linux/drivers/bluetooth
Kuba Pawlak 8f9d02f470 Bluetooth: Remove SCO fragments on connection close
SCO packet reassembler may have a fragment of SCO packet, from
previous connection, cached and not removed when SCO connection
is ended. Packets from new SCO connection are then going to be
attached to that fragment, creating an invalid SCO packets.

Controllers like Intel's WilkinsPeak are always fragmenting
SCO packet into 3 parts (#1, #2, #3). Packet #1 contains
SCO header and audio data, others just audio data. if there is
a fragment cached from previous connection, i.e. #1, first
SCO packet from new connection is going to be attached to it
creating packet consisting of fragments #1-#1-#2. This will
be forwarded to upper layers. After that, fragment #3 is going
to be used as a starting point for another SCO packet.
It does not contain a SCO header, but the code expects it,
casts a SCO header structure on it, and reads whatever audio
data happens to be there as SCO packet length and handle.
From that point on, we are assembling random data into SCO
packets. Usually it recovers quickly as initial audio data
contains mostly zeros (muted stream), but setups of over
4 seconds were observed.
Issue manifests itself by printing on the console:
Bluetooth: hci0 SCO packet for unknown connection handle 48
Bluetooth: hci0 SCO packet for unknown connection handle 2560
Bluetooth: hci0 SCO packet for unknown connection handle 12288
It may also show random handles if audio data was non-zeroed.
Hcidump shows SCO packets with random length and handles.

Few messages with handle 0 at connection creation are OK
for some controllers (like WilkinsPeak), as there are SCO packets
with zeroed handle at the beginning (possible controller bug).
Few of such messages at connection end, with a handle looking
sane (around 256, 512, 768 ...) is also OK, as these are last
SCO packets that were assembled and sent up, before connection
was ended, but were not handled in time.

This issue may still manifest itself on WilkinsPeak as it sometimes,
at SCO connection creation, does not send third fragment of first
SCO packet (#1-#2-#1-#2-#3...). This is a firmware bug and this
patch does not address it.

Signed-off-by: Kuba Pawlak <kubax.t.pawlak@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2015-09-17 13:20:06 +02:00
..
ath3k.c Bluetooth: ath3k: Add support of 04ca:300d AR3012 device 2015-06-18 21:00:06 +03:00
bcm203x.c Bluetooth: Use devm_kzalloc in bcm203x.c file. 2012-08-06 15:03:00 -03:00
bfusb.c Bluetooth: bfusb: Coding style fix reported by coccinelle 2015-07-23 17:10:49 +02:00
bluecard_cs.c Bluetooth: Remove typedef bluecard_info_t 2014-08-14 08:49:25 +02:00
bpa10x.c Bluetooth: Declare bpa10x_table[] as const 2013-10-11 17:05:22 +02:00
bt3c_cs.c Bluetooth: bt3c_cs: Fix coding style 2015-07-23 17:10:50 +02:00
btbcm.c Bluetooth: btbcm: Add BCM4330B1 UART device 2015-07-30 13:18:08 +02:00
btbcm.h Bluetooth: btbcm: Support the BCM4354 Bluetooth UART device 2015-06-17 18:56:53 +02:00
btintel.c Bluetooth: btintel: Add Device Configuration support 2015-09-17 13:20:05 +02:00
btintel.h Bluetooth: btintel: Add Device Configuration support 2015-09-17 13:20:05 +02:00
btmrvl_debugfs.c Bluetooth: btmrvl add firmware dump support 2014-12-03 17:35:51 +01:00
btmrvl_drv.h Bluetooth: btmrvl: Coding style Fix for btmrvl header 2015-07-27 10:30:32 +03:00
btmrvl_main.c Bluetooth: btmrvl: skb resource leak, and double free. 2015-09-17 13:20:02 +02:00
btmrvl_sdio.c Bluetooth: btmrvl: change device pointer passed to dev_coredumpv 2015-08-28 21:00:36 +02:00
btmrvl_sdio.h Bluetooth: btmrvl add firmware dump support 2014-12-03 17:35:51 +01:00
btqca.c Bluetooth: btqca: Introduce generic QCA ROME support 2015-08-10 23:52:20 +02:00
btqca.h Bluetooth: btqca: Introduce generic QCA ROME support 2015-08-10 23:52:20 +02:00
btrtl.c Bluetooth: btrtl: Create separate module for Realtek BT driver 2015-05-14 12:04:12 +02:00
btrtl.h Bluetooth: btrtl: Create separate module for Realtek BT driver 2015-05-14 12:04:12 +02:00
btsdio.c Bluetooth: Use MD SET register for changing SDIO Type-B to Type-A 2013-12-29 21:31:07 +02:00
btuart_cs.c Bluetooth: Remove typedef btuart_info_t 2014-08-14 08:49:25 +02:00
btusb.c Bluetooth: Remove SCO fragments on connection close 2015-09-17 13:20:06 +02:00
btwilink.c Bluetooth: btwilink: remove DEBUG define 2015-05-13 23:00:51 +02:00
dtl1_cs.c Bluetooth: dtl1_cs: Fixed coding style 2015-07-23 17:10:49 +02:00
hci_ath.c Bluetooth: hci_uart: Fix dereferencing of ERR_PTR 2015-06-17 14:21:08 +02:00
hci_bcm.c Bluetooth: hci_bcm: Add wake-up capability 2015-09-17 13:20:06 +02:00
hci_bcsp.c Bluetooth: hci_bcsp: Clean up code Fix 2015-06-09 13:59:09 +02:00
hci_h4.c Bluetooth: hci_uart: Fix zero len data packet reception issue 2015-08-28 21:00:37 +02:00
hci_h5.c Bluetooth: hci_h5: Cleaned up coding style warnings 2015-07-27 10:30:42 +03:00
hci_intel.c Bluetooth: hci_intel: Enable IRQ wake capability 2015-09-17 13:20:06 +02:00
hci_ldisc.c Bluetooth: hciuart: Add support QCA chipset for UART 2015-08-10 23:52:20 +02:00
hci_ll.c Bluetooth: hci_uart: Remove the manual protocol init message 2015-04-07 18:47:10 +02:00
hci_qca.c Bluetooth: hci_qca: Fix a few tab vs spaces issues 2015-09-17 13:20:01 +02:00
hci_uart.h Bluetooth: hciuart: Add support QCA chipset for UART 2015-08-10 23:52:20 +02:00
hci_vhci.c Bluetooth: vhci: Clean up coding style fix 2015-06-04 10:02:04 +07:00
Kconfig Bluetooth: hciuart: Add support QCA chipset for UART 2015-08-10 23:52:20 +02:00
Makefile Bluetooth: hciuart: Add support QCA chipset for UART 2015-08-10 23:52:20 +02:00