| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Apr 2022 07:25:23 +0800
From: quic_zijuhu <quic_zijuhu@...cinc.com>
To: Marcel Holtmann <marcel@...tmann.org>
CC: Johan Hedberg <johan.hedberg@...il.com>,
Luiz Augusto von Dentz <luiz.dentz@...il.com>,
LKML <linux-kernel@...r.kernel.org>,
BlueZ <linux-bluetooth@...r.kernel.org>,
<linux-arm-msm@...r.kernel.org>
Subject: Re: [PATCH v1] Bluetooth: btusb: Set
HCI_QUIRK_BROKEN_ERR_DATA_REPORTING for QCA
On 4/27/2022 2:14 AM, Marcel Holtmann wrote:
> Hi,
>
>>>> Set HCI_QUIRK_BROKEN_ERR_DATA_REPORTING for QCA controllers since
>>>> they answer HCI_OP_READ_DEF_ERR_DATA_REPORTING with error code
>>>> "UNKNOWN HCI COMMAND" as shown below:
>>>>
>>>> [ 580.517552] Bluetooth: hci0: unexpected cc 0x0c5a length: 1 < 2
>>>> [ 580.517660] Bluetooth: hci0: Opcode 0x c5a failed: -38
>>>>
>>>> Signed-off-by: Zijun Hu <quic_zijuhu@...cinc.com>
>>>> ---
>>>> drivers/bluetooth/btusb.c | 2 ++
>>>> 1 file changed, 2 insertions(+)
>>>>
>>>> diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
>>>> index 06a854a2507e..a33f8705f147 100644
>>>> --- a/drivers/bluetooth/btusb.c
>>>> +++ b/drivers/bluetooth/btusb.c
>>>> @@ -3340,6 +3340,8 @@ static int btusb_setup_qca(struct hci_dev *hdev)
>>>> */
>>>> set_bit(HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN, &hdev->quirks);
>>>>
>>>> + set_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks);
>>>> +
>>>> return 0;
>>>> }
>>>
>>> please include the supported commands output from btmon that indicates that this hardware declares support for this command.
>>>
>> hcitool -i hci0 cmd 0x04 0x02
>> < HCI Command: ogf 0x04, ocf 0x0002, plen 0
>>> HCI Event: 0x0e plen 68
>> 01 02 10 00 FF FF FB 03 CE FF EF FF FF FF FF 1F F2 0F E8 FE
>> 3F F7 8F FF 1C 00 04 00 61 FF FF FF 7F BE 20 F5 FF F0 FF FF
>> FF FF FF FF FF EF FF FF FF FF 03 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00
>>
>> btmon output:
>> < HCI Command: Read Local Supported Commands (0x04|0x0002) plen 0 5.414488
>>> HCI Event: Command Complete (0x0e) plen 68 5.419751
>> Read Local Supported Commands (0x04|0x0002) ncmd 1
>> Status: Success (0x00)
>> Commands: 288 entries
>> Inquiry (Octet 0 - Bit 0)
>> Inquiry Cancel (Octet 0 - Bit 1)
>> Periodic Inquiry Mode (Octet 0 - Bit 2)
>> Exit Periodic Inquiry Mode (Octet 0 - Bit 3)
>> Create Connection (Octet 0 - Bit 4)
>> Disconnect (Octet 0 - Bit 5)
>> Add SCO Connection (Octet 0 - Bit 6)
>> Create Connection Cancel (Octet 0 - Bit 7)
>> Accept Connection Request (Octet 1 - Bit 0)
>> Reject Connection Request (Octet 1 - Bit 1)
>> Link Key Request Reply (Octet 1 - Bit 2)
>> Link Key Request Negative Reply (Octet 1 - Bit 3)
>> PIN Code Request Reply (Octet 1 - Bit 4)
>> PIN Code Request Negative Reply (Octet 1 - Bit 5)
>> Change Connection Packet Type (Octet 1 - Bit 6)
