lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 23 Jun 2009 23:14:51 +0300
From:	Brian Marete <bgmarete@...il.com>
To:	Marcel Holtmann <marcel@...tmann.org>
Cc:	LKML <linux-kernel@...r.kernel.org>
Subject: Re: Regression: Problem in using USB Bluetooth Dongle (Worked fine in 
	2.6.24.x)

On Tue, May 12, 2009 at 7:15 PM, Brian Marete<bgmarete@...il.com> wrote:
> On Mon, May 11, 2009 at 11:46 AM, Marcel Holtmann <marcel@...tmann.org> wrote:
>> Hi Brian,
>>
>>> >> At least until kernel version 2.6.24, I was able to use my USB
>>> >> bluetooth dongle to download contacts from my phone. I made a jump
>>> >> from 2.6.24 to 2.6.27, so I am not sure exactly which kernel version
>>> >> starts the problem, but all kernels from the latter (2.6.27) now do
>>> >> not work. The latest kernel I have tested is 2.6.29.2.
>>> >
>>> > can you test 2.6.30-rc4 or bluetooth-testing.git. I am pretty sure that
>>> > whatever broke in 2.6.27 has been fixed by now. Some cheapo USB dongles
>>> > behaved wrongly and it was a long time not clear what caused it.
>>>
>>> Alas, the regression is still there in 2.6.30-rc5 which I tested over
>>> the weekend.
>>>
>>> I also forgot to mention that, even with the kernels with the
>>> regression, device pairing using the dongle still works.
>>>
>>> Would a packet capture (usbmon) help? Willing to capture whatever
>>> other debugging data that you think may help
>>
>> if device pairing works fine, the I guess this is a different problem.
>> It could be that your USB host controller doesn't like the device. Or
>> you forgot to load the EHCI driver or something. Otherwise your dongle
>> should work fine. Since pairing works, what does hciconfig -a says?
>>
>
> Hello,
>
> EHCI is actually loaded. See my regression report in my original email.
>
> Regarding some conflict with the host controller, well, it did work
> fine in 2.6.24.
>
> Is there some other debug output I can collect or some other
> information that I can provide to help identify the source of the
> regression?
>

Hello,

The regression persists even in the latest kernels.

Decided to collect some more debug information on this problem. This
output is from the same system detailed above running on
kernel 2.6.28.10:

Here is the output of hciconfig -a:

hci0:	Type: USB
	BD Address: BB:4A:BB:33:40:36 ACL MTU: 339:6 SCO MTU: 180:1
	UP RUNNING PSCAN ISCAN
	RX bytes:14299 acl:0 sco:0 events:386 errors:0
	TX bytes:2221 acl:0 sco:0 commands:231 errors:0
	Features: 0xef 0x3e 0x09 0xf0 0x0b 0x08 0x00 0x80
	Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
	Link policy: RSWITCH HOLD SNIFF PARK
	Link mode: SLAVE ACCEPT
	Name: 'oqb-0'
	Class: 0x08010c
	Service Classes: Capturing
	Device Class: Computer, Laptop
	HCI Ver: 1.2 (0x2) HCI Rev: 0x2 LMP Ver: 1.2 (0x2) LMP Subver: 0x2
	Manufacturer: Accel Semiconductor Ltd. (74)
-----------------------------------------------------------------------------

Here is the output and hcidump of l2ping:

