From: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
To: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
Cc: linux-bluetooth@vger.kernel.org
Subject: Re: [PATCH v2] Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames
Date: Tue, 26 Aug 2025 15:31:56 -0400 [thread overview]
Message-ID: <CABBYNZJ7kbHJ665-rsKQTfP_U=pfBwAPrGki7JSBpF7+wiXung@mail.gmail.com> (raw)
In-Reply-To: <20250826170314.352122-1-arkadiusz.bokowy@gmail.com>
Hi Arkadiusz,
On Tue, Aug 26, 2025 at 1:03 PM Arkadiusz Bokowy
<arkadiusz.bokowy@gmail.com> wrote:
>
> Some Barrot based USB Bluetooth dongles erroneously send one extra
> random byte for the HCI_OP_READ_LOCAL_EXT_FEATURES command. The
> consequence of that is that the next HCI transfer is misaligned by one
> byte causing undefined behavior. In most cases the response event for
> the next command fails with random error code.
>
> Since the HCI_OP_READ_LOCAL_EXT_FEATURES command is used during HCI
> controller initialization, the initialization fails rendering the USB
> dongle not usable.
>
> > [59.464099] usb 1-1.3: new full-speed USB device number 11 using xhci_hcd
> > [59.561617] usb 1-1.3: New USB device found, idVendor=33fa, idProduct=0012, bcdDevice=88.91
> > [59.561642] usb 1-1.3: New USB device strings: Mfr=0, Product=2, SerialNumber=0
> > [59.561656] usb 1-1.3: Product: UGREEN BT6.0 Adapter
> > [61.720116] Bluetooth: hci1: command 0x1005 tx timeout
> > [61.720167] Bluetooth: hci1: Opcode 0x1005 failed: -110
>
> This patch was tested with the 33fa:0012 device. Now the device is
> initialized properly:
I'm trying to find any entry with 0x33fa but I couldn't find any, we
probably want to include the Fixes tag to the commit that introduces
support for it.
>
> > [43.329852] usb 1-1.4: new full-speed USB device number 4 using dwc_otg
> > [43.446790] usb 1-1.4: New USB device found, idVendor=33fa, idProduct=0012, bcdDevice=88.91
> > [43.446813] usb 1-1.4: New USB device strings: Mfr=0, Product=2, SerialNumber=0
> > [43.446821] usb 1-1.4: Product: UGREEN BT6.0 Adapter
> > [43.582024] Bluetooth: hci1: Unexpected continuation: 1 bytes
> > [43.703025] Bluetooth: hci1: Unexpected continuation: 1 bytes
> > [43.750141] Bluetooth: MGMT ver 1.23
>
> Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
> Tested-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
> ---
> drivers/bluetooth/btusb.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
> index 8085fabad..24a249d1c 100644
> --- a/drivers/bluetooth/btusb.c
> +++ b/drivers/bluetooth/btusb.c
> @@ -1192,6 +1192,18 @@ static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count)
> }
>
> if (!hci_skb_expect(skb)) {
> + /* Each chunk should correct to at least 1 or more
> + * events so if there are still bytes left that doesn't
> + * constitute a new event this is likely a bug in the
> + * controller.
> + */
> + if (count && count < HCI_EVENT_HDR_SIZE) {
> + bt_dev_warn(data->hdev,
> + "Unexpected continuation: %d bytes",
> + count);
> + count = 0;
> + }
> +
> /* Complete frame */
> btusb_recv_event(data, skb);
> skb = NULL;
> --
> 2.47.2
>
>
--
Luiz Augusto von Dentz
next prev parent reply other threads:[~2025-08-26 19:32 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-25 17:25 [PATCH] Bluetooth: btusb: Fixup quirk for reading ext features on some Barrot controllers Arkadiusz Bokowy
2025-08-25 17:44 ` Paul Menzel
2025-08-25 17:59 ` bluez.test.bot
2025-08-25 18:32 ` [PATCH] " Luiz Augusto von Dentz
2025-08-25 18:49 ` Arkadiusz Bokowy
2025-08-25 18:56 ` Luiz Augusto von Dentz
2025-08-25 19:37 ` Arkadiusz Bokowy
2025-08-25 20:08 ` Luiz Augusto von Dentz
2025-08-25 20:16 ` Arkadiusz Bokowy
2025-08-26 4:44 ` Arkadiusz Bokowy
2025-08-26 13:45 ` Luiz Augusto von Dentz
2025-08-26 16:23 ` Arkadiusz Bokowy
2025-08-26 16:36 ` Luiz Augusto von Dentz
2025-08-26 17:03 ` [PATCH v2] Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames Arkadiusz Bokowy
2025-08-26 17:33 ` [v2] " bluez.test.bot
2025-08-26 19:31 ` Luiz Augusto von Dentz [this message]
2025-08-27 13:42 ` [PATCH v2] " Luiz Augusto von Dentz
2025-08-27 15:02 ` Arkadiusz Bokowy
2025-08-27 15:20 ` Luiz Augusto von Dentz
2025-08-27 16:40 ` [PATCH v3] " Arkadiusz Bokowy
2025-08-27 17:05 ` [v3] " bluez.test.bot
2025-08-27 6:03 ` [PATCH v2] " Paul Menzel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CABBYNZJ7kbHJ665-rsKQTfP_U=pfBwAPrGki7JSBpF7+wiXung@mail.gmail.com' \
--to=luiz.dentz@gmail.com \
--cc=arkadiusz.bokowy@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).