Check LE Create CIS input parameter are valid and return correct status
codes (Core v5.3 Vol 4 Part E Sec. 7.8.99).
On current bluetooth-next kernel, this results to
ISO AC 6(i) - Success Failed
ISO AC 7(i) - Success Failed
ISO AC 8(i) - Success Failed
ISO AC 9(i) - Success Failed
ISO AC 11(i) - Success Failed
as in these tests the kernel is sending new Create CIS commands before
it has seen all events from the previous, which is not allowed:
< HCI Command: LE Create Co.. (0x08|0x0064) plen 9 #129 [hci0]
Number of CIS: 2
CIS Handle: 257
ACL Handle: 42
CIS Handle: 258
ACL Handle: 42
> HCI Event: Command Status (0x0f) plen 4 #130 [hci0]
LE Create Connected Isochronous Stream (0x08|0x0064) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 29 #131 [hci0]
LE Connected Isochronous Stream Established (0x19)
Status: Success (0x00)
Connection Handle: 257
...
< HCI Command: LE Setup Is.. (0x08|0x006e) plen 13 #132 [hci0]
...
> HCI Event: Command Complete (0x0e) plen 6 #133 [hci0]
LE Setup Isochronous Data Path (0x08|0x006e) ncmd 1
...
< HCI Command: LE Create Co.. (0x08|0x0064) plen 5 #134 [hci0]
Number of CIS: 1
CIS Handle: 258
ACL Handle: 42
> HCI Event: Command Status (0x0f) plen 4 #135 [hci0]
LE Create Connected Isochronous Stream (0x08|0x0064) ncmd 1
Status: ACL Connection Already Exists (0x0b)
> HCI Event: LE Meta Event (0x3e) plen 29 #136 [hci0]
LE Connected Isochronous Stream Established (0x19)
Status: Success (0x00)
Connection Handle: 258
...
The emulator uses Already Exists error code here, not Command
Disallowed, since the Established events are logically generated
immediately after the first status event, even though the kernel hasn't
yet processed them.
---
emulator/btdev.c | 38 ++++++++++++++++++++++++++++++++++++++
monitor/bt.h | 1 +
2 files changed, 39 insertions(+)
diff --git a/emulator/btdev.c b/emulator/btdev.c
index 98d7af99e..08506c66e 100644
--- a/emulator/btdev.c
+++ b/emulator/btdev.c
@@ -5903,6 +5903,38 @@ static int cmd_set_cig_params_test(struct btdev *dev, const void *data,
static int cmd_create_cis(struct btdev *dev, const void *data, uint8_t len)
{
+ const struct bt_hci_cmd_le_create_cis *cmd = data;
+ int i, j;
+
+ for (i = 0; i < cmd->num_cis; i++) {
+ const struct bt_hci_cis *cis = &cmd->cis[i];
+ struct btdev_conn *acl;
+ struct btdev_conn *iso;
+ int cig_idx, cis_idx;
+
+ /* Check for errors (Core v5.3 Vol 4 Part E Sec. 7.8.99) */
+ for (j = 0; j < i; j++)
+ if (cis->cis_handle == cmd->cis[j].cis_handle)
+ return -EINVAL;
+
+ cig_idx = parse_cis_handle(le16_to_cpu(cis->cis_handle),
+ &cis_idx);
+ if (cig_idx < 0)
+ return -ENOENT;
+ if (cis_idx >= dev->le_cig[cig_idx].params.num_cis)
+ return -ENOENT;
+
+ acl = queue_find(dev->conns, match_handle,
+ UINT_TO_PTR(le16_to_cpu(cis->acl_handle)));
+ if (!acl)
+ return -ENOENT;
+
+ iso = queue_find(dev->conns, match_handle,
+ UINT_TO_PTR(le16_to_cpu(cis->cis_handle)));
+ if (iso)
+ return -EEXIST;
+ }
+
cmd_status(dev, BT_HCI_ERR_SUCCESS, BT_HCI_CMD_LE_CREATE_CIS);
return 0;
@@ -7142,6 +7174,12 @@ static const struct btdev_cmd *run_cmd(struct btdev *btdev,
case -EPERM:
status = BT_HCI_ERR_COMMAND_DISALLOWED;
break;
+ case -EEXIST:
+ status = BT_HCI_ERR_CONN_ALREADY_EXISTS;
+ break;
+ case -ENOENT:
+ status = BT_HCI_ERR_UNKNOWN_CONN_ID;
+ break;
default:
status = BT_HCI_ERR_UNSPECIFIED_ERROR;
break;
diff --git a/monitor/bt.h b/monitor/bt.h
index b99ada0b2..37fcdaeaa 100644
--- a/monitor/bt.h
+++ b/monitor/bt.h
@@ -3713,6 +3713,7 @@ struct bt_hci_evt_le_big_info_adv_report {
#define BT_HCI_ERR_AUTH_FAILURE 0x05
#define BT_HCI_ERR_PIN_OR_KEY_MISSING 0x06
#define BT_HCI_ERR_MEM_CAPACITY_EXCEEDED 0x07
+#define BT_HCI_ERR_CONN_ALREADY_EXISTS 0x0b
#define BT_HCI_ERR_COMMAND_DISALLOWED 0x0c
#define BT_HCI_ERR_UNSUPPORTED_FEATURE 0x11
#define BT_HCI_ERR_INVALID_PARAMETERS 0x12
--
2.40.1
