Bluetooth: Controller: Fix HCI command parameter check failures

Fix assorted HCI command parameter check failures faced
during conformance testing.

Signed-off-by: Vinayak Kariappa Chettimada <[email protected]>

Author: cvinayak

subsys/bluetooth/controller/hci/hci.c

@@ -3278,10 +3278,12 @@ static void le_per_adv_create_sync(struct net_buf *buf, struct net_buf **evt)
 	uint8_t status;
 	uint16_t skip;
 
-	if (adv_cmds_ext_check(evt)) {
+	if (adv_cmds_ext_check(NULL)) {
+		*evt = cmd_status(BT_HCI_ERR_CMD_DISALLOWED);
 		return;
 	}
 
+
 	skip = sys_le16_to_cpu(cmd->skip);
 	sync_timeout = sys_le16_to_cpu(cmd->sync_timeout);
 
@@ -3334,6 +3336,10 @@ static void le_per_adv_recv_enable(struct net_buf *buf, struct net_buf **evt)
 	uint16_t handle;
 	uint8_t status;
 
+	if (adv_cmds_ext_check(evt)) {
+		return;
+	}
+
 	handle = sys_le16_to_cpu(cmd->handle);
 
 	status = ll_sync_recv_enable(handle, cmd->enable);

subsys/bluetooth/controller/ll_sw/ull_adv_sync.c

@@ -511,7 +511,12 @@ uint8_t ll_adv_sync_enable(uint8_t handle, uint8_t enable)
 
 	lll_sync = adv->lll.sync;
 	if (!lll_sync) {
-		return BT_HCI_ERR_UNKNOWN_ADV_IDENTIFIER;
+		return BT_HCI_ERR_CMD_DISALLOWED;
+	}
+
+	/* TODO: Add Periodic Advertising ADI Support feature */
+	if (enable > 1U) {
+		return BT_HCI_ERR_UNSUPP_FEATURE_PARAM_VAL;
 	}
 
 	sync = HDR_LLL2ULL(lll_sync);

subsys/bluetooth/controller/ll_sw/ull_central.c

@@ -77,9 +77,11 @@ uint8_t ll_create_connection(uint16_t scan_interval, uint16_t scan_window,
 #endif /* !CONFIG_BT_CTLR_ADV_EXT */
 {
 	struct lll_conn *conn_lll;
-	struct ll_scan_set *scan;
 	uint32_t conn_interval_us;
+	uint8_t own_id_addr_type;
+	struct ll_scan_set *scan;
 	uint32_t ready_delay_us;
+	uint8_t *own_id_addr;
 	struct lll_scan *lll;
 	struct ll_conn *conn;
 	uint16_t max_tx_time;
@@ -93,12 +95,15 @@ uint8_t ll_create_connection(uint16_t scan_interval, uint16_t scan_window,
 		return BT_HCI_ERR_CMD_DISALLOWED;
 	}
 
-#if defined(CONFIG_BT_CTLR_CHECK_SAME_PEER_CONN)
-	const uint8_t own_id_addr_type = (own_addr_type & 0x01);
-	const uint8_t *own_id_addr;
+	/* Check if random address has been set */
+	own_id_addr_type = (own_addr_type & 0x01);
+	own_id_addr = ll_addr_get(own_id_addr_type);
+	if (own_id_addr_type && !mem_nz((void *)own_id_addr, BDADDR_SIZE)) {
+		return BT_HCI_ERR_INVALID_PARAM;
+	}
 
+#if defined(CONFIG_BT_CTLR_CHECK_SAME_PEER_CONN)
 	/* Do not connect twice to the same peer */
-	own_id_addr = ll_addr_get(own_id_addr_type);
 	if (ull_conn_peer_connected(own_id_addr_type, own_id_addr,
 				    peer_addr_type, peer_addr)) {
 		return BT_HCI_ERR_CONN_ALREADY_EXISTS;

subsys/bluetooth/controller/ll_sw/ull_conn.c

@@ -547,10 +547,26 @@ uint8_t ll_version_ind_send(uint16_t handle)
 }
 
 #if defined(CONFIG_BT_CTLR_DATA_LENGTH)
-uint32_t ll_length_req_send(uint16_t handle, uint16_t tx_octets, uint16_t tx_time)
+uint32_t ll_length_req_send(uint16_t handle, uint16_t tx_octets,
+			    uint16_t tx_time)
 {
 	struct ll_conn *conn;
 
+#if defined(CONFIG_BT_CTLR_PARAM_CHECK)
+#if defined(CONFIG_BT_CTLR_PHY_CODED)
+	uint16_t tx_time_max =
+			PDU_DC_MAX_US(CONFIG_BT_BUF_ACL_TX_SIZE, PHY_CODED);
+#else /* !CONFIG_BT_CTLR_PHY_CODED */
+	uint16_t tx_time_max =
+			PDU_DC_MAX_US(CONFIG_BT_BUF_ACL_TX_SIZE, PHY_1M);
+#endif /* !CONFIG_BT_CTLR_PHY_CODED */
+
+	if ((tx_octets > CONFIG_BT_BUF_ACL_TX_SIZE) ||
+	    (tx_time > tx_time_max)) {
+		return BT_HCI_ERR_INVALID_PARAM;
+	}
+#endif /* CONFIG_BT_CTLR_PARAM_CHECK */
+
 	conn = ll_connected_get(handle);
 	if (!conn) {
 		return BT_HCI_ERR_UNKNOWN_CONN_ID;