 ` [PATCH BlueZ 2/4] btdev: fix inactive CIG configurable status Pauli Virtanen
2023-05-28 17:39 ` Pauli Virtanen [this message]
2023-05-28 17:39 ` [PATCH BlueZ 4/4] test-runner: enable no_hash_pointers=1 Pauli Virtanen
2023-05-28 20:07 ` [BlueZ,1/4] iso-tester: Add tests for AC configuration reconnect bluez.test.bot
2023-05-30 18:40 ` [PATCH BlueZ 1/4] " patchwork-bot+bluetooth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8846153ed22812ecf49ac33c994b97650018f2d6.1685283364.git.pav@iki.fi \
--to=pav@iki.fi \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).