tests: Bluetooth: Add test for invalid LLCP PDU sized

This verifies that invalid size PDUs are detected.

Signed-off-by: Szymon Janc <[email protected]>

Author: sjanc

tests/bluetooth/controller/common/include/helper_pdu.h

@@ -52,6 +52,8 @@ void helper_pdu_encode_cte_req(struct pdu_data *pdu, void *param);
 void helper_pdu_encode_cte_rsp(struct pdu_data *pdu, void *param);
 void helper_node_encode_cte_rsp(struct node_rx_pdu *rx, void *param);
 
+void helper_pdu_encode_zero(struct pdu_data *pdu, void *param);
+
 void helper_pdu_verify_ping_req(const char *file, uint32_t line, struct pdu_data *pdu, void *param);
 void helper_pdu_verify_ping_rsp(const char *file, uint32_t line, struct pdu_data *pdu, void *param);
 
@@ -161,6 +163,7 @@ enum helper_pdu_opcode {
 	LL_LENGTH_RSP,
 	LL_CTE_REQ,
 	LL_CTE_RSP,
+	LL_ZERO,
 };
 
 enum helper_node_opcode {

tests/bluetooth/controller/common/src/helper_pdu.c

@@ -391,6 +391,12 @@ void helper_pdu_encode_cte_rsp(struct pdu_data *pdu, void *param)
 	pdu->llctrl.opcode = PDU_DATA_LLCTRL_TYPE_CTE_RSP;
 }
 
+void helper_pdu_encode_zero(struct pdu_data *pdu, void *param)
+{
+	pdu->ll_id = PDU_DATA_LLID_CTRL;
+	pdu->len = 0;
+}
+
 void helper_node_encode_cte_rsp(struct node_rx_pdu *rx, void *param)
 {
 	rx->hdr.rx_ftr.iq_report = (struct cte_conn_iq_report *)param;

tests/bluetooth/controller/common/src/helper_util.c

@@ -78,6 +78,7 @@ helper_pdu_encode_func_t *const helper_pdu_encode[] = {
 	[LL_LENGTH_RSP] = helper_pdu_encode_length_rsp,
 	[LL_CTE_REQ] = helper_pdu_encode_cte_req,
 	[LL_CTE_RSP] = helper_pdu_encode_cte_rsp,
+	[LL_ZERO] = helper_pdu_encode_zero,
 };
 
 helper_pdu_verify_func_t *const helper_pdu_verify[] = {

tests/bluetooth/controller/ctrl_invalid/CMakeLists.txt

@@ -0,0 +1,17 @@
+# SPDX-License-Identifier: Apache-2.0
+
+cmake_minimum_required(VERSION 3.20.0)
+
+if (NOT BOARD STREQUAL unit_testing)
+  message(FATAL_ERROR "This project can only be used with '-DBOARD=unit_testing'.")
+endif()
+
+FILE(GLOB SOURCES
+  src/*.c
+)
+
+project(bluetooth_ull_llcp_invalid)
+find_package(ZephyrUnittest HINTS $ENV{ZEPHYR_BASE})
+include(${ZEPHYR_BASE}/tests/bluetooth/controller/common/defaults_cmake.txt)
+
+target_sources(testbinary PRIVATE ${ll_sw_sources} ${mock_sources} ${common_sources})

