[1/3] Bluetooth: Add new quirk for broken local ext features max_page
diff mbox series

Message ID 20200705195110.405139-2-anarsoul@gmail.com
State New
Headers show
Series
  • arm64: allwinner: a64: add bluetooth support for Pinebook
Related show

Commit Message

Vasily Khoruzhick July 5, 2020, 7:51 p.m. UTC
Some adapters (e.g. RTL8723CS) advertise that they have more than
2 pages for local ext features, but they don't support any features
declared in these pages. RTL8723CS reports max_page = 2 and declares
support for sync train and secure connection, but it responds with
either garbage or with error in status on corresponding commands.

Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
---
 include/net/bluetooth/hci.h | 7 +++++++
 net/bluetooth/hci_event.c   | 4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)

Comments

Marcel Holtmann July 7, 2020, 4:03 p.m. UTC | #1
Hi Vasily,

> Some adapters (e.g. RTL8723CS) advertise that they have more than
> 2 pages for local ext features, but they don't support any features
> declared in these pages. RTL8723CS reports max_page = 2 and declares
> support for sync train and secure connection, but it responds with
> either garbage or with error in status on corresponding commands.

please send the btmon for this so I can see what the controller is responding.

Regards

Marcel
Vasily Khoruzhick July 13, 2020, 5:08 a.m. UTC | #2
On Tue, Jul 7, 2020 at 9:03 AM Marcel Holtmann <marcel@holtmann.org> wrote:
>
> Hi Vasily,
>
> > Some adapters (e.g. RTL8723CS) advertise that they have more than
> > 2 pages for local ext features, but they don't support any features
> > declared in these pages. RTL8723CS reports max_page = 2 and declares
> > support for sync train and secure connection, but it responds with
> > either garbage or with error in status on corresponding commands.
>
> please send the btmon for this so I can see what the controller is responding.

Here is relevant part:

< HCI Command: Read Local Extend.. (0x04|0x0004) plen 1  #228 [hci0] 6.889869
        Page: 2
> HCI Event: Command Complete (0x0e) plen 14             #229 [hci0] 6.890487
      Read Local Extended Features (0x04|0x0004) ncmd 2
        Status: Success (0x00)
        Page: 2/2
        Features: 0x5f 0x03 0x00 0x00 0x00 0x00 0x00 0x00
          Connectionless Slave Broadcast - Master
          Connectionless Slave Broadcast - Slave
          Synchronization Train
          Synchronization Scan
          Inquiry Response Notification Event
          Coarse Clock Adjustment
          Secure Connections (Controller Support)
          Ping
< HCI Command: Delete Stored Lin.. (0x03|0x0012) plen 7  #230 [hci0] 6.890559
        Address: 00:00:00:00:00:00 (OUI 00-00-00)
        Delete all: 0x01
> HCI Event: Command Complete (0x0e) plen 6              #231 [hci0] 6.891170
      Delete Stored Link Key (0x03|0x0012) ncmd 2
        Status: Success (0x00)
        Num keys: 0
< HCI Command: Read Synchronizat.. (0x03|0x0077) plen 0  #232 [hci0] 6.891199
> HCI Event: Command Complete (0x0e) plen 9              #233 [hci0] 6.891788
      Read Synchronization Train Parameters (0x03|0x0077) ncmd 2
        invalid packet size
        01 ac bd 11 80 80                                ......
= Close Index: 00:E0:4C:23:99:87                              [hci0] 6.891832

hci0 registration stops here and bluetoothctl doesn't even see the controller.

> Regards
>
> Marcel
>
Marcel Holtmann July 13, 2020, 6:27 a.m. UTC | #3
Hi Vasily,

>>> Some adapters (e.g. RTL8723CS) advertise that they have more than
>>> 2 pages for local ext features, but they don't support any features
>>> declared in these pages. RTL8723CS reports max_page = 2 and declares
>>> support for sync train and secure connection, but it responds with
>>> either garbage or with error in status on corresponding commands.
>> 
>> please send the btmon for this so I can see what the controller is responding.
> 
> Here is relevant part:
> 
> < HCI Command: Read Local Extend.. (0x04|0x0004) plen 1  #228 [hci0] 6.889869
>        Page: 2
>> HCI Event: Command Complete (0x0e) plen 14             #229 [hci0] 6.890487
>      Read Local Extended Features (0x04|0x0004) ncmd 2
>        Status: Success (0x00)
>        Page: 2/2
>        Features: 0x5f 0x03 0x00 0x00 0x00 0x00 0x00 0x00
>          Connectionless Slave Broadcast - Master
>          Connectionless Slave Broadcast - Slave
>          Synchronization Train
>          Synchronization Scan
>          Inquiry Response Notification Event
>          Coarse Clock Adjustment
>          Secure Connections (Controller Support)
>          Ping
> < HCI Command: Delete Stored Lin.. (0x03|0x0012) plen 7  #230 [hci0] 6.890559
>        Address: 00:00:00:00:00:00 (OUI 00-00-00)
>        Delete all: 0x01
>> HCI Event: Command Complete (0x0e) plen 6              #231 [hci0] 6.891170
>      Delete Stored Link Key (0x03|0x0012) ncmd 2
>        Status: Success (0x00)
>        Num keys: 0
> < HCI Command: Read Synchronizat.. (0x03|0x0077) plen 0  #232 [hci0] 6.891199
>> HCI Event: Command Complete (0x0e) plen 9              #233 [hci0] 6.891788
>      Read Synchronization Train Parameters (0x03|0x0077) ncmd 2
>        invalid packet size
>        01 ac bd 11 80 80                                ......
> = Close Index: 00:E0:4C:23:99:87                              [hci0] 6.891832
> 
> hci0 registration stops here and bluetoothctl doesn't even see the controller.

maybe just the read sync train params command is broken? Can you change the init code and not send it and see if the rest of the init phase proceeds. I would rather have the secure connections actually tested before dismissing it altogether.

Mind you, there were broken Broadcom implementation of connectionless slave broadcast as well. Maybe this is similar.

Regards

Marcel
Vasily Khoruzhick July 13, 2020, 4 p.m. UTC | #4
On Sun, Jul 12, 2020 at 11:28 PM Marcel Holtmann <marcel@holtmann.org> wrote:

Hi Marcel,

> maybe just the read sync train params command is broken? Can you change the init code and not send it and see if the rest of the init phase proceeds. I would rather have the secure connections actually tested before dismissing it altogether.

I don't think that I have any devices that support secure connections
to test, I've got only a bluetooth mouse and headphones, both are from
the 2.0 era.

FWIW unofficial recommendation from Realtek to Pine64 was to avoid
using any 4.1+ features on this chip. Unfortunately I don't have any
contacts with Realtek, so I can't confirm that.

> Mind you, there were broken Broadcom implementation of connectionless slave broadcast as well. Maybe this is similar.

I'd prefer to stick to what works unless there's some comprehensive
test that can figure out what's broken.

Regards,
Vasily
Marcel Holtmann July 13, 2020, 4:32 p.m. UTC | #5
Hi Vasily,

>> maybe just the read sync train params command is broken? Can you change the init code and not send it and see if the rest of the init phase proceeds. I would rather have the secure connections actually tested before dismissing it altogether.
> 
> I don't think that I have any devices that support secure connections
> to test, I've got only a bluetooth mouse and headphones, both are from
> the 2.0 era.
> 
> FWIW unofficial recommendation from Realtek to Pine64 was to avoid
> using any 4.1+ features on this chip. Unfortunately I don't have any
> contacts with Realtek, so I can't confirm that.
> 
>> Mind you, there were broken Broadcom implementation of connectionless slave broadcast as well. Maybe this is similar.
> 
> I'd prefer to stick to what works unless there's some comprehensive
> test that can figure out what's broken.

check if removing the read sync trains params command makes the controller initialize and usable. Then we see about the rest.

Regards

Marcel

Patch
diff mbox series

diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index 16ab6ce87883..8e4c16210d18 100644
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -227,6 +227,13 @@  enum {
 	 * supported.
 	 */
 	HCI_QUIRK_VALID_LE_STATES,
+
+	/* When this quirk is set, max_page for local extended features
+	 * is set to 1, even if controller reports higher number. Some
+	 * controllers (e.g. RTL8723CS) report more pages, but they
+	 * don't actually support features declared there.
+	 */
+	HCI_QUIRK_BROKEN_LOCAL_EXT_FTR_MAX_PAGE,
 };
 
 /* HCI device flags */
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index cfeaee347db3..df3232828978 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -700,7 +700,9 @@  static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
 	if (rp->status)
 		return;
 
-	if (hdev->max_page < rp->max_page)
+	if (!test_bit(HCI_QUIRK_BROKEN_LOCAL_EXT_FTR_MAX_PAGE,
+		      &hdev->quirks) &&
+	    hdev->max_page < rp->max_page)
 		hdev->max_page = rp->max_page;
 
 	if (rp->page < HCI_MAX_PAGES)