>> Authentication Requested (Octet 1 - Bit 7)
>> Set Connection Encryption (Octet 2 - Bit 0)
>> Change Connection Link Key (Octet 2 - Bit 1)
>> Remote Name Request (Octet 2 - Bit 3)
>> Remote Name Request Cancel (Octet 2 - Bit 4)
>> Read Remote Supported Features (Octet 2 - Bit 5)
>> Read Remote Extended Features (Octet 2 - Bit 6)
>> Read Remote Version Information (Octet 2 - Bit 7)
>> Read Clock Offset (Octet 3 - Bit 0)
>> Read LMP Handle (Octet 3 - Bit 1)
>> Hold Mode (Octet 4 - Bit 1)
>> Sniff Mode (Octet 4 - Bit 2)
>> Exit Sniff Mode (Octet 4 - Bit 3)
>> QoS Setup (Octet 4 - Bit 6)
>> Role Discovery (Octet 4 - Bit 7)
>> Switch Role (Octet 5 - Bit 0)
>> Read Link Policy Settings (Octet 5 - Bit 1)
>> Write Link Policy Settings (Octet 5 - Bit 2)
>> Read Default Link Policy Settings (Octet 5 - Bit 3)
>> Write Default Link Policy Settings (Octet 5 - Bit 4)
>> Flow Specification (Octet 5 - Bit 5)
>> Set Event Mask (Octet 5 - Bit 6)
>> Reset (Octet 5 - Bit 7)
>> Set Event Filter (Octet 6 - Bit 0)
>> Flush (Octet 6 - Bit 1)
>> Read PIN Type (Octet 6 - Bit 2)
>> Write PIN Type (Octet 6 - Bit 3)
>> Read Stored Link Key (Octet 6 - Bit 5)
>> Write Stored Link Key (Octet 6 - Bit 6)
>> Delete Stored Link Key (Octet 6 - Bit 7)
>> Write Local Name (Octet 7 - Bit 0)
>> Read Local Name (Octet 7 - Bit 1)
>> Read Connection Accept Timeout (Octet 7 - Bit 2)
>> Write Connection Accept Timeout (Octet 7 - Bit 3)
>> Read Page Timeout (Octet 7 - Bit 4)
>> Write Page Timeout (Octet 7 - Bit 5)
>> Read Scan Enable (Octet 7 - Bit 6)
>> Write Scan Enable (Octet 7 - Bit 7)
>> Read Page Scan Activity (Octet 8 - Bit 0)
>> Write Page Scan Activity (Octet 8 - Bit 1)
>> Read Inquiry Scan Activity (Octet 8 - Bit 2)
>> Write Inquiry Scan Activity (Octet 8 - Bit 3)
>> Read Authentication Enable (Octet 8 - Bit 4)
>> Write Authentication Enable (Octet 8 - Bit 5)
>> Read Encryption Mode (Octet 8 - Bit 6)
>> Write Encryption Mode (Octet 8 - Bit 7)
>> Read Class of Device (Octet 9 - Bit 0)
>> Write Class of Device (Octet 9 - Bit 1)
>> Read Voice Setting (Octet 9 - Bit 2)
>> Write Voice Setting (Octet 9 - Bit 3)
>> Read Automatic Flush Timeout (Octet 9 - Bit 4)
>> Write Automatic Flush Timeout (Octet 9 - Bit 5)
>> Read Num Broadcast Retransmissions (Octet 9 - Bit 6)
>> Write Num Broadcast Retransmissions (Octet 9 - Bit 7)
>> Read Hold Mode Activity (Octet 10 - Bit 0)
>> Write Hold Mode Activity (Octet 10 - Bit 1)
>> Read Transmit Power Level (Octet 10 - Bit 2)
>> Read Sync Flow Control Enable (Octet 10 - Bit 3)
>> Write Sync Flow Control Enable (Octet 10 - Bit 4)
>> Set Controller To Host Flow Control (Octet 10 - Bit 5)
>> Host Buffer Size (Octet 10 - Bit 6)
>> Host Number of Completed Packets (Octet 10 - Bit 7)
>> Read Link Supervision Timeout (Octet 11 - Bit 0)
>> Write Link Supervision Timeout (Octet 11 - Bit 1)
