-
-
Save zang74/c3e0507e1bee3beba0855693e84c52bf to your computer and use it in GitHub Desktop.
Fix for CSR Dongle 0a12:0001 ID 0a12:0001 Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env sh | |
| set -e | |
| function info { | |
| GREEN="\033[1;32m" | |
| RESET="\033[0m" | |
| echo -e "$GREEN==> $@$RESET" | |
| } | |
| version="${1:-$(uname -r | cut -d'-' -f1)}" | |
| extra="${2:-$(uname -r | cut -d'-' -f2-)}" | |
| fullversion="$version-$extra" | |
| modules=( | |
| 'drivers/bluetooth:btusb' | |
| 'net/bluetooth:bluetooth' | |
| ) | |
| info Making patch for kernel $fullversion | |
| name="linux-$version" | |
| archive="$name.tar.xz" | |
| info Downloading kernel $name | |
| wget -c https://cdn.kernel.org/pub/linux/kernel/v5.x/$archive -O $archive | |
| info Extracting $archive | |
| tar -xJf $archive | |
| info Setting up kernel config | |
| make -C $name mrproper | |
| cp /usr/lib/modules/$fullversion/build/.config $name/ | |
| cp /usr/lib/modules/$fullversion/build/Module.symvers $name/ | |
| make -C $name oldconfig | |
| info Applying CSR dongle fix | |
| patch -p1 -d $name < fix_csr_dongle.patch | |
| info Preparing kernel modules | |
| make -C $name EXTRAVERSION=-$extra modules_prepare | |
| for module in "${modules[@]}" ; do | |
| module_path=${module%%:*} | |
| module_name=${module#*:} | |
| info Making $module_name kernel module | |
| make -C $name M=$module_path | |
| info Compressing $module_path/$module_name.ko kernel module | |
| xz $name/$module_path/$module_name.ko | |
| done | |
| info Installing | |
| sudo mkdir -p /usr/lib/modules/$fullversion/updates | |
| for module in "${modules[@]}" ; do | |
| module_path=${module%%:*} | |
| module_name=${module#*:} | |
| info Installing $module_name kernel module | |
| sudo cp -f $name/$module_path/$module_name.ko.xz /usr/lib/modules/$fullversion/updates/$module_name.ko.xz | |
| done | |
| info Copying csr-bluetoothdongle.conf to /etc/modprobe.d/ with contents: | |
| cat csr-bluetoothdongle.conf | |
| sudo cp -f csr-bluetoothdongle.conf /etc/modprobe.d/99-csr-bluetoothdongle.conf | |
| info Running 'mkinitcpio' | |
| sudo mkinitcpio -p linux | |
| info Removing temp files | |
| rm -f $archive | |
| rm -rf $name | |
| info Now you can reboot to load patched kernel modules |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| options btusb reset=1 enable_autosuspend=0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c | |
| index 5f022e9cf..5b8cf9ba9 100644 | |
| --- a/drivers/bluetooth/btusb.c | |
| +++ b/drivers/bluetooth/btusb.c | |
| @@ -1720,6 +1720,7 @@ static int btusb_setup_csr(struct hci_dev *hdev) | |
| { | |
| struct hci_rp_read_local_version *rp; | |
| struct sk_buff *skb; | |
| + bool is_fake = false; | |
| BT_DBG("%s", hdev->name); | |
| @@ -1739,18 +1740,69 @@ static int btusb_setup_csr(struct hci_dev *hdev) | |
| rp = (struct hci_rp_read_local_version *)skb->data; | |
| - /* Detect controllers which aren't real CSR ones. */ | |
| + /* Detect a wide host of Chinese controllers that aren't CSR. | |
| + * | |
| + * Known fake bcdDevices: 0x0100, 0x0134, 0x1915, 0x2520, 0x7558, 0x8891 | |
| + * | |
| + * The main thing they have in common is that these are really popular low-cost | |
| + * options that support newer Bluetooth versions but rely on heavy VID/PID | |
| + * squatting of this poor old Bluetooth 1.1 device. Even sold as such. | |
| + * | |
| + * We detect actual CSR devices by checking that the HCI manufacturer code | |
| + * is Cambridge Silicon Radio (10) and ensuring that LMP sub-version and | |
| + * HCI rev values always match. As they both store the firmware number. | |
| + */ | |
| if (le16_to_cpu(rp->manufacturer) != 10 || | |
| - le16_to_cpu(rp->lmp_subver) == 0x0c5c) { | |
| + le16_to_cpu(rp->hci_rev) != le16_to_cpu(rp->lmp_subver)) | |
| + is_fake = true; | |
| + | |
| + /* Known legit CSR firmware build numbers and their supported BT versions: | |
| + * - 1.1 (0x1) -> 0x0073, 0x020d, 0x033c, 0x034e | |
| + * - 1.2 (0x2) -> 0x04d9, 0x0529 | |
| + * - 2.0 (0x3) -> 0x07a6, 0x07ad, 0x0c5c | |
| + * - 2.1 (0x4) -> 0x149c, 0x1735, 0x1899 (0x1899 is a BlueCore4-External) | |
| + * - 4.0 (0x6) -> 0x1d86, 0x2031, 0x22bb | |
| + * | |
| + * e.g. Real CSR dongles with LMP subversion 0x73 are old enough that | |
| + * support BT 1.1 only; so it's a dead giveaway when some | |
| + * third-party BT 4.0 dongle reuses it. | |
| + */ | |
| + else if (le16_to_cpu(rp->lmp_subver) <= 0x034e && | |
| + le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_1) | |
| + is_fake = true; | |
| + | |
| + else if (le16_to_cpu(rp->lmp_subver) <= 0x0529 && | |
| + le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_2) | |
| + is_fake = true; | |