tests/bluetooth/controller/ctrl_invalid/src/main.c

@@ -0,0 +1,184 @@
+/*
+ * Copyright (c) 2022 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include <zephyr/types.h>
+#include <ztest.h>
+
+#include <bluetooth/hci.h>
+#include <sys/byteorder.h>
+#include <sys/slist.h>
+#include <sys/util.h>
+#include "hal/ccm.h"
+
+#include "util/util.h"
+#include "util/mem.h"
+#include "util/memq.h"
+#include "util/dbuf.h"
+
+#include "pdu.h"
+#include "ll.h"
+#include "ll_settings.h"
+#include "ll_feat.h"
+
+#include "lll.h"
+#include "lll_df_types.h"
+#include "lll_conn.h"
+#include "ull_tx_queue.h"
+
+#include "ull_conn_types.h"
+#include "ull_llcp.h"
+#include "ull_llcp_internal.h"
+
+#include "helper_pdu.h"
+#include "helper_util.h"
+
+struct ll_conn test_conn;
+
+static void setup(void)
+{
+	test_setup(&test_conn);
+}
+
+#define LLCTRL_PDU_SIZE (offsetof(struct pdu_data, llctrl) + sizeof(struct pdu_data_llctrl))
+
+/* +-----+ +-------+            +-----+
+ * | UT  | | LL_A  |            | LT  |
+ * +-----+ +-------+            +-----+
+ *    |        |                   |
+ *    |        |             <PDU> |
+ *    |        |<------------------|
+ *    |        |                   |
+ */
+
+static void lt_tx_invalid_pdu_size(enum helper_pdu_opcode opcode, int adj_size)
+{
+	struct pdu_data_llctrl_unknown_rsp unknown_rsp;
+	struct pdu_data pdu;
+	struct node_tx *tx;
+	/* PDU contents does not matter when testing for invalid PDU size */
+	uint8_t data[LLCTRL_PDU_SIZE] = { 0 };
+
+	/* Encode a PDU for the opcode */
+	encode_pdu(opcode, &pdu, &data);
+
+	/* Setup the LL_UNKNOWN_RSP expected for the PDU */
+	if (opcode == LL_ZERO) {
+		/* we use 0xff in response if length was 0 */
+		unknown_rsp.type = PDU_DATA_LLCTRL_TYPE_UNUSED;
+	} else {
+		unknown_rsp.type = pdu.llctrl.opcode;
+	}
+
+	/* adjust PDU len */
+	pdu.len += adj_size;
+
+	/* Connect */
+	ull_cp_state_set(&test_conn, ULL_CP_CONNECTED);
+
+	/* Prepare */
+	event_prepare(&test_conn);
+
+	/* Rx */
+	lt_tx_no_encode(&pdu, &test_conn, NULL);
+
+	/* Done */
+	event_done(&test_conn);
+
+	/* Prepare */
+	event_prepare(&test_conn);
+
+	/* Tx Queue should have one LL Control PDU */
+	lt_rx(LL_UNKNOWN_RSP, &test_conn, &tx, &unknown_rsp);
+	lt_rx_q_is_empty(&test_conn);
+
+	/* Done */
+	event_done(&test_conn);
+
+	/* Release Tx */
+	ull_cp_release_tx(&test_conn, tx);
+
+	/* There should not be a host notifications */
+	ut_rx_q_is_empty();
+
+	zassert_equal(ctx_buffers_free(), test_ctx_buffers_cnt(),
+		      "Free CTX buffers %d", ctx_buffers_free());
+}
+
+void test_invalid_pdu_ignore_rx(void)
+{
+	/* Role */
+	test_set_role(&test_conn, BT_HCI_ROLE_PERIPHERAL);
+
+	/* Test too small PDUs */
+	lt_tx_invalid_pdu_size(LL_ZERO, 0); /* 0 length PDU */
+	lt_tx_invalid_pdu_size(LL_VERSION_IND, -1);
+/*	lt_tx_invalid_pdu_size(LL_LE_PING_REQ, -1); */
+/*	lt_tx_invalid_pdu_size(LL_LE_PING_RSP, -1); */
+	lt_tx_invalid_pdu_size(LL_FEATURE_REQ, -1);