$ sudo l2ping 00:21:AB:9D:0C:C8
Can't connect: Device or resource busy

HCI sniffer - Bluetooth packet analyzer ver 1.40
device: hci0 snap_len: 1028 filter: 0xffffffff
< HCI Command: Create Connection (0x01|0x0005) plen 13
  C8 0C 9D AB 21 00 18 CC 02 00 00 00 01
> HCI Event: Command Status (0x0f) plen 4
  00 01 05 04
> HCI Event: Connect Complete (0x03) plen 11
  00 00 00 C8 0C 9D AB 21 00 01 00
< HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
  00 00
> HCI Event: Command Status (0x0f) plen 4
  0C 01 1B 04
< HCI Command: Remote Name Request (0x01|0x0019) plen 10
  C8 0C 9D AB 21 00 02 00 00 00
> HCI Event: Command Status (0x0f) plen 4
  00 01 19 04
> HCI Event: Max Slots Change (0x1b) plen 3
  00 00 05
< HCI Command: Disconnect (0x01|0x0006) plen 3
  00 00 13
> HCI Event: Command Status (0x0f) plen 4
  00 01 06 04
> HCI Event: Disconn Complete (0x05) plen 4
  00 00 00 16
--------------------------------------------------------------------------------------

And here is the output followed by the hcidump of an attempt to
connect with rfcomm:

$ sudo rfcomm connect 0
Can't connect RFCOMM socket: Device or resource busy

HCI sniffer - Bluetooth packet analyzer ver 1.40
device: hci0 snap_len: 1028 filter: 0xffffffff
< HCI Command: Create Connection (0x01|0x0005) plen 13
  C8 0C 9D AB 21 00 18 CC 02 00 00 00 01
> HCI Event: Command Status (0x0f) plen 4
  00 01 05 04
> HCI Event: Connect Complete (0x03) plen 11
  00 00 00 C8 0C 9D AB 21 00 01 00
< HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
  00 00
> HCI Event: Command Status (0x0f) plen 4
  0C 01 1B 04
< HCI Command: Remote Name Request (0x01|0x0019) plen 10
  C8 0C 9D AB 21 00 02 00 00 00
> HCI Event: Command Status (0x0f) plen 4
  00 01 19 04
> HCI Event: Max Slots Change (0x1b) plen 3
  00 00 05
< HCI Command: Disconnect (0x01|0x0006) plen 3
  00 00 13
> HCI Event: Command Status (0x0f) plen 4
  00 01 06 04
> HCI Event: Disconn Complete (0x05) plen 4
  00 00 00 16

-----------------------------------------------------------------------

Here is the output followed by a hcidump of using hcitool scan:

~$ sudo hcitool scan
Scanning ...
        00:21:AB:9D:0C:C8       Marete_

HCI sniffer - Bluetooth packet analyzer ver 1.40
device: hci0 snap_len: 1028 filter: 0xffffffff
< HCI Command: Inquiry (0x01|0x0001) plen 5
  33 8B 9E 08 00
> HCI Event: Command Status (0x0f) plen 4
  00 01 01 04
> HCI Event: Inquiry Result with RSSI (0x22) plen 15
  01 C8 0C 9D AB 21 00 01 02 04 02 5A 4C 35 00
> HCI Event: Inquiry Complete (0x01) plen 1
  00

----------------------------------------------------------------------

Here is the output and hcidump of running hcitool inq

$ hcitool inq 00:21:AB:9D:0C:C8
Inquiring ...
        00:21:AB:9D:0C:C8       clock offset: 0x354f    class: 0x5a0204

HCI sniffer - Bluetooth packet analyzer ver 1.40
device: hci0 snap_len: 1028 filter: 0xffffffff
< HCI Command: Inquiry (0x01|0x0001) plen 5
  33 8B 9E 08 00
> HCI Event: Command Status (0x0f) plen 4
  00 01 01 04
> HCI Event: Inquiry Result with RSSI (0x22) plen 15
  01 C8 0C 9D AB 21 00 01 02 04 02 5A 4F 35 00
> HCI Event: Inquiry Complete (0x01) plen 1
  00

-----------------------------------------------------------------------------

Here is the output and hcidump of running hcitool info

Requesting information ...
        BD Address:  00:21:AB:9D:0C:C8
        LMP Version: 2.0 (0x3) LMP Subversion: 0x6cc
        Manufacturer: Cambridge Silicon Radio (10)
        Features: 0xbf 0xee 0x0f 0xc6 0x9a 0x39 0x00 0x00
                <3-slot packets> <5-slot packets> <encryption> <slot offset>
                <timing accuracy> <role switch> <sniff mode> <RSSI>
                <channel quality> <SCO link> <HV3 packets> <u-law log>
                <A-law log> <CVSD> <paging scheme> <power control>
                <transparent SCO> <EDR ACL 2 Mbps> <EDR ACL 3 Mbps>
                <inquiry with RSSI> <extended SCO> <EV5 packets>
                <AFH cap. slave> <AFH class. slave> <3-slot EDR ACL>
                <5-slot EDR ACL> <AFH cap. master> <AFH class. master>
                <EDR eSCO 2 Mbps>