>> Read Number of Supported IAC (Octet 11 - Bit 2)
>> Read Current IAC LAP (Octet 11 - Bit 3)
>> Write Current IAC LAP (Octet 11 - Bit 4)
>> Set AFH Host Channel Classification (Octet 12 - Bit 1)
>> Read Inquiry Scan Type (Octet 12 - Bit 4)
>> Write Inquiry Scan Type (Octet 12 - Bit 5)
>> Read Inquiry Mode (Octet 12 - Bit 6)
>> Write Inquiry Mode (Octet 12 - Bit 7)
>> Read Page Scan Type (Octet 13 - Bit 0)
>> Write Page Scan Type (Octet 13 - Bit 1)
>> Read AFH Channel Assessment Mode (Octet 13 - Bit 2)
>> Write AFH Channel Assessment Mode (Octet 13 - Bit 3)
>> Read Local Version Information (Octet 14 - Bit 3)
>> Read Local Supported Features (Octet 14 - Bit 5)
>> Read Local Extended Features (Octet 14 - Bit 6)
>> Read Buffer Size (Octet 14 - Bit 7)
>> Read BD ADDR (Octet 15 - Bit 1)
>> Read Failed Contact Counter (Octet 15 - Bit 2)
>> Reset Failed Contact Counter (Octet 15 - Bit 3)
>> Read Link Quality (Octet 15 - Bit 4)
>> Read RSSI (Octet 15 - Bit 5)
>> Read AFH Channel Map (Octet 15 - Bit 6)
>> Read Clock (Octet 15 - Bit 7)
>> Read Loopback Mode (Octet 16 - Bit 0)
>> Write Loopback Mode (Octet 16 - Bit 1)
>> Enable Device Under Test Mode (Octet 16 - Bit 2)
>> Setup Synchronous Connection (Octet 16 - Bit 3)
>> Accept Synchronous Connection Request (Octet 16 - Bit 4)
>> Reject Synchronous Connection Request (Octet 16 - Bit 5)
>> Read Extended Inquiry Response (Octet 17 - Bit 0)
>> Write Extended Inquiry Response (Octet 17 - Bit 1)
>> Refresh Encryption Key (Octet 17 - Bit 2)
>> Sniff Subrating (Octet 17 - Bit 4)
>> Read Simple Pairing Mode (Octet 17 - Bit 5)
>> Write Simple Pairing Mode (Octet 17 - Bit 6)
>> Read Local OOB Data (Octet 17 - Bit 7)
>> Read Inquiry Response TX Power Level (Octet 18 - Bit 0)
>> Write Inquiry Transmit Power Level (Octet 18 - Bit 1)
>> Read Default Erroneous Data Reporting (Octet 18 - Bit 2)
>> Write Default Erroneous Data Reporting (Octet 18 - Bit 3)
>> IO Capability Request Reply (Octet 18 - Bit 7)
>> User Confirmation Request Reply (Octet 19 - Bit 0)
>> User Confirmation Request Neg Reply (Octet 19 - Bit 1)
>> User Passkey Request Reply (Octet 19 - Bit 2)
>> User Passkey Request Negative Reply (Octet 19 - Bit 3)
>> Remote OOB Data Request Reply (Octet 19 - Bit 4)
>> Write Simple Pairing Debug Mode (Octet 19 - Bit 5)
>> Enhanced Flush (Octet 19 - Bit 6)
>> Remote OOB Data Request Neg Reply (Octet 19 - Bit 7)
>> Send Keypress Notification (Octet 20 - Bit 2)
>> IO Capability Request Negative Reply (Octet 20 - Bit 3)
>> Read Encryption Key Size (Octet 20 - Bit 4)
>> Set Event Mask Page 2 (Octet 22 - Bit 2)
>> Read Enhanced Transmit Power Level (Octet 24 - Bit 0)
>> Read LE Host Supported (Octet 24 - Bit 5)
>> Write LE Host Supported (Octet 24 - Bit 6)
>> LE Set Event Mask (Octet 25 - Bit 0)
>> LE Read Buffer Size (Octet 25 - Bit 1)
>> LE Read Local Supported Features (Octet 25 - Bit 2)