+	lt_tx_invalid_pdu_size(LL_PERIPH_FEAT_XCHG, -1);
+	lt_tx_invalid_pdu_size(LL_FEATURE_RSP, -1);
+	lt_tx_invalid_pdu_size(LL_MIN_USED_CHANS_IND, -1);
+	lt_tx_invalid_pdu_size(LL_REJECT_IND, -1);
+	lt_tx_invalid_pdu_size(LL_REJECT_EXT_IND, -1);
+	lt_tx_invalid_pdu_size(LL_ENC_REQ, -1);
+	lt_tx_invalid_pdu_size(LL_ENC_RSP, -1);
+/*	lt_tx_invalid_pdu_size(LL_START_ENC_REQ, -1); 0 length */
+/*	lt_tx_invalid_pdu_size(LL_START_ENC_RSP, -1); 0 length */
+/*	lt_tx_invalid_pdu_size(LL_PAUSE_ENC_REQ, -1); 0 length */
+/*	lt_tx_invalid_pdu_size(LL_PAUSE_ENC_RSP, -1); 0 length */
+	lt_tx_invalid_pdu_size(LL_PHY_REQ, -1);
+	lt_tx_invalid_pdu_size(LL_PHY_RSP, -1);
+	lt_tx_invalid_pdu_size(LL_PHY_UPDATE_IND, -1);
+	lt_tx_invalid_pdu_size(LL_UNKNOWN_RSP, -1);
+	lt_tx_invalid_pdu_size(LL_CONNECTION_UPDATE_IND, -1);
+	lt_tx_invalid_pdu_size(LL_CONNECTION_PARAM_REQ, -1);
+	lt_tx_invalid_pdu_size(LL_CONNECTION_PARAM_RSP, -1);
+	lt_tx_invalid_pdu_size(LL_TERMINATE_IND, -1);
+	lt_tx_invalid_pdu_size(LL_CHAN_MAP_UPDATE_IND, -1);
+	lt_tx_invalid_pdu_size(LL_LENGTH_REQ, -1);
+	lt_tx_invalid_pdu_size(LL_LENGTH_RSP, -1);
+	lt_tx_invalid_pdu_size(LL_CTE_REQ, -1);
+/*	lt_tx_invalid_pdu_size(LL_CTE_RSP, -1); 0 length */
+
+	/* Test too big PDUs */
+	lt_tx_invalid_pdu_size(LL_VERSION_IND, 1);
+	lt_tx_invalid_pdu_size(LL_LE_PING_REQ, 1);
+	lt_tx_invalid_pdu_size(LL_LE_PING_RSP, 1);
+	lt_tx_invalid_pdu_size(LL_FEATURE_REQ, 1);
+	lt_tx_invalid_pdu_size(LL_PERIPH_FEAT_XCHG, 1);
+	lt_tx_invalid_pdu_size(LL_FEATURE_RSP, 1);
+	lt_tx_invalid_pdu_size(LL_MIN_USED_CHANS_IND, 1);
+	lt_tx_invalid_pdu_size(LL_REJECT_IND, 1);
+	lt_tx_invalid_pdu_size(LL_REJECT_EXT_IND, 1);
+	lt_tx_invalid_pdu_size(LL_ENC_REQ, 1);
+	lt_tx_invalid_pdu_size(LL_ENC_RSP, 1);
+	lt_tx_invalid_pdu_size(LL_START_ENC_REQ, 1);
+	lt_tx_invalid_pdu_size(LL_START_ENC_RSP, 1);
+	lt_tx_invalid_pdu_size(LL_PAUSE_ENC_REQ, 1);
+	lt_tx_invalid_pdu_size(LL_PAUSE_ENC_RSP, 1);
+	lt_tx_invalid_pdu_size(LL_PHY_REQ, 1);
+	lt_tx_invalid_pdu_size(LL_PHY_RSP, 1);
+	lt_tx_invalid_pdu_size(LL_PHY_UPDATE_IND, 1);
+	lt_tx_invalid_pdu_size(LL_UNKNOWN_RSP, 1);
+	lt_tx_invalid_pdu_size(LL_CONNECTION_UPDATE_IND, 1);
+	lt_tx_invalid_pdu_size(LL_CONNECTION_PARAM_REQ, 1);
+	lt_tx_invalid_pdu_size(LL_CONNECTION_PARAM_RSP, 1);
+	lt_tx_invalid_pdu_size(LL_TERMINATE_IND, 1);
+	lt_tx_invalid_pdu_size(LL_CHAN_MAP_UPDATE_IND, 1);
+	lt_tx_invalid_pdu_size(LL_LENGTH_REQ, 1);
+	lt_tx_invalid_pdu_size(LL_LENGTH_RSP, 1);
+	lt_tx_invalid_pdu_size(LL_CTE_REQ, 1);
+	lt_tx_invalid_pdu_size(LL_CTE_RSP, 1);
+}
+
+void test_main(void)
+{
+	ztest_test_suite(invalid,
+			 ztest_unit_test_setup_teardown(test_invalid_pdu_ignore_rx, setup,
+							unit_test_noop));
+
+	ztest_run_test_suite(invalid);
+}

tests/bluetooth/controller/ctrl_invalid/testcase.yaml

@@ -0,0 +1,5 @@
+common:
+    tags: test_framework bluetooth bt_invalid bt_ull_llcp
+tests:
+  bluetooth.controller.ctrl_invalid.test:
+     type: unit