michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: Controller: Fail on multiple PHY use in PHY_UPDATE_IND

Browse source 
Disconnect connection if peer central uses multiple PHYs in
PHY_UPDATE_IND PDU.

Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
This commit is contained in:
Vinayak Kariappa Chettimada 2021-07-15 11:15:46 +05:30 committed by Carles Cufí
commit d8f4759c5f
1 changed files with 17 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
subsys/bluetooth/controller/ll_sw/ull_conn.c
View file

@ -5463,6 +5463,7 @@ static inline uint8_t phy_upd_ind_recv(struct ll_conn *conn, memq_link_t *link,
{
struct pdu_data_llctrl_phy_upd_ind *ind = &pdu_rx->llctrl.phy_upd_ind;
uint16_t instant;
uint8_t phy;
/* Both tx and rx PHY unchanged */
if (!((ind->m_to_s_phy | ind->s_to_m_phy) & 0x07)) {
@ -5504,6 +5505,22 @@ static inline uint8_t phy_upd_ind_recv(struct ll_conn *conn, memq_link_t *link,
return 0;
}
/* Fail on multiple PHY specified */
phy = ind->m_to_s_phy;
if (util_ones_count_get(&phy, sizeof(phy)) > 1U) {
/* Mark for buffer for release */
(*rx)->hdr.type = NODE_RX_TYPE_RELEASE;
return BT_HCI_ERR_INVALID_LL_PARAM;
}
phy = ind->s_to_m_phy;
if (util_ones_count_get(&phy, sizeof(phy)) > 1U) {
/* Mark for buffer for release */
(*rx)->hdr.type = NODE_RX_TYPE_RELEASE;
return BT_HCI_ERR_INVALID_LL_PARAM;
}
/* instant passed */
instant = sys_le16_to_cpu(ind->instant);
if (((instant - conn->lll.event_counter) & 0xffff) > 0x7fff) {