>> Octet 25 - Bit 3
>> LE Set Random Address (Octet 25 - Bit 4)
>> LE Set Advertising Parameters (Octet 25 - Bit 5)
>> LE Read Advertising Channel TX Power (Octet 25 - Bit 6)
>> LE Set Advertising Data (Octet 25 - Bit 7)
>> LE Set Scan Response Data (Octet 26 - Bit 0)
>> LE Set Advertise Enable (Octet 26 - Bit 1)
>> LE Set Scan Parameters (Octet 26 - Bit 2)
>> LE Set Scan Enable (Octet 26 - Bit 3)
>> LE Create Connection (Octet 26 - Bit 4)
>> LE Create Connection Cancel (Octet 26 - Bit 5)
>> LE Read White List Size (Octet 26 - Bit 6)
>> LE Clear White List (Octet 26 - Bit 7)
>> LE Add Device To White List (Octet 27 - Bit 0)
>> LE Remove Device From White List (Octet 27 - Bit 1)
>> LE Connection Update (Octet 27 - Bit 2)
>> LE Set Host Channel Classification (Octet 27 - Bit 3)
>> LE Read Channel Map (Octet 27 - Bit 4)
>> LE Read Remote Used Features (Octet 27 - Bit 5)
>> LE Encrypt (Octet 27 - Bit 6)
>> LE Rand (Octet 27 - Bit 7)
>> LE Start Encryption (Octet 28 - Bit 0)
>> LE Long Term Key Request Reply (Octet 28 - Bit 1)
>> LE Long Term Key Request Neg Reply (Octet 28 - Bit 2)
>> LE Read Supported States (Octet 28 - Bit 3)
>> LE Receiver Test (Octet 28 - Bit 4)
>> LE Transmitter Test (Octet 28 - Bit 5)
>> LE Test End (Octet 28 - Bit 6)
>> Octet 29 - Bit 1
>> Octet 29 - Bit 2
>> Enhanced Setup Synchronous Connection (Octet 29 - Bit 3)
>> Enhanced Accept Synchronous Connection Request (Octet 29 - Bit 4)
>> Read Local Supported Codecs (Octet 29 - Bit 5)
>> Set External Frame Configuration (Octet 29 - Bit 7)
>> Set Triggered Clock Capture (Octet 30 - Bit 5)
>> Set Connectionless Slave Broadcast (Octet 31 - Bit 0)
>> Start Synchronization Train (Octet 31 - Bit 2)
>> Set Reserved LT_ADDR (Octet 31 - Bit 4)
>> Delete Reserved LT_ADDR (Octet 31 - Bit 5)
>> Set Connectionless Slave Broadcast Data (Octet 31 - Bit 6)
>> Read Synchronization Train Parameters (Octet 31 - Bit 7)
>> Write Synchronization Train Parameters (Octet 32 - Bit 0)
>> Remote OOB Extended Data Request Reply (Octet 32 - Bit 1)
>> Read Secure Connections Host Support (Octet 32 - Bit 2)
>> Write Secure Connections Host Support (Octet 32 - Bit 3)
>> Read Authenticated Payload Timeout (Octet 32 - Bit 4)
>> Write Authenticated Payload Timeout (Octet 32 - Bit 5)
>> Read Local OOB Extended Data (Octet 32 - Bit 6)
>> Write Secure Connections Test Mode (Octet 32 - Bit 7)
>> LE Remote Connection Parameter Request Reply (Octet 33 - Bit 4)
>> LE Remote Connection Parameter Request Negative Reply (Octet 33 - Bit 5)
>> LE Set Data Length (Octet 33 - Bit 6)
>> LE Read Suggested Default Data Length (Octet 33 - Bit 7)
>> LE Write Suggested Default Data Length (Octet 34 - Bit 0)
>> LE Read Local P-256 Public Key (Octet 34 - Bit 1)
>> LE Generate DHKey (Octet 34 - Bit 2)
>> LE Add Device To Resolving List (Octet 34 - Bit 3)