| + | |
| + else if (le16_to_cpu(rp->lmp_subver) <= 0x0c5c && | |
| + le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_0) | |
| + is_fake = true; | |
| + | |
| + else if (le16_to_cpu(rp->lmp_subver) <= 0x1899 && | |
| + le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_1) | |
| + is_fake = true; | |
| + | |
| + else if (le16_to_cpu(rp->lmp_subver) <= 0x22bb && | |
| + le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_4_0) | |
| + is_fake = true; | |
| + | |
| + if (is_fake) { | |
| + bt_dev_warn(hdev, "CSR: Unbranded CSR clone detected; adding workarounds..."); | |
| + | |
| + /* Generally these clones have big discrepancies between | |
| + * advertised features and what's actually supported. | |
| + * Probably will need to be expanded in the future; | |
| + * without these the controller will lock up. | |
| + */ | |
| + set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); | |
| + set_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks); | |
| + | |
| /* Clear the reset quirk since this is not an actual | |
| * early Bluetooth 1.1 device from CSR. | |
| */ | |
| clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); | |
| - | |
| - /* These fake CSR controllers have all a broken | |
| - * stored link key handling and so just disable it. | |
| - */ | |
| - set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); | |
| + clear_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); | |
| } | |
| kfree_skb(skb); | |
| @@ -4001,11 +4053,13 @@ static int btusb_probe(struct usb_interface *intf, | |
| if (bcdDevice < 0x117) | |
| set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); | |
| + /* This must be set first in case we disable it for fakes */ | |
| + set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); | |
| + | |
| /* Fake CSR devices with broken commands */ | |
| - if (bcdDevice <= 0x100 || bcdDevice == 0x134) | |
| + if (le16_to_cpu(udev->descriptor.idVendor) == 0x0a12 && | |
| + le16_to_cpu(udev->descriptor.idProduct) == 0x0001) | |
| hdev->setup = btusb_setup_csr; | |
| - | |
| - set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); | |
| } | |
| if (id->driver_info & BTUSB_SNIFFER) { | |
| diff --git a/include/net/bluetooth/bluetooth.h b/include/net/bluetooth/bluetooth.h | |
| index 181900553..155019220 100644 | |
| --- a/include/net/bluetooth/bluetooth.h | |
| +++ b/include/net/bluetooth/bluetooth.h | |
| @@ -41,6 +41,8 @@ | |
| #define BLUETOOTH_VER_1_1 1 | |
| #define BLUETOOTH_VER_1_2 2 | |
| #define BLUETOOTH_VER_2_0 3 | |
| +#define BLUETOOTH_VER_2_1 4 | |
| +#define BLUETOOTH_VER_4_0 6 | |
| /* Reserv for core and drivers use */ | |
| #define BT_SKB_RESERVE 8 | |
| diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h | |
| index 16ab6ce87..1c321b6d1 100644 | |
| --- a/include/net/bluetooth/hci.h | |
| +++ b/include/net/bluetooth/hci.h | |
| @@ -227,6 +227,17 @@ enum { | |
| * supported. | |
| */ | |
| HCI_QUIRK_VALID_LE_STATES, | |
| + | |
| + /* When this quirk is set, then erroneous data reporting | |
| + * is ignored. This is mainly due to the fact that the HCI | |
| + * Read Default Erroneous Data Reporting command is advertised, | |
| + * but not supported; these controllers often reply with unknown | |
| + * command and tend to lock up randomly. Needing a hard reset. | |
| + * | |
| + * This quirk can be set before hci_register_dev is called or | |
| + * during the hdev->setup vendor callback. | |
| + */ | |
| + HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, | |
| }; | |
| /* HCI device flags */ | |
| diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c | |
| index dbe2d79f2..48d7c7e23 100644 | |
| --- a/net/bluetooth/hci_core.c | |
| +++ b/net/bluetooth/hci_core.c | |
| @@ -606,7 +606,8 @@ static int hci_init3_req(struct hci_request *req, unsigned long opt) | |
| if (hdev->commands[8] & 0x01) | |
| hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL); | |
| - if (hdev->commands[18] & 0x04) | |
| + if (hdev->commands[18] & 0x04 && | |
| + !test_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks)) | |
| hci_req_add(req, HCI_OP_READ_DEF_ERR_DATA_REPORTING, 0, NULL); | |
| /* Some older Broadcom based Bluetooth 1.2 controllers do not | |
| @@ -851,7 +852,8 @@ static int hci_init4_req(struct hci_request *req, unsigned long opt) | |
| /* Set erroneous data reporting if supported to the wideband speech | |
| * setting value | |
| */ | |
| - if (hdev->commands[18] & 0x08) { | |
| + if (hdev->commands[18] & 0x08 && | |
| + !test_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks)) { | |
| bool enabled = hci_dev_test_flag(hdev, | |
| HCI_WIDEBAND_SPEECH_ENABLED); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment