btdev: check LE Create CIS error conditions

Check LE Create CIS input parameter are valid and return correct status
codes (Core v5.3 Vol 4 Part E Sec. 7.8.99).

On current bluetooth-next kernel, this results to

ISO AC 6(i) - Success                                Failed
ISO AC 7(i) - Success                                Failed
ISO AC 8(i) - Success                                Failed
ISO AC 9(i) - Success                                Failed
ISO AC 11(i) - Success                               Failed

as in these tests the kernel is sending new Create CIS commands before
it has seen all events from the previous, which is not allowed:

< HCI Command: LE Create Co.. (0x08|0x0064) plen 9  #129 [hci0]
        Number of CIS: 2
        CIS Handle: 257
        ACL Handle: 42
        CIS Handle: 258
        ACL Handle: 42
> HCI Event: Command Status (0x0f) plen 4           #130 [hci0]
      LE Create Connected Isochronous Stream (0x08|0x0064) ncmd 1
        Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 29           #131 [hci0]
      LE Connected Isochronous Stream Established (0x19)
        Status: Success (0x00)
        Connection Handle: 257
        ...
< HCI Command: LE Setup Is.. (0x08|0x006e) plen 13  #132 [hci0]
        ...
> HCI Event: Command Complete (0x0e) plen 6         #133 [hci0]
      LE Setup Isochronous Data Path (0x08|0x006e) ncmd 1
        ...
< HCI Command: LE Create Co.. (0x08|0x0064) plen 5  #134 [hci0]
        Number of CIS: 1
        CIS Handle: 258
        ACL Handle: 42
> HCI Event: Command Status (0x0f) plen 4           #135 [hci0]
      LE Create Connected Isochronous Stream (0x08|0x0064) ncmd 1
        Status: ACL Connection Already Exists (0x0b)
> HCI Event: LE Meta Event (0x3e) plen 29           #136 [hci0]
      LE Connected Isochronous Stream Established (0x19)
        Status: Success (0x00)
        Connection Handle: 258
        ...

The emulator uses Already Exists error code here, not Command
Disallowed, since the Established events are logically generated
immediately after the first status event, even though the kernel hasn't
yet processed them.

diff --git a/emulator/btdev.c b/emulator/btdev.c
index 98d7af9..08506c6 100755 (executable)
--- a/emulator/btdev.c
+++ b/emulator/btdev.c
@@ -5903,6 +5903,38 @@ static int cmd_set_cig_params_test(struct btdev *dev, const void *data,
 
 static int cmd_create_cis(struct btdev *dev, const void *data, uint8_t len)
 {
+       const struct bt_hci_cmd_le_create_cis *cmd = data;
+       int i, j;
+
+       for (i = 0; i < cmd->num_cis; i++) {
+               const struct bt_hci_cis *cis = &cmd->cis[i];
+               struct btdev_conn *acl;
+               struct btdev_conn *iso;
+               int cig_idx, cis_idx;
+
+               /* Check for errors (Core v5.3 Vol 4 Part E Sec. 7.8.99) */
+               for (j = 0; j < i; j++)
+                       if (cis->cis_handle == cmd->cis[j].cis_handle)
+                               return -EINVAL;
+
+               cig_idx = parse_cis_handle(le16_to_cpu(cis->cis_handle),
+                                                               &cis_idx);
+               if (cig_idx < 0)
+                       return -ENOENT;
+               if (cis_idx >= dev->le_cig[cig_idx].params.num_cis)
+                       return -ENOENT;
+
+               acl = queue_find(dev->conns, match_handle,
+                                UINT_TO_PTR(le16_to_cpu(cis->acl_handle)));
+               if (!acl)
+                       return -ENOENT;
+
+               iso = queue_find(dev->conns, match_handle,
+                                UINT_TO_PTR(le16_to_cpu(cis->cis_handle)));
+               if (iso)
+                       return -EEXIST;
+       }
+
        cmd_status(dev, BT_HCI_ERR_SUCCESS, BT_HCI_CMD_LE_CREATE_CIS);
 
        return 0;
@@ -7142,6 +7174,12 @@ static const struct btdev_cmd *run_cmd(struct btdev *btdev,
        case -EPERM:
                status = BT_HCI_ERR_COMMAND_DISALLOWED;
                break;
+       case -EEXIST:
+               status = BT_HCI_ERR_CONN_ALREADY_EXISTS;
+               break;
+       case -ENOENT:
+               status = BT_HCI_ERR_UNKNOWN_CONN_ID;
+               break;
        default:
                status = BT_HCI_ERR_UNSPECIFIED_ERROR;
                break;

diff --git a/monitor/bt.h b/monitor/bt.h
index 7f62862..4596df4 100755 (executable)
--- a/monitor/bt.h
+++ b/monitor/bt.h
@@ -3712,6 +3712,7 @@ struct bt_hci_evt_le_big_info_adv_report {
 #define BT_HCI_ERR_AUTH_FAILURE                        0x05
 #define BT_HCI_ERR_PIN_OR_KEY_MISSING          0x06
 #define BT_HCI_ERR_MEM_CAPACITY_EXCEEDED       0x07
+#define BT_HCI_ERR_CONN_ALREADY_EXISTS         0x0b
 #define BT_HCI_ERR_COMMAND_DISALLOWED          0x0c
 #define BT_HCI_ERR_UNSUPPORTED_FEATURE         0x11
 #define BT_HCI_ERR_INVALID_PARAMETERS          0x12