>> LE Remove Device From Resolving List (Octet 34 - Bit 4)
>> LE Clear Resolving List (Octet 34 - Bit 5)
>> LE Read Resolving List Size (Octet 34 - Bit 6)
>> LE Read Peer Resolvable Address (Octet 34 - Bit 7)
>> LE Read Local Resolvable Address (Octet 35 - Bit 0)
>> LE Set Address Resolution Enable (Octet 35 - Bit 1)
>> LE Set Resolvable Private Address Timeout (Octet 35 - Bit 2)
>> LE Read Maximum Data Length (Octet 35 - Bit 3)
>> Octet 35 - Bit 4
>> Octet 35 - Bit 5
>> Octet 35 - Bit 6
>> Octet 35 - Bit 7
>> Octet 36 - Bit 0
>> Octet 36 - Bit 1
>> Octet 36 - Bit 2
>> Octet 36 - Bit 3
>> Octet 36 - Bit 4
>> Octet 36 - Bit 5
>> Octet 36 - Bit 6
>> Octet 36 - Bit 7
>> Octet 37 - Bit 0
>> Octet 37 - Bit 1
>> Octet 37 - Bit 2
>> Octet 37 - Bit 3
>> Octet 37 - Bit 4
>> Octet 37 - Bit 5
>> Octet 37 - Bit 6
>> Octet 37 - Bit 7
>> Octet 38 - Bit 0
>> Octet 38 - Bit 1
>> Octet 38 - Bit 2
>> Octet 38 - Bit 3
>> Octet 38 - Bit 4
>> Octet 38 - Bit 5
>> Octet 38 - Bit 6
>> Octet 38 - Bit 7
>> Octet 39 - Bit 0
>> Octet 39 - Bit 1
>> Octet 39 - Bit 2
>> Octet 39 - Bit 3
>> Octet 39 - Bit 4
>> Octet 39 - Bit 5
>> Octet 39 - Bit 6
>> Octet 39 - Bit 7
>> Octet 40 - Bit 0
>> Octet 40 - Bit 1
>> Octet 40 - Bit 2
>> Octet 40 - Bit 3
>> Octet 40 - Bit 4
>> Octet 40 - Bit 5
>> Octet 40 - Bit 6
>> Octet 40 - Bit 7
>> Octet 41 - Bit 0
>> Octet 41 - Bit 1
>> Octet 41 - Bit 2
>> Octet 41 - Bit 3
>> Octet 41 - Bit 5
>> Octet 41 - Bit 6
>> Octet 41 - Bit 7
>> Octet 42 - Bit 0
>> Octet 42 - Bit 1
>> Octet 42 - Bit 2
>> Octet 42 - Bit 3
>> Octet 42 - Bit 4
>> Octet 42 - Bit 5
>> Octet 42 - Bit 6
>> Octet 42 - Bit 7
>> Octet 43 - Bit 0
>> Octet 43 - Bit 1
>> Octet 43 - Bit 2
>> Octet 43 - Bit 3
>> Octet 43 - Bit 4
>> Octet 43 - Bit 5
>> Octet 43 - Bit 6
>> Octet 43 - Bit 7
>> Octet 44 - Bit 0
>> Octet 44 - Bit 1
>> Octet 44 - Bit 2
>> Octet 44 - Bit 3
>> Octet 44 - Bit 4
>> Octet 44 - Bit 5
>> Octet 44 - Bit 6
>> Octet 44 - Bit 7
>> Octet 45 - Bit 0
>> Octet 45 - Bit 1
>> Octet 45 - Bit 2
>> Octet 45 - Bit 3
>> Octet 45 - Bit 4
>> Octet 45 - Bit 5
>> Octet 45 - Bit 6
>> Octet 45 - Bit 7
>> Octet 46 - Bit 0
>> Octet 46 - Bit 1
>
> you might want to use a recent btmon. However can you show how the Read Default Erroneous Data Reporting is failing? It sounds like this hardware is fundamentally broken.
>
# hcitool -i hci0 cmd 0x03 0x5a
< HCI Command: ogf 0x03, ocf 0x005a, plen 0
> HCI Event: 0x0e plen 4
01 5A 0C 01
btmon output:
@ RAW Open: hcitool (privileged) version 2.22 {0x0002} 331.950253
< HCI Command: Read Default Erroneous Data Reporting (0x03|0x005a) plen 0 #1 331.950535
> HCI Event: Command Complete (0x0e) plen 4 #2 331.951421
Read Default Erroneous Data Reporting (0x03|0x005a) ncmd 1
Status: Unknown HCI Command (0x01)
@ RAW Close: hcitool
> Regards
>
> Marcel
>
Powered by blists - more mailing lists