[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bluetooth-dev] Re: Bluetooth and USB - buffer overflow problem




The USB driver has a limitation on EVENT packet sizes.  It is
MAX_EVENT_SIZE + EVENT_HDR_SIZE which is 0xFF+3 

It also has a limitation on ACL packet sizes of MAX_ACL_SIZE +
ACL_HDR_SIZE which is 0xFFFF+5.  So it doesn't have a limit of 255 on the
bulk IN pipe.

As for the bulk OUT pipe there is no limit since it doesn't buffer
outgoing data.  This means it is "probably" a problem with the stack/hw.

This error message is bad:

> Nov 13 11:46:09 moose kernel: bluetooth.c: bluetooth_int_callback - packet
> was too long

When the USB driver receives a packet it reads the length of the packet
from the header.  This allows it to insert packet type indicators before
each full packet.  That is the emulation of the UART/serial protocol.

So first the driver sets a counter to the packet size, then decrements it
by the amount of data in each packet.  If the packet is not complete it
copies the data into a buffer and then waits for the rest.  It DOES ASSUME
that multiple event/acl packets will not be packed together into one USB
packet.

Can you turn debugging on in the USB driver and then do this again?  That
will gives us a better idea of what the hw is giving us.


If it is a mangled packet from the HW then it could be caused by your ACL
data being too long.  The stack typically gets the buffer size from the
hardware during initialization.  The stack also has a set of defaults that
it may be using. Check through the log and see if the hardware is
reporting it's buffer size and see what it is.  Then trace through the
code and find out if it is setting it wrong in the stack.

Good luck!


> I have a USB Bluetooth device connected to another Bluetooth device and am
> using PPP overtop the wireless link.  I am trying to send a web page from
> the USB device to the second BT device and part of the webpage is sent,
> then transmission stops due to the Ericsson hardware crashing (Rev P9A):
> The AXIS stack is running on the USB-BT device.  Below is a dump when
> things go "bad".  For some reason, an HCI buffer of size 1272 bytes is
> created.  The max size of an ACL buffer on my HW is 800 bytes.
> One or more things are going wrong:
> 
> 1) The AXIS stack is not dividing the HCI stream into sizes smaller
> than the max ACL buffersize (in my case 800 bytes).
> 2) The Linux USB Bluetooth driver cannot handle a buffer greater than 255
> data bytes.
> 3) ????
> 
> Any idea where to start?  Any known problems/limitations in these
> areas?  I'll start digging....
> I guess my max ACL buffersize using USB-BT is really 255 bytes....
> 
> Thanks for any help you can give me,
> Craig Gwydir
> 
> Nov 13 11:46:08 moose kernel: HCI: send_acl_packet: unsubscribing tx_buf.
> Nov 13 11:46:08 moose kernel: HCI: hci_send_data: 52 bytes
> Nov 13 11:46:08 moose kernel: HCI: -->81 (0)
> Nov 13 11:46:08 moose kernel: HCI: hci_send_data: 24 bytes
> Nov 13 11:46:08 moose kernel: HCI: -->134 (0)
> Nov 13 11:46:08 moose kernel: HCI: hci_send_data: 69 bytes
> Nov 13 11:46:08 moose kernel: HCI: -->232 (0)
> Nov 13 11:46:08 moose kernel: HCI: hci_send_data: 107 bytes
> Nov 13 11:46:08 moose kernel: HCI: -->368 (0)
> Nov 13 11:46:08 moose kernel: VFS: Disk change detected on device ide1(22,0)
> Nov 13 11:46:09 moose kernel: HCI: hci_send_data: 109 bytes
> Nov 13 11:46:09 moose kernel: HCI: -->506 (0)
> Nov 13 11:46:09 moose kernel: bluetooth.c: bluetooth_int_callback - packet
> was too long
> Nov 13 11:46:09 moose kernel: HCI: hci_send_data: 135 bytes
> Nov 13 11:46:09 moose kernel: HCI: -->670 (0)
> Nov 13 11:46:09 moose kernel: HCI: hci_send_data: 131 bytes
> Nov 13 11:46:09 moose kernel: HCI: -->830 (0)
> Nov 13 11:46:09 moose kernel: HCI: hci_send_data: 135 bytes
> Nov 13 11:46:09 moose kernel: HCI: -->994 (0)
> Nov 13 11:46:09 moose kernel: HCI: hci_send_data: 131 bytes
> Nov 13 11:46:09 moose kernel: HCI: -->1154 (0)
> Nov 13 11:46:09 moose kernel: HCI: hci_send_data: 89 bytes
> Nov 13 11:46:09 moose kernel: HCI: -->1272 (0)
> Nov 13 11:46:09 moose kernel:
> Nov 13 11:46:09 moose kernel: hci_receive_data :  (11)
> Nov 13 11:46:09 moose kernel:    0x04 0xff 0x08 0x04 0x00 0x04 0x00 0x00
> 0x01 0x8f 0x00
> Nov 13 11:46:09 moose kernel: hci-11
> Nov 13 11:46:09 moose kernel: HCI: hci_receive_data: WAIT_FOR_PACKET_TYPE
> Nov 13 11:46:09 moose kernel: HCI: hci_receive_data: WAIT_FOR_EVENT_TYPE
> Nov 13 11:46:09 moose kernel: HCI: hci_receive_data: WAIT_FOR_EVENT_LENGTH
> Nov 13 11:46:09 moose kernel:
> Nov 13 11:46:09 moose kernel: process_event:  (8)
> Nov 13 11:46:09 moose kernel:    0x04 0x00 0x04 0x00 0x00 0x01 0x8f 0x00
> Nov 13 11:46:09 moose kernel: HCI: process_event: DIGIANSWER EVENT
> Nov 13 11:46:09 moose kernel: Unkown error digianswer code
> Nov 13 11:46:09 moose kernel: hci_receive_data :  (11)
> Nov 13 11:46:09 moose kernel:    0x04 0xff 0x08 0x04 0x00 0x04 0x00 0x00
> 0x0e 0x94 0x00
> 

----                                                                   
Mark Corner                                      
mcorner@xxxxxxx.edu

-
To unsubscribe from this list: send the line "unsubscribe bluetooth-dev" in
the body of a message to majordomo@xxxxxxx.com