HCI sniffer - Bluetooth packet analyzer ver 1.40
device: hci0 snap_len: 1028 filter: 0xffffffff
< HCI Command: Create Connection (0x01|0x0005) plen 13
  C8 0C 9D AB 21 00 18 CC 02 00 00 00 01
> HCI Event: Command Status (0x0f) plen 4
  00 01 05 04
> HCI Event: Connect Complete (0x03) plen 11
  00 00 00 C8 0C 9D AB 21 00 01 00
< HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
  00 00
> HCI Event: Command Status (0x0f) plen 4
  0C 01 1B 04
< HCI Command: Remote Name Request (0x01|0x0019) plen 10
  C8 0C 9D AB 21 00 02 00 00 00
> HCI Event: Command Status (0x0f) plen 4
  00 01 19 04
< HCI Command: Remote Name Request (0x01|0x0019) plen 10
  C8 0C 9D AB 21 00 02 00 00 00
> HCI Event: Command Status (0x0f) plen 4
  0C 01 19 04
< HCI Command: Read Remote Version Information (0x01|0x001d) plen 2
  00 00
> HCI Event: Command Status (0x0f) plen 4
  00 01 1D 04
> HCI Event: Max Slots Change (0x1b) plen 3
  00 00 05
< HCI Command: Disconnect (0x01|0x0006) plen 3
  00 00 13
> HCI Event: Command Status (0x0f) plen 4
  0C 01 06 04
> HCI Event: Remote Name Req Complete (0x07) plen 255
  00 C8 0C 9D AB 21 00 4D 61 72 65 74 65 35 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> HCI Event: Read Remote Ver Info Complete (0x0c) plen 8
  00 00 00 03 0A 00 CC 06
< HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
  00 00
> HCI Event: Command Status (0x0f) plen 4
  00 01 1B 04
> HCI Event: Read Remote Supported Features (0x0b) plen 11
  00 00 00 BF EE 0F C6 9A 39 00 00
< HCI Command: Disconnect (0x01|0x0006) plen 3
  00 00 13
> HCI Event: Command Status (0x0f) plen 4
  00 01 06 04
> HCI Event: Disconn Complete (0x05) plen 4
  00 00 00 16
------------------------------------------------------------------------

Pairing from the __phone__ works, even in the kernels with the
regression. Here is the hcidump of a pairing:

HCI sniffer - Bluetooth packet analyzer ver 1.40
device: hci0 snap_len: 1028 filter: 0xffffffff
> HCI Event: Connect Request (0x04) plen 10
  C8 0C 9D AB 21 00 04 02 5A 01
< HCI Command: Accept Connection Request (0x01|0x0009) plen 7
  C8 0C 9D AB 21 00 01
> HCI Event: Command Status (0x0f) plen 4
  00 01 09 04
> HCI Event: PIN Code Request (0x16) plen 6
  C8 0C 9D AB 21 00
< HCI Command: Read Local Name (0x03|0x0014) plen 0
> HCI Event: Command Complete (0x0e) plen 252
  01 14 0C 00 6F 71 62 2D 30 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00
< HCI Command: PIN Code Request Reply (0x01|0x000d) plen 23
  C8 0C 9D AB 21 00 04 30 30 30 30 00 00 00 00 00 00 00 00 00
  00 00 00
> HCI Event: Command Complete (0x0e) plen 10
  01 0D 04 00 C8 0C 9D AB 21 00
> HCI Event: Link Key Notification (0x18) plen 23
  C8 0C 9D AB 21 00 F9 27 CF D2 05 07 0E 16 36 99 2A 18 FB 12
  13 1D 00
> HCI Event: Connect Complete (0x03) plen 11
  00 00 00 C8 0C 9D AB 21 00 01 00
< HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
  00 00
> HCI Event: Max Slots Change (0x1b) plen 3
  00 00 05
> HCI Event: Command Status (0x0f) plen 4
  00 01 1B 04
< HCI Command: Change Connection Packet Type (0x01|0x000f) plen 4
  00 00 18 CC
> HCI Event: Command Status (0x0f) plen 4
  00 01 0F 04
> HCI Event: Connection Packet Type Changed (0x1d) plen 5
  00 00 00 00 80
> HCI Event: Read Remote Supported Features (0x0b) plen 11
  00 00 00 BF EE 0F C6 9A 39 00 00
< HCI Command: Remote Name Request (0x01|0x0019) plen 10
  C8 0C 9D AB 21 00 02 00 00 00
> HCI Event: Command Status (0x0f) plen 4
  00 01 19 04
< HCI Command: Read Local Name (0x03|0x0014) plen 0
> HCI Event: Remote Name Req Complete (0x07) plen 255
  00 C8 0C 9D AB 21 00 4D 61 72 65 74 65 16 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> HCI Event: Command Complete (0x0e) plen 252
  01 14 0C 00 6F 71 62 2D 30 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00
> HCI Event: Disconn Complete (0x05) plen 4
  00 00 00 13

-------------------------------------------------------------------------

Here is the hcidump of (failed) attempt to browse the phone using obex
(By using the gnome bt applet)

HCI sniffer - Bluetooth packet analyzer ver 1.40
device: hci0 snap_len: 1028 filter: 0xffffffff
< HCI Command: Inquiry (0x01|0x0001) plen 5
  33 8B 9E 08 00
> HCI Event: Command Status (0x0f) plen 4
  00 01 01 04
> HCI Event: Inquiry Result with RSSI (0x22) plen 15
  01 C8 0C 9D AB 21 00 01 02 04 02 5A 58 35 00
< HCI Command: Inquiry Cancel (0x01|0x0002) plen 0
> HCI Event: Command Complete (0x0e) plen 4
  01 02 04 00
< HCI Command: Create Connection (0x01|0x0005) plen 13
  C8 0C 9D AB 21 00 18 CC 01 00 58 B5 01
> HCI Event: Command Status (0x0f) plen 4
  00 01 05 04
> HCI Event: Connect Complete (0x03) plen 11
  00 00 00 C8 0C 9D AB 21 00 01 00
< HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
  00 00
> HCI Event: Command Status (0x0f) plen 4
  0C 01 1B 04
< HCI Command: Remote Name Request (0x01|0x0019) plen 10
  C8 0C 9D AB 21 00 02 00 00 00
> HCI Event: Command Status (0x0f) plen 4
  00 01 19 04
> HCI Event: Max Slots Change (0x1b) plen 3
  00 00 05
< HCI Command: Disconnect (0x01|0x0006) plen 3
  00 00 13
> HCI Event: Command Status (0x0f) plen 4
  00 01 06 04
> HCI Event: Disconn Complete (0x05) plen 4
  00 00 00 16

Since you mentioned that you suspect that this is a USB problem,
attached is the usbmon capture of trying to l2ping the phone
(usbmon_l2ping_bt_dongle.txt). Also attached are the contents of
/proc/bus/usb/devices at the time of testing (devices.txt).

Finally, I note that my problem seems to be identical to the one described in:

http://bbs.archlinux.org/viewtopic.php?id=60158

The user there also notes that this is a regression introduces in
2.6.27, which is also my experience.

I hope this helps. Much obliged.

-- 
B. Gitonga Marete
Tel: +254-722-151-590

View attachment "usbmon_l2ping_bt_dongle.txt" of type "text/plain" (3552 bytes)

View attachment "devices.txt" of type "text/plain" (5